內容回顧:
1. 開發模式
- 普通開發方式(前後端放在一起寫)
- 前後端分離
2. 後端開發
爲前端提供URL(API/接口的開發)
注:永遠返回HttpResponse
3. Django FBV、CBV
FBV,function base view
def users(request):
user_list = ['alex','oldboy']
return HttpResponse(json.dumps((user_list)))
CBV,class base view
路由:
url(r'^students/', views.StudentsView.as_view()),
視圖:
from django.views import View
class StudentsView(View):
def get(self,request,*args,**kwargs):
return HttpResponse('GET')
def post(self, request, *args, **kwargs):
return HttpResponse('POST')
def put(self, request, *args, **kwargs):
return HttpResponse('PUT')
def delete(self, request, *args, **kwargs):
return HttpResponse('DELETE')
4. 列表生成時
class Foo:
pass
class Bar:
pass
v = []
for i in [Foo,Bar]:
obj = i()
v.append(obj)
v = [item() for item in [Foo,Bar]]
v對象列表
5. 面向對象
- 封裝
- 對同一類方法封裝到類中
class File:
文件增刪改查方法
Class DB:
數據庫的方法
- 將數據封裝到對象中
class File:
def __init__(self,a1,a2):
self.a1 = a1
self.xxx = a2
def get:...
def delete:...
def update:...
def add:...
obj1 = File(123,666)
obj2 = File(456,999)
PS: 擴展
class Request(object):
def __init__(self,obj):
self.obj = obj
@property
def user(self):
return self.obj.authticate()
class Auth(object):
def __init__(self,name,age):
self.name = name
self.age = age
def authticate(self):
return self.name
class APIView(object):
def dispatch(self):
self.f2()
def f2(self):
a = Auth('alex',18)
b = Auth('oldboy',18)
req = Request(b)
print(req.user)
obj = APIView()
obj.dispatch()
今日概要:
1. restful 規範(建議)
2. django rest framework框架
內容詳細:
0. FBV、CBV
CBV,基於反射實現根據請求方式不同,執行不同的方法。
原理:
url -> view方法 -> dispatch方法(反射執行其他:GET/POST/DELETE/PUT)
流程:
class StudentsView(View):
def dispatch(self, request, *args, **kwargs):
print('before')
ret = super(StudentsView,self).dispatch(request, *args, **kwargs)
print('after')
return ret
def get(self,request,*args,**kwargs):
return HttpResponse('GET')
def post(self, request, *args, **kwargs):
return HttpResponse('POST')
def put(self, request, *args, **kwargs):
return HttpResponse('PUT')
def delete(self, request, *args, **kwargs):
return HttpResponse('DELETE')
繼承(多個類共用的功能,爲了避免重複編寫):
from django.views import View
class MyBaseView(object):
def dispatch(self, request, *args, **kwargs):
print('before')
ret = super(MyBaseView,self).dispatch(request, *args, **kwargs)
print('after')
return ret
class StudentsView(MyBaseView,View):
def get(self,request,*args,**kwargs):
print('get方法')
return HttpResponse('GET')
def post(self, request, *args, **kwargs):
return HttpResponse('POST')
def put(self, request, *args, **kwargs):
return HttpResponse('PUT')
def delete(self, request, *args, **kwargs):
return HttpResponse('DELETE')
class TeachersView(MyBaseView,View):
def get(self,request,*args,**kwargs):
return HttpResponse('GET')
def post(self, request, *args, **kwargs):
return HttpResponse('POST')
def put(self, request, *args, **kwargs):
return HttpResponse('PUT')
def delete(self, request, *args, **kwargs):
return HttpResponse('DELETE')
面試題:
1. django中間件
- process_request
- process_view
- process_response
- process_exception
- process_render_template
2. 使用中間件做過什麼?
- 權限
- 用戶登錄驗證
- django的csrf是如何實現?
process_view方法
- 檢查視圖是否被 @csrf_exempt (免除csrf認證)
- 去請求體或cookie中獲取token
3.
情況一:
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware', # 全站使用csrf認證
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
from django.views.decorators.csrf import csrf_exempt
@csrf_exempt # 該函數無需認證
def users(request):
user_list = ['alex','oldboy']
return HttpResponse(json.dumps((user_list)))
情況二:
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
#'django.middleware.csrf.CsrfViewMiddleware', # 全站不使用csrf認證
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
from django.views.decorators.csrf import csrf_exempt
@csrf_protect # 該函數需認證
def users(request):
user_list = ['alex','oldboy']
return HttpResponse(json.dumps((user_list)))
CBV小知識,csrf時需要使用
- @method_decorator(csrf_exempt)
- 在dispatch方法中(單獨方法無效)
方式一:
from django.views.decorators.csrf import csrf_exempt,csrf_protect
from django.utils.decorators import method_decorator
class StudentsView(View):
@method_decorator(csrf_exempt)
def dispatch(self, request, *args, **kwargs):
return super(StudentsView,self).dispatch(request, *args, **kwargs)
def get(self,request,*args,**kwargs):
print('get方法')
return HttpResponse('GET')
def post(self, request, *args, **kwargs):
return HttpResponse('POST')
def put(self, request, *args, **kwargs):
return HttpResponse('PUT')
def delete(self, request, *args, **kwargs):
return HttpResponse('DELETE')
方式二:
from django.views.decorators.csrf import csrf_exempt,csrf_protect
from django.utils.decorators import method_decorator
@method_decorator(csrf_exempt,name='dispatch')
class StudentsView(View):
def get(self,request,*args,**kwargs):
print('get方法')
return HttpResponse('GET')
def post(self, request, *args, **kwargs):
return HttpResponse('POST')
def put(self, request, *args, **kwargs):
return HttpResponse('PUT')
def delete(self, request, *args, **kwargs):
return HttpResponse('DELETE')
總結:
- 本質,基於反射來實現
- 流程:路由,view,dispatch(反射)
- 取消csrf認證(裝飾器要加到dispatch方法上且method_decorator裝飾)
擴展:
- csrf
- 基於中間件的process_view方法
- 裝飾器給單獨函數進行設置(認證或無需認證)
1. restful 規範(建議)
a. 接口開發
urlpatterns = [
# url(r'^admin/', admin.site.urls),
url(r'^get_order/', views.get_order),
url(r'^add_order/', views.add_order),
url(r'^del_order/', views.del_order),
url(r'^update_order/', views.update_order),
]
def get_order(request):
return HttpResponse('')
def add_order(request):
return HttpResponse('')
def del_order(request):
return HttpResponse('')
def update_order(request):
return HttpResponse('')
b. restful 規範(建議)
1. 根據method不同做不同的操作,示例:
基於FBV:
urlpatterns = [
url(r'^order/', views.order),
]
def order(request):
if request.method == 'GET':
return HttpResponse('獲取訂單')
elif request.method == 'POST':
return HttpResponse('創建訂單')
elif request.method == 'PUT':
return HttpResponse('更新訂單')
elif request.method == 'DELETE':
return HttpResponse('刪除訂單')
基於CBV:
urlpatterns = [
url(r'^order/', views.OrderView.as_view()),
]
class OrderView(View):
def get(self,request,*args,**kwargs):
return HttpResponse('獲取訂單')
def post(self,request,*args,**kwargs):
return HttpResponse('創建訂單')
def put(self,request,*args,**kwargs):
return HttpResponse('更新訂單')
def delete(self,request,*args,**kwargs):
return HttpResponse('刪除訂單')
c. 談談自己對restful api 規範的認識
10個規則
注意:推薦使用CBV
2. django rest framework框架
pip3 install djangorestframework
a. 認證
- 僅使用:
from django.views import View
from rest_framework.views import APIView
from rest_framework.authentication import BasicAuthentication
from rest_framework import exceptions
from rest_framework.request import Request
class MyAuthentication(object):
def authenticate(self,request):
token = request._request.GET.get('token')
# 獲取用戶名和密碼,去數據校驗
if not token:
raise exceptions.AuthenticationFailed('用戶認證失敗')
return ("alex",None)
def authenticate_header(self,val):
pass
class DogView(APIView):
authentication_classes = [MyAuthentication,]
def get(self,request,*args,**kwargs):
print(request)
print(request.user)
ret = {
'code':1000,
'msg':'xxx'
}
return HttpResponse(json.dumps(ret),status=201)
def post(self,request,*args,**kwargs):
return HttpResponse('創建Dog')
def put(self,request,*args,**kwargs):
return HttpResponse('更新Dog')
def delete(self,request,*args,**kwargs):
return HttpResponse('刪除Dog')
- 源碼流程:
dispatch...
作業:
1. 中間件
2. csrf
3. CBV
4. 規範
- 10條規範
- 認識
5. djangorestframework
- 如何驗證(基於數據庫實現用戶認證)
- 源碼流程(面向對象回顧流程)
預習:
版本
權限
控制訪問頻率