Django rest farmwork(一)
参考链接
https://www.cnblogs.com/wupeiqi/articles/7805382.html
CBV 规范
url(r'^rest1/',restView.Restful_1.as_view() ,name="restful1"),
class A(View):
def get(self,request,*args,**kwargs):
pass
def post(self,request,*args,**kwargs):
pass
2.继承,多个CBV公用同一个功能的时候,为了避免重复比编写,可以继承同一个类
class MybasicClass(object):
def dispatch(self, request, *args, **kwargs):
print("basiclass before")
return super(MybasicClass, self).dispatch(request, *args, **kwargs)
#这里的super(mybasicclass,self)的意思不是指MybasicCLass的这个类的父类或者基类,而是指调用self这个对象的父类,或者基类。
class Restful_1(MybasicClass, View):
def get(self, request, *args, **kwargs):
return HttpResponse(json.dumps('get'))
def post(self, request):
return HttpResponse(json.dumps("Post"))
class Restful_2(View, MybasicClass):
def get(self, request, *args, **kwargs):
return HttpResponse(json.dumps('get'))
def post(self, request):
return HttpResponse(json.dumps("Post"))
中间件:可以定制五种方法:
process_request(self,request)
process_view(self, request, callback, callback_args, callback_kwargs)
process_template_response(self,request,response)
process_exception(self, request, exception)
process_response(self, request, response)
基于process_view实现的csrf验证,(1,检查是否用@csrf_exempt或者csrf_protext来装饰,2,去cookie中取csrf_token)
Csrf
1.如果setting中启用了csrf的话,那么可以用csrf_exempt来取消用csrf
2.如果setting中没有启用csrf的话,可以用csrf_protect来启用
from django.views.decorators.csrf import csrf_exempt,csrf_protect
django为用户实现防止跨站请求伪造的功能,通过中间件 django.middleware.csrf.CsrfViewMiddleware 来完成。而对于django中设置防跨站请求伪造功能有分为全局和局部。
全局:
中间件 django.middleware.csrf.CsrfViewMiddleware
局部:
@csrf_protect,为当前函数强制设置防跨站请求伪造功能,即便settings中没有设置全局中间件。
@csrf_exempt,取消当前函数防跨站请求伪造功能,即便settings中设置了全局中间件。
注:from django.views.decorators.csrf import csrf_exempt,csrf_protect
CBV做exempt,protect的时候装饰器需要用到method_decorator()并且指定的name是dispatch
from django.views.decorators.csrf import csrf_exempt,csrf_protect
from django.utils.decorators import method_decorator
@method_decorator(csrf_exempt,name='dispatch')
class Restful_1(View):
def get(self, request, *args, **kwargs):
return HttpResponse(json.dumps('get'))
def post(self, request):
return HttpResponse(json.dumps("Post"))
二、restuful建议(规范):
1.根据request.method不同,做出不同的操作,put,delete,get,post
```
#基于fbv
def order(request):
if request.method=="GET":
return HttpResponse('查')
if request.method == "DELETE":
return HttpResponse('删')
if request.method == "put":
return HttpResponse('更新')
if request.method == "post":
return HttpResponse('增')
#基于CBV
class order(VIEW)
def GET(self,request,*args,**kwargs):
return HttpResponse('’)
def PUT()
```
djangorestframework框架
pip install djangorestframework
认证:一、modeles.table.objects.update_or_created()用法
```
from django.shortcuts import HttpResponse
from django.http import JsonResponse
from django.views import View
from django.views.decorators.csrf import csrf_exempt, csrf_protect
from django.utils.decorators import method_decorator
import json
from rest_framework.views import APIView
# 基于认证
#创建md5
def token_md5(username):
import hashlib
import time
ctime = str(time.time())
token_a = hashlib.md5(bytes(username, encoding='utf-8'))
token_a.update(bytes(ctime, encoding='utf-8'))
return token_a.hexdigest()
from cmdb import models
#创建Authview类
class AuthView(APIView):
def post(self, request, *args, **kwargs):
ret = {'code': 1000, 'msg': None}
username = request._request.POST.get('username')
passwd = request._request.POST.get('passwd')
obj = models.User.objects.filter(username=username, passwd=passwd).first()
if not obj:
ret['code'] = 1001
ret['msg'] = "登录失败"
else:
token = token_md5(username)
ret['token'] = token
ret['code'] = 200
ret['msg'] = '登录成功'
# token数据中添加token随机字符串
#这个update_or_create()用法是知识点哦
co, created = models.UserToken.objects.update_or_create(user=obj, defaults={'token': token})
return JsonResponse(ret)
```
1.关于django-restful的认证
需求:有些api接口需要用户登录后才能够访问,所以需要去用户进行登录验证
1.创建两张表,user,user_token
2.用户登录后生成随机字符串,(token保存在数据库中)