1、重启一个项目
2、构建代码
urls:
from django.conf.urls import url
from django.contrib import admin
from app01 import views
urlpatterns = [
url(r'^admin/', admin.site.urls),
url(r'login/', views.login, name='login'),
url(r'home/', views.home, name='home'),
url(r'index/', views.index, name='index'),
]
views:
from django.shortcuts import render, redirect
# Create your views here.
def login(request):
if request.method == 'POST':
username = request.POST.get('username')
password = request.POST.get('password')
if username == 'dong' and password == '123':
request.session['user'] = username
return redirect('home')
else:
return redirect('login')
return render(request, 'login.html')
def home(request):
u_name = request.session.get('user')
if uname:
return render(request, 'home.html', {'u_name': uname})
return redirect('login')
html:
login.html:
3、中间件的身份认证
-
配置中间件
from django.utils.deprecation import MiddlewareMixin
from django.shortcuts import redirect, HttpResponse
class AuthSession(MiddlewareMixin):
def process_request(self, request):
if request.session.get('user'):
return
else:
return redirect('login')
def process_response(self, request, response):
print('响应来了')
return response如果这样构建,第⼀次请求login⻚⾯时,你都没有登录,你的session⾥⾯什么键值对没有, 就要执⾏else重定向login,请求经历七个中间件,到你的authsession中间件时,⼜要判断, session还是什么都没有,⼜要重定向login。。。。。。。。
from django.utils.deprecation import MiddlewareMixin
from django.shortcuts import redirect, HttpResponse
class AuthSession(MiddlewareMixin):
print(request.path)
def process_request(self, request):
if request.path == '/login/':
return
elif request.session.get('user'):
return
else:
return redirect('login')
def process_response(self, request, response):
print('响应来了')
return response
我们完成了需求,但是有些改进的地方:
'/login/'路径写死了,如果登录的路径改名字,我们还要手动去改动,没有拓展性。
if条件与elif条件可以合并:
from django.utils.deprecation import MiddlewareMixin
from django.shortcuts import redirect, HttpResponse
class AuthSession(MiddlewareMixin):
print(request.path)
def process_request(self, request):
if request.path == reverse('login') or request.session.get('user'):
return
else:
return redirect('login')
def process_response(self, request, response):
print('响应来了')
return response这样的就⾏了么?⼀个⽹站的所有⻚⾯必须是都登陆成功的状态下,才可以访问么?淘宝有 些⻚⾯是必须登录的,有些⻚⾯是不⽤登录的。
我们可以制作⽩名单: ⽩名单:屏幕掉所有请求,但是只是允许少数指定的请求通过。 ⿊名单:可以通过所有的请求,但是只是屏蔽少数指定的请求。
from django.utils.deprecation import MiddlewareMixin
from django.shortcuts import redirect, HttpResponse, reverse
class AuthSession(MiddlewareMixin):
def process_request(self, request):
# print(request.path)
# 制作⽩名单
white_list = [reverse('login'), reverse('index')]
# 制作⼀个⿊名单
black_list = [reverse('black')]
if request.path in black_list:
return HttpResponse('你⽆权访问')
elif request.path in white_list or request.session.get('user'):
return
else:
return redirect('login')
def process_response(self, request, response):
print('响应来了')
return response
中间件的其他方法
中间件也就是定制一个类,这个类可以定义5种方法,最常用的就是之前将的process_request、process_response,剩下还有三种方法不常用,我们以了解为主,主要记住他的执行流程即可
-
process_view
process_view(self, request, view_func, view_args, view_kwargs)
该⽅法有四个参数
request:是HttpRequest对象。
view_func:是Django即将使⽤的视图函数。(它是实际的函数对象,⽽不是函数的 名称作为字符串)
view_args:是将传递给视图的位置参数的列表.
view_kwargs: 是将传递给视图的关键字参数的字典。 view_args和view_kwargs都不 包含第⼀个视图参数(request)。
Django会在调⽤视图函数之前调⽤process_view⽅法。
-
执行流程
-
研究流程
class MD1(MiddlewareMixin):
def process_request(self,request):
print('MD1的process_request⽅法')
def process_view(self, request, view_func, view_args,
view_kwargs):
print('MD1的process_view⽅法')
# print(view_func)
# print(view_args)
# print(view_func.__name__)
# return HttpResponse('直接截胡')
def process_exception(self, request, exception):
print(exception)
print("MD1 中的process_exception")
def process_response(self, request, response):
print('MD1的process_response⽅法')
return response
class MD2(MiddlewareMixin):
def process_request(self,request):
print('MD2的process_request⽅法')
def process_view(self, request, view_func, view_args,
view_kwargs):
print('MD2的process_view⽅法')
# print(view_func)
# print(view_args)
# print(view_func.__name__)
def process_exception(self, request, exception):
print(exception)
print("MD2 中的process_exception")
def process_response(self, request, response):
print('MD2的process_response⽅法')
return response -
process_template_response
这个⽅法⼏乎不⽤。这个需要你特殊构造⼀下你的views函数。这个⽅法⾮常尬。
class MD1(MiddlewareMixin): def process_request(self,request): print('MD1的process_request⽅法') def process_view(self, request, view_func, view_args, view_kwargs): print('MD1的process_view⽅法') # print(view_func) # print(view_args) # print(view_func.__name__) # return HttpResponse('直接截胡') def process_exception(self, request, exception): print(exception) print("MD1 中的process_exception") def process_template_response(self, request, response): print("MD1 中的process_template_response") return response def process_response(self, request, response): print('MD1的process_response⽅法') return response class MD2(MiddlewareMixin): def process_request(self,request): print('MD2的process_request⽅法') def process_view(self, request, view_func, view_args, view_kwargs): print('MD2的process_view⽅法') # print(view_func) # print(view_args) # print(view_func.__name__) def process_exception(self, request, exception): print(exception) print("MD2 中的process_exception") def process_template_response(self, request, response): print("MD2 中的process_template_response") return response def process_response(self, request, response): print('MD2的process_response⽅法') return response views: def index(request,num): print('in view视图函数的 index') # raise ValueError('index 出错了!!!') def render(): print('这是render⽅法') return HttpResponse('特殊的render⽅法') ret = HttpResponse('index⻚⾯') ret.render = render return ret
中间件的应用
-
身份认证
-
IP访问限制
-