Python actual combat-Django framework to build the background management environment of the Mido Mall and log in "1"

Others 2021-01-29 12:29:08 views: null

Mido background management

The Django framework already provides an Admin management backend, but the page layout effect of the Admin's own pages that can be modified is relatively small, which cannot meet the company's customized page requirements. At this time, it is necessary to independently develop a back-end management system to meet the company's back-end data management.

Project structure

Development mode: separation of front and back ends

Front-end framework: VUE

Back-end framework: Django REST framework

Function part: Administrator login, data statistics, user management, commodity management, order management, authority management

Main technology: JWT user authentication, CORS cross-domain

Project environment construction

1. Running the front-end code

Enter the meiduo_mall_admin file directory and execute the following commands

npm run dev

As shown in the following figure, it means the operation is successful:

2. Running the back-end code

1. Import virtual environment files

pip install -r requeriments.txt

2. Enter the database to create a meiduo database

mysql -uroot -p 

create database meiduo charset=utf8;

3. Import data

 mysql -uroot -p meiduo < dump.sql

4. Run

python manage.py runserver

log in

In the background management, we first need to complete the login function, and we can complete the corresponding function by rewriting the Meiduo form login.

In the background login, because the domain names of our front-end services and back-end services are different, we first solve the cross-domain problem.

After logging in, we keep using jwt

 

Browser's Same Origin Policy

In 1995, the same-origin policy was introduced into browsers by Netscape. Currently, all browsers implement this policy.

The same-origin policy is a security feature of the browser. Client-side scripts (js files) from different sources cannot read and write resources of the other party without explicit authorization. Only scripts from the same source are given permissions for operations such as dom, read and write cookies, session, and ajax.

URL is composed of protocol, domain name, port and path. If the protocol, domain name, and port of two URLs are the same, the two URLs are of the same origin.

For example, for http://www.example.com/dir/page.htmlthis URL, the protocol is http://, the domain name is www.example.com, and the port is 80(the default port can be omitted). Its homology is as follows.

url Whether the same the reason
http://www.example.com/dir2/other.html Yes Same protocol, port and host
https://example.com/dir/other.html no Different protocol (https)
http://www.example.com:81 no Different ports (81)
http://news.example.com/ no Different domain names

The purpose of the same-origin policy is to ensure the safety of user information and prevent malicious websites from stealing data.

Imagine such a situation: A website is a bank, after the user logs in, he goes to other websites. What happens if other websites can read the cookies of website A?

Obviously, if cookies contain privacy (such as total deposits), this information will be leaked. What's more frightening is that cookies are often used to save the user's login status. If the user does not log out, other websites can impersonate the user and do whatever they want. Because the browser also stipulates that submitting forms is not restricted by the same-origin policy.

It can be seen that the "same-origin policy" is necessary, otherwise cookies can be shared and the Internet will be insecure.

Cross-domain CORS

Our front end and back end are two different ports

position domain name
Front-end service 127.0.0.1:8080
Backend service 127.0.0.1:8000

Now, the front-end and back-end are different ports, which involves cross-domain access to data, because the browser’s same-origin policy does not support mutual access to data between two different domain names by default, and we need to To transfer data between domain names, we need to add support for cross-domain access to the backend.

We use django-cors-headers to solve the back-end support for cross-domain access.

Use django-cors-headers extension

Reference document https://github.com/ottoyiu/django-cors-headers/

installation

pip install django-cors-headers

Add app

INSTALLED_APPS = (
    ...
    'corsheaders',
    ...
)

Middle layer settings

MIDDLEWARE = [
    'corsheaders.middleware.CorsMiddleware',
    ...
]

Add whitelist

# CORS
CORS_ORIGIN_WHITELIST = (
    '127.0.0.1:8080',
    'localhost:8080',
    'www.meiduo.site:8080',
    'api.meiduo.site:8000'
)
CORS_ALLOW_CREDENTIALS = True  # 允许携带cookie
  • Any domain name in the whitelist can access the backend interface
  • CORS_ALLOW_CREDENTIALS indicates whether the backend supports operations on cookies in cross-domain access.

The cross-domain implementation process is

1. For the first time, the browser will send an options request to ask the backend whether cross-domain is allowed, and the backend queries whether these two domain names are in the whitelist

2. If the domain name is in the whitelist, inform the browser in the response result to allow cross-domain

3. The browser sends a post request for the second time, carrying user login data to the backend, and completing the login verification operation

options request

post request

 

Guess you like

Origin blog.csdn.net/weixin_45293202/article/details/113097660
Recommended
LFOSSA Yuanlaisusu Open Course | Mastering the Cloud Native Future: Comprehensive Guide to CNCF Certification and Exam Preparation Tips
Ranking
C++ Basic Syntax
bootstrapTable hides a column based on a condition
Why is reentrant lock recommended instead of Synchronized when dynamic high concurrency?
hexo create a blog
[Fully open source and non-encrypted version] Imitation of the eighth district distribution/online signature/multiple sets of download templates/APP distribution hosting/APP packaging and packaging
Polymerization combination
https://www.flysnow.org/2017/05/06/go-in-action-go-log.html
From the perspective of Flutter and the front-end, talk about how to ensure UI fluency under the single-threaded model
nginx-301, 302 redirect
Geolocation by IP Address in ASP.NET
Daily
More
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)
2024-04-18(0)
2024-04-17(31)

Code World

© 2018 codetd.com