RTF使用django-auditlog未记录actor
django-auditlog,很方便的一个第三方库,使用方法可以参考官方文档
一般用来做django的auditlog系统,但我后台用的rest_framework,发现表中未记录到actor_id,也就是用户,全是空的,管理页面也就全显示SYSTEM。
github上找到的两个较为简单的解决方案,写一个自定义的中间件,代码如下:
- 自定义认证中间件
from rest_framework_simplejwt.authentication import JWTAuthentication
from django.contrib.auth.middleware import AuthenticationMiddleware
from django.contrib.auth.middleware import get_user
from django.utils.functional import SimpleLazyObject
class JWTAuthenticationMiddleware(AuthenticationMiddleware):
def process_request(self, request):
super().process_request(request)
request.user = SimpleLazyObject(
lambda: self.__class__.get_jwt_user(request))
@staticmethod
def get_jwt_user(request):
user = get_user(request)
if user.is_authenticated:
return user
jwt_authentication = JWTAuthentication()
if jwt_authentication.get_header(request):
try:
user, jwt = jwt_authentication.authenticate(request)
except Exception as e:
print(e)
return user
我用的是JWTAuthentication,如果用其他的认证方案,get_jwt_user函数需要做对应改动。
django配置:
MIDDLEWARE = [
***
'django.middleware.csrf.CsrfViewMiddleware',
# 'django.contrib.auth.middleware.AuthenticationMiddleware',
'myapp.middleware.JWTAuthenticationMiddleware',
***
'auditlog.middleware.AuditlogMiddleware',
]
# REST_FRAMEWORK配置
REST_FRAMEWORK = {
***
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework_simplejwt.authentication.JWTAuthentication',
'rest_framework.authentication.SessionAuthentication',
'rest_framework.authentication.BasicAuthentication',
),
***
特别要注意的是JWTAuthentication需要在SessionAuthentication前面加载,否则SessionAuthentication中会调用csrf检查,不影响接口调用,但前端调用时会抛csrf认证错误。
- 自定义日志中间件
from django.utils.functional import SimpleLazyObject
from auditlog.context import set_actor
from auditlog.middleware import AuditlogMiddleware as _AuditlogMiddleware
class AuditlogMiddleware(_AuditlogMiddleware):
def __call__(self, request):
remote_addr = self._get_remote_addr(request)
user = SimpleLazyObject(lambda: getattr(request, "user", None))
context = set_actor(actor=user, remote_addr=remote_addr)
with context:
return self.get_response(request)
setting中的AuditlogMiddleware替换为自定义中间件就可以了