django 强制登录最佳实践

参考：

https://python-programming.courses/recipes/django-require-authentication-pages/

即通过中间件来做AOP拦截。不用每个函数每个类加修饰器/MixIn。

1. 在某个处理用户相关的模块中添加middleware.py， 内容如下：

from django.http import HttpResponseRedirect
from django.conf import settings
from re import compile

EXEMPT_URLS = [compile(settings.LOGIN_URL.lstrip('/'))]
if hasattr(settings, 'LOGIN_EXEMPT_URLS'):
    EXEMPT_URLS += [compile(expr) for expr in settings.LOGIN_EXEMPT_URLS]

class LoginRequiredMiddleware:
    """
    Middleware that requires a user to be authenticated to view any page other
    than LOGIN_URL. Exemptions to this requirement can optionally be specified
    in settings via a list of regular expressions in LOGIN_EXEMPT_URLS (which
    you can copy from your urls.py).

    Requires authentication middleware and template context processors to be
    loaded. You'll get an error if they aren't.
    """
    def process_request(self, request):
        assert hasattr(request, 'user'), "The Login Required middleware\
 requires authentication middleware to be installed. Edit your\
 MIDDLEWARE_CLASSES setting to insert\
 'django.contrib.auth.middlware.AuthenticationMiddleware'. If that doesn't\
 work, ensure your TEMPLATE_CONTEXT_PROCESSORS setting includes\
 'django.core.context_processors.auth'."
        if not request.user.is_authenticated():
            path = request.path_info.lstrip('/')
            if not any(m.match(path) for m in EXEMPT_URLS):
                return HttpResponseRedirect(settings.LOGIN_URL)

 

2. 使用此middleware

settings.py 中的 middleware_classes的最后添加一行

MIDDLEWARE_CLASSES = [
    ...   
    'myapplication.middleware.LoginRequiredMiddleware',
]

 

3. 如果有要放水的url，通过settings.py中添加LOGIN_EXEMPT_URLS(tuple of string)变量设置，例如：

LOGIN_EXEMPT_URLS = (
    r'^accounts/signup/$',
)