drf(请求封装/认证/权限/节流)

其他 2019-11-20 21:01:08 阅读次数: 0

1.请求的封装

class HttpRequest(object):
    def __init__(self):
     pass
 
 @propery
 def GET(self):
  pass
 
 @propery
 def POST(self):
  pass
 
 @propery
 def body(self):
  pass

class Request(object):
 def __init__(self,request):
  self._request = request
 
 def data(self):
  if content-type == "application/json"
   reutrn json.loads(self._request.body.decode('urf-8'))
  elif content-type == "x-www-...":
   return self._request.POST
  
 def query_params(self):
  return self._reqeust.GET

req = HttpRequest()
request = Request(req)

request.data
request.query_prams
request._request.GET
request._request.POST
request._request.body

drf入口请求流程:

  • 路由

    urlpatterns = [
        url(r'^order/$', views.OrderView.as_view()),
    ]

  • 视图关系

    class View(object):
     @classonlymethod
        def as_view(cls, **initkwargs):
            def view(request, *args, **kwargs):
                return self.dispatch(request, *args, **kwargs)
            return view
     
    class APIView(View):
     
     @classmethod
        def as_view(cls, **initkwargs):
            view = super().as_view(**initkwargs)
            return csrf_exempt(view)
     def dispatch(self, request, *args, **kwargs):
            # 新request内部包含老request(_reuqest=老request)
            request = self.initialize_request(request, *args, **kwargs)
            self.request = request
            
            self.initial(request, *args, **kwargs)
            
            # 通过反射执行“get”方法,并传入新的request
            handler = getattr(self, request.method.lower())
            response = handler(request, *args, **kwargs) # get(requst)
            return self.response
        
    class OrderView(APIView):
     
        def get(self,request,*args,**kwargs):
            return Response('海狗')

     

2.版本

from django.conf.urls import url,include
from django.contrib import admin
from . import views
urlpatterns = [
    url(r'^order/$', views.OrderView.as_view()),
]
from rest_framework.views import APIView
from rest_framework.response import Response
from rest_framework.request import Request

class OrderView(APIView):
   def get(self,request,*args,**kwargs):
       print(request.version)
       print(request.versioning_scheme)
       return Response('...')

   def post(self,request,*args,**kwargs):
       return Response('post')

源码流程:



class APIView(View):
    versioning_class = api_settings.DEFAULT_VERSIONING_CLASS
    
 def dispatch(self, request, *args, **kwargs):
       
        # ###################### 第一步 ###########################
        """
       request,是django的request,它的内部有:request.GET/request.POST/request.method
       args,kwargs是在路由中匹配到的参数,如:
           url(r'^order/(\d+)/(?P<version>\w+)/$', views.OrderView.as_view()),
           http://www.xxx.com/order/1/v2/
       """
        self.args = args
        self.kwargs = kwargs

        """
       request = 生成了一个新的request对象,此对象的内部封装了一些值。
       request = Request(request)
           - 内部封装了 _request = 老的request
       """
        request = self.initialize_request(request, *args, **kwargs)
        self.request = request

        self.headers = self.default_response_headers  # deprecate?

        try:
            # ###################### 第二步 ###########################
            self.initial(request, *args, **kwargs)

            执行视图函数。。
 
 def initial(self, request, *args, **kwargs):
       
        # ############### 2.1 处理drf的版本 ##############
        version, scheme = self.determine_version(request, *args, **kwargs)
        request.version, request.versioning_scheme = version, scheme
  ...
        
    def determine_version(self, request, *args, **kwargs):
        if self.versioning_class is None:
            return (None, None)
        scheme = self.versioning_class() # obj = XXXXXXXXXXXX()
        return (scheme.determine_version(request, *args, **kwargs), scheme)
        
class OrderView(APIView):
    versioning_class = URLPathVersioning
    def get(self,request,*args,**kwargs):
        print(request.version)
        print(request.versioning_scheme)
        return Response('...')

    def post(self,request,*args,**kwargs):
        return Response('post')
class URLPathVersioning(BaseVersioning):
    """
   urlpatterns = [
       url(r'^(?P<version>[v1|v2]+)/users/$', users_list, name='users-list'),
       
   ]
   """
    invalid_version_message = _('Invalid version in URL path.')

    def determine_version(self, request, *args, **kwargs):
        version = kwargs.get(self.version_param, self.default_version)
        if version is None:
            version = self.default_version

        if not self.is_allowed_version(version):
            raise exceptions.NotFound(self.invalid_version_message)
        return version

使用(局部)

  • url中写version

    url(r'^(?P<version>[v1|v2]+)/users/$', users_list, name='users-list'),

  • 在视图中应用

    from rest_framework.views import APIView
    from rest_framework.response import Response
    from rest_framework.request import Request
    from rest_framework.versioning import URLPathVersioning


    class OrderView(APIView):

        versioning_class = URLPathVersioning
        def get(self,request,*args,**kwargs):
            print(request.version)
            print(request.versioning_scheme)
            return Response('...')

        def post(self,request,*args,**kwargs):
            return Response('post')

  • 在settings中配置

    REST_FRAMEWORK = {
        "PAGE_SIZE":2,
        "DEFAULT_PAGINATION_CLASS":"rest_framework.pagination.PageNumberPagination",
        "ALLOWED_VERSIONS":['v1','v2'],
        'VERSION_PARAM':'version'
    }

使用(全局)推荐

  • url中写version

    url(r'^(?P<version>[v1|v2]+)/users/$', users_list, name='users-list'),

    url(r'^(?P<version>\w+)/users/$', users_list, name='users-list'),

  • 在视图中应用

    from rest_framework.views import APIView
    from rest_framework.response import Response
    from rest_framework.request import Request
    from rest_framework.versioning import URLPathVersioning


    class OrderView(APIView):
        def get(self,request,*args,**kwargs):
            print(request.version)
            print(request.versioning_scheme)
            return Response('...')

        def post(self,request,*args,**kwargs):
            return Response('post')

  • 在settings中配置

    REST_FRAMEWORK = {
        "PAGE_SIZE":2,
        "DEFAULT_PAGINATION_CLASS":"rest_framework.pagination.PageNumberPagination",
        "DEFAULT_VERSIONING_CLASS":"rest_framework.versioning.URLPathVersioning",
        "ALLOWED_VERSIONS":['v1','v2'],
        'VERSION_PARAM':'version'
    }

####

3.认证(面试)

from django.conf.urls import url,include
from django.contrib import admin
from . import views
urlpatterns = [
    url(r'^login/$', views.LoginView.as_view()),
   url(r'^order/$', views.OrderView.as_view()),
   url(r'^user/$', views.UserView.as_view()),
]
import uuid
from django.shortcuts import render
from django.views import View
from django.views.decorators.csrf import csrf_exempt
from django.utils.decorators import method_decorator
from rest_framework.versioning import URLPathVersioning
from rest_framework.views import APIView
from rest_framework.response import Response

from . import models

class LoginView(APIView):

    def post(self,request,*args,**kwargs):
        user_object = models.UserInfo.objects.filter(**request.data).first()
        if not user_object:
            return Response('登录失败')
        random_string = str(uuid.uuid4())
        user_object.token = random_string
        user_object.save()
        return Response(random_string)

class MyAuthentication:
    def authenticate(self, request):
        """
       Authenticate the request and return a two-tuple of (user, token).
       """
        token = request.query_params.get('token')
        user_object = models.UserInfo.objects.filter(token=token).first()
        if user_object:
            return (user_object,token)
        return (None,None)

class OrderView(APIView):
    authentication_classes = [MyAuthentication, ]
    def get(self,request,*args,**kwargs):
        print(request.user)
        print(request.auth)
        return Response('order')

class UserView(APIView):
    authentication_classes = [MyAuthentication,]
    def get(self,request,*args,**kwargs):
        print(request.user)
        print(request.auth)
        return Response('user')

源码分析

class Request:

    def __init__(self, request,authenticators=None):
        self._request = request
        self.authenticators = authenticators or ()
        
 @property
    def user(self):
        """
       Returns the user associated with the current request, as authenticated
       by the authentication classes provided to the request.
       """
        if not hasattr(self, '_user'):
            with wrap_attributeerrors():
                self._authenticate()
        return self._user
    
    def _authenticate(self):
        """
       Attempt to authenticate the request using each authentication instance
       in turn.
       """
        for authenticator in self.authenticators:
            try:
                user_auth_tuple = authenticator.authenticate(self)
            except exceptions.APIException:
                self._not_authenticated()
                raise

            if user_auth_tuple is not None:
                self._authenticator = authenticator
                self.user, self.auth = user_auth_tuple
                return

        self._not_authenticated()
        
 @user.setter
    def user(self, value):
        """
       Sets the user on the current request. This is necessary to maintain
       compatibility with django.contrib.auth where the user property is
       set in the login and logout functions.

       Note that we also set the user on Django's underlying `HttpRequest`
       instance, ensuring that it is available to any middleware in the stack.
       """
        self._user = value
        self._request.user = value

 


class APIView(View):
    authentication_classes = api_settings.DEFAULT_AUTHENTICATION_CLASSES
    
 def dispatch(self, request, *args, **kwargs):
        """
       `.dispatch()` is pretty much the same as Django's regular dispatch,
       but with extra hooks for startup, finalize, and exception handling.
       """
        # ###################### 第一步 ###########################
        """
       request,是django的request,它的内部有:request.GET/request.POST/request.method
       args,kwargs是在路由中匹配到的参数,如:
           url(r'^order/(\d+)/(?P<version>\w+)/$', views.OrderView.as_view()),
           http://www.xxx.com/order/1/v2/
       """
        self.args = args
        self.kwargs = kwargs


        """
       request = 生成了一个新的request对象,此对象的内部封装了一些值。
       request = Request(request)
           - 内部封装了 _request = 老的request
           - 内部封装了 authenticators = [MyAuthentication(), ]
       """
        request = self.initialize_request(request, *args, **kwargs)
        self.request = request
 
 def initialize_request(self, request, *args, **kwargs):
        """
       Returns the initial request object.
       """
        parser_context = self.get_parser_context(request)

        return Request(
            request,
            parsers=self.get_parsers(),
            authenticators=self.get_authenticators(), # [MyAuthentication(),]
            negotiator=self.get_content_negotiator(),
            parser_context=parser_context
       )

    def get_authenticators(self):
        """
       Instantiates and returns the list of authenticators that this view can use.
       """
        return [ auth() for auth in self.authentication_classes ]
    
class LoginView(APIView):
    authentication_classes = []
    def post(self,request,*args,**kwargs):
        user_object = models.UserInfo.objects.filter(**request.data).first()
        if not user_object:
            return Response('登录失败')
        random_string = str(uuid.uuid4())
        user_object.token = random_string
        user_object.save()
        return Response(random_string)

class OrderView(APIView):
    # authentication_classes = [TokenAuthentication, ]
    def get(self,request,*args,**kwargs):
        print(request.user)
        print(request.auth)
        if request.user:
            return Response('order')
        return Response('滚')

class UserView(APIView):
    同上

 

总结

当用户发来请求时,找到认证的所有类并实例化成为对象列表,然后将对象列表封装到新的request对象中。

以后在视同中调用request.user

在内部会循环认证的对象列表,并执行每个对象的authenticate方法,该方法用于认证,他会返回两个值分别会赋值给
request.user/request.auth

 

作业:将认证的功能添加到呼啦圈中。

  • 登录表

  • 登录视图

  • 写认证类

  • 应用认证类:全局应用

  • Login视图不应用认证

 

4.权限

from rest_framework.permissions import BasePermission
from rest_framework import exceptions

class MyPermission(BasePermission):
   message = {'code': 10001, 'error': '你没权限'}
   def has_permission(self, request, view):
       """
       Return `True` if permission is granted, `False` otherwise.
       """
       if request.user:
           return True

       # raise exceptions.PermissionDenied({'code': 10001, 'error': '你没权限'})
       return False

   def has_object_permission(self, request, view, obj):
       """
       Return `True` if permission is granted, `False` otherwise.
       """
       return False
class OrderView(APIView):
    permission_classes = [MyPermission,]
    def get(self,request,*args,**kwargs):
        return Response('order')


class UserView(APIView):
   permission_classes = [MyPermission, ]
   def get(self,request,*args,**kwargs):
       return Response('user')
REST_FRAMEWORK = {
    "PAGE_SIZE":2,
    "DEFAULT_PAGINATION_CLASS":"rest_framework.pagination.PageNumberPagination",
    "DEFAULT_VERSIONING_CLASS":"rest_framework.versioning.URLPathVersioning",
    "ALLOWED_VERSIONS":['v1','v2'],
   'VERSION_PARAM':'version',
   "DEFAULT_AUTHENTICATION_CLASSES":["kka.auth.TokenAuthentication",]
}

源码分析

class APIView(View):
    permission_classes = api_settings.DEFAULT_PERMISSION_CLASSES
    
    def dispatch(self, request, *args, **kwargs):
        封装request对象
        self.initial(request, *args, **kwargs)
        通过反射执行视图中的方法

 def initial(self, request, *args, **kwargs):
        版本的处理
        # 认证
        self.perform_authentication(request)
  
        # 权限判断
        self.check_permissions(request)
        
        
        self.check_throttles(request)
        
    def perform_authentication(self, request):
        request.user
 
    def check_permissions(self, request):
        # [对象,对象,]
        for permission in self.get_permissions():
            if not permission.has_permission(request, self):
                self.permission_denied(request, message=getattr(permission, 'message', None))
    def permission_denied(self, request, message=None):
        if request.authenticators and not request.successful_authenticator:
            raise exceptions.NotAuthenticated()
        raise exceptions.PermissionDenied(detail=message)
        
    def get_permissions(self):
        return [permission() for permission in self.permission_classes]
    
class UserView(APIView):
    permission_classes = [MyPermission, ]
    
    def get(self,request,*args,**kwargs):
        return Response('user')

 

实现呼啦圈

  • 视图:ListAPIView

  • 序列化:多个序列化

  • 分页:给列表页面做分页

  • 版本:版本设置

  • 认证:认证流程 request.user赋值

  • 权限:能否访问

猜你喜欢

转载自www.cnblogs.com/YZL2333/p/11900719.html
今日推荐
openKylin 社区生态委员会第六次会议圆满召开
阿里云正式发布通义千问 2.5
Python 3.13 发布首个 Beta:实验性自由线程模式和 JIT、改进交互式解释器
Stack Overflow 拿我的代码去训练 AI 大模型,还封了我的账号
Pop!_OS 的 COSMIC 桌面完成 App Store 上架工作
报告:Django 仍然是 74% 开发者的首选
《2024 年一季度互联网投融资运行情况》研究报告
15 年前上了“FFmpeg 耻辱柱”,今天他还得谢谢咱——腾讯QQPlayer一雪前耻?
TIOBE 5 月榜单:Fortran “复活”进入 Top 10
GCC 14.1 发布
面壁智能发布 Eurux-8x22B 开源大模型 —— 堪称「理科状元」
开源日报 | 谷歌扶持鸿蒙上位;开源Rabbit R1;Docker加持的安卓手机;微软的焦虑和野心;海尔电器把开放平台关了
周排行
计算机组成与设计(七)—— 除法器
Integer Approximation(分治+枚举)
大话数据库索引
windows10系统JDK的配置及下载地址
mysql实现秒值转换中原六仔平台搭建
Codeforces Round #556 (Div. 1)
百练1064 网线主管
Codeforces 995F Cowmpany Cowmpensation
子集生成之增量构造法,位向量法,二进制法
ERROR: cmd.exe failed with args /c "/APK\gradle\rungradle.bat...
每日归档
更多
2024-05-10(38)
2024-05-09(35)
2024-05-08(42)
2024-05-07(14)
2024-05-06(40)
2024-05-05(0)
2024-05-04(7)
2024-05-03(19)
2024-05-02(0)
2024-05-01(4)

代码天地 © 2018 codetd.com

境外服务器   最新电视剧2022