rest_framework source code analysis:
1.as_view()
2. as_view() of the parent class view = super(APIView, cls).as_view(**initkwargs)
3.view 方法中 return self.dispatch(request, *args, **kwargs)
4.dispatch
1. Split the original request into restframework
request = self.initialize_request(request, *args, **kwargs)
self.request = request
2. Process versions, authentication, permissions, access frequency
self.initial(request, *args, **kwargs)
1. Process version information
version, scheme = self.determine_version(request, *args, **kwargs),request.version, request.versioning_scheme = version, scheme
if self.versioning_class is None:return (None, None) No versioning class, no versioning
scheme = self.versioning_class()#If there is a version control class
return (scheme.determine_version(request, *args, **kwargs), scheme)
version = kwargs.get(self.version_param, self.default_version) Get the version
if not self.is_allowed_version(version): if the version does not exist or is not in the allowed range
2. Processing authentication information
self.perform_authentication(request)
request.uer goes into the uer method with the decorator @Propryty
if not hasattr(self, '_user'): #Determine whether there is no authentication
self._authenticate() #No authentication, enter _authenticate() authentication
for authenticator in self.authenticators: #loop to get the authentication object
authenticators=self.get_authenticators() #Encapsulate the authentication object into authenticators
return [auth() for auth in self.authentication_classes] #List loop instantiate the object of the class of the authentication_classes list
authentication_classes = api_settings.DEFAULT_AUTHENTICATION_CLASSES #The configuration of setting is used by default
#Return directly after authentication
return self._user
3. Processing permission information
self.check_permissions(request)
for permission in self.get_permissions(): Get the permission class from permission_classes, execute the list of objects
if not permission.has_permission(request, self): Execute the has_permission of each class for permission authentication
permission_denied(self, request, message=None) #Execute if permission authentication fails
def permission_denied(self, request, message=None):
"""
If request is not permitted, determine what kind of exception to raise.
"""
if request.authenticators and not request.successful_authenticator:
raise exceptions.NotAuthenticated('No access')
raise exceptions.PermissionDenied(detail=message)
4. Dealing with Access Frequency Restrictions
self.check_throttles(request)
for throttle in self.get_throttles(): get throttle object from throttle_classes=[MyThrottle,] loop
if not throttle.allow_request(request, self): execute the allow_request(request, self) method of the object and return True successfully
self.throttled(request, throttle.wait()) access frequency limit execution throttled(request, throttle.wait())
def throttled(self,request,wait): 在APIView中
class InnerThrottled(exceptions.Throttled):
default_detail = 'The request is limited.'
extra_detail_singular = 'Expected available in {wait} second.'
extra_detail_plural = 'We need to wait for {wait} seconds'
raise InnerThrottled(wait)
throttle.wait() returns, how much time is left for revisiting
Implemented in a custom frequency limiting class:
def wait(self): the parent class has been implemented
3. Reflect the request method according to the method submitted by the user
handler = getattr(self, request.method.lower(),)
4. Encapsulate, serialize, route, and render the processed data
self.response = self.finalize_response(request, response, *args, **kwargs)