django 12.组件:中间件
全局性的逻辑处理
一、中间件的概念
中间件顾名思义,是介于request与response处理之间的一道处理过程,相对比较轻量级,并且在全局上改变django的输入与输出。因为改变的是全局,所以需要谨慎使用,用不好会影响到性能。
Django的中间件的定义:
Middleware is a framework of hooks into Django’s request/response processing. <br>It’s a light, low-level “plugin” system for globally altering Django’s input or output.
如果你想修改请求,例如被传送到view中的HttpRequest对象。 或者你想修改view返回的HttpResponse对象,这些都可以通过中间件来实现。
可能你还想在view执行之前做一些操作,这种情况就可以用 middleware来实现。
setting.py
Django 默认的Middleware
:默认定义7个
一个中间件就是一个类
MIDDLEWARE = [ 'django.middleware.security.SecurityMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', ]
中间件起到什么角色,一个完整django经历那些阶段
接收到了socket,拿到了请求信息,wsgire做了一个封装request的操作(解析数据,解析成一个request的对象)----------------->>>会进入中间件,执行每一个中间件的process_request,它是依次执行的。------>
路由层做分发,分发完了交给视图进行处理,视图要响应一个值,如果是字符串就原路返回了,它返回的时候是依次执行process_response这个方法 走出中间件 ---->
wsgiref封装了数据,(http协议必须按照响应体的响应格式进行发,如果不按照那个格式发浏览器无法解析;wsgiref封装协议,响应首行、响应体、响应体)
把请求体交给浏览器----》拿到响应体浏览器解析为一个页面给用户看。
中间件不管你访问的请求路径是什么,只要请求访问的是这个服务器就必然会通过这个中间件来的时候经过process_respongse,回去的时候经过process_request,属于全局性逻辑处理。
自定义中间件
中间件中一共有四个方法: process_request process_view process_exception process_response
process_request,process_response
当用户发起请求的时候会依次经过所有的的中间件,这个时候的请求时process_request,最后到达views的函数中,views函数处理后,在依次穿过中间件,这个时候是process_response,最后返回给请求者。
上述截图中的中间件都是django中的,我们也可以自己定义一个中间件,我们可以自己写一个类,但是必须继承MiddlewareMixin
需要导入
from django.utils.deprecation import MiddlewareMixin
无论访问的路径是什么,中间件都会执行
url
from django.contrib import admin from django.urls import path from app01 import views urlpatterns = [ path('admin/', admin.site.urls), path('index/', views.index), path('index_new/', views.index_new), ]
views.py
from django.shortcuts import render,HttpResponse # Create your views here. def index(request): return HttpResponse('index') def index_new(request): return HttpResponse('is new index')
自定义中间件
my_middlewares.py
from django.utils.deprecation import MiddlewareMixin from django.shortcuts import HttpResponse class CustomerMiddleware(MiddlewareMixin): def process_request(self,request): print("CustomerMiddleware1 process_request....") #return HttpResponse("forbidden....") def process_response(self,request,response): print("CustomerMiddleware1 process_response") return response #return HttpResponse("hello yuan") def process_view(self, request, callback, callback_args, callback_kwargs): print("CustomerMiddleware1 process_view") def process_exception(self, request, exception): print("CustomerMiddleware1 process_exception") return HttpResponse(exception) class CustomerMiddleware2(MiddlewareMixin): def process_request(self,request): print("CustomerMiddleware2 process_request....") def process_response(self,request,response): print("CustomerMiddleware2 process_response") return response def process_view(self, request, callback, callback_args, callback_kwargs): # print("====>",callback(callback_args)) print("CustomerMiddleware2 process_view") # ret=callback(callback_args) # return ret def process_exception(self, request, exception): print("CustomerMiddleware2 process_exception") #return HttpResponse(exception)
在settings配置
分别访问index index_new
中间件都会执行
CustomerMiddleware1 process_request.... CustomerMiddleware2 process_request.... CustomerMiddleware1 process_view CustomerMiddleware2 process_view CustomerMiddleware2 process_response CustomerMiddleware1 process_response
在view.py
def index(request): print('-----index-----') return HttpResponse('index')
在浏览器中访问index
CustomerMiddleware1 process_request.... CustomerMiddleware2 process_request.... CustomerMiddleware1 process_view CustomerMiddleware2 process_view -----index----- # view.py视图 CustomerMiddleware2 process_response CustomerMiddleware1 process_response 先请求--视图--响应
具体分析:
1、当自定义的中间件中只有请求和响应:
def process_request(self,request): print("CustomerMiddleware1 process_request....") #return HttpResponse("forbidden....") def process_response(self,request,response): print("CustomerMiddleware1 process_response")
2、当自定义的中间件有process_view
class CustomerMiddleware(MiddlewareMixin): def process_request(self,request): print("CustomerMiddleware1 process_request....") #return HttpResponse("forbidden....") def process_response(self,request,response): print("CustomerMiddleware1 process_response") return response #return HttpResponse("hello yuan") def process_view(self, request, callback, callback_args, callback_kwargs): print("CustomerMiddleware1 process_view")
注意:process_view如果有返回值,会越过其他的process_view以及视图函数,但是所有的process_response都还会执行。
3、当自定义的中间件有process_view 且 当views出现错误时:
from django.utils.deprecation import MiddlewareMixin from django.shortcuts import HttpResponse class CustomerMiddleware(MiddlewareMixin): def process_request(self,request): print("CustomerMiddleware1 process_request....") #return HttpResponse("forbidden....") def process_response(self,request,response): print("CustomerMiddleware1 process_response") return response #return HttpResponse("hello yuan") # def process_view(self, request, callback, callback_args, callback_kwargs): print("CustomerMiddleware1 process_view") # # # def process_exception(self, request, exception): print("CustomerMiddleware1 process_exception") return HttpResponse(exception)
只需要掌握两个
request
response
def process_request(self,request): print("CustomerMiddleware1 process_request....") def process_response(self,request,response): print("CustomerMiddleware1 process_response") return response #必须有返回值
中间件应用之用户认证
通过中间件实现装饰器 @login_required 用户认证
完整代码实现
url
from django.contrib import admin from django.urls import path from app01 import views urlpatterns = [ path('admin/', admin.site.urls), path('login/', views.login), path('index/', views.index), path('logout/', views.logout), path('reg/', views.reg), # path('set_pwd/', views.set_pwd), path('order/', views.order), ]
views
from django.shortcuts import render,redirect # Create your views here. from django.contrib import auth from django.contrib.auth.models import User from django.contrib.auth.decorators import login_required def login(request): if request.method=='POST': name=request.POST.get('user') pwd=request.POST.get('pwd') # 如果验证成功返回user对象,否则返回none user=auth.authenticate(username=name,password=pwd) print('user',user) if user: auth.login(request,user) # request.user:当前登录对象 # return redirect('/index/') # 加装饰器 next_url = request.GET.get("next", "/index/") return redirect(next_url) return render(request,'login.html') #@login_required def index(request): # print('request.user',request.user) # if not request.user.is_authenticated: # return redirect('/login/') # username=request.user return render(request,'index.html',locals()) # 注销 def logout(request): auth.logout(request) return redirect("/login/") # 注册 def reg(request): if request.method == "POST": name = request.POST.get("user") pwd = request.POST.get("pwd") # User.objects.create(username=user,password=pwd) user = User.objects.create_user(username=name, password=pwd) return redirect("/login/") return render(request, "reg.html") #@login_required # 加装饰器后必须登录才能访问,为登录跳转到默认的页面 def order(request): # if not request.user.is_authenticated: # return redirect("/login/") return render(request,"order.html")
settings.py
STATIC_URL = '/static/' LOGIN_URL='/login/' # 设置白名单 WHITE_LIST = ["/login/", "/reg/", "/logout/"]
my_middlewares.py
from django.utils.deprecation import MiddlewareMixin from django.shortcuts import redirect from authDemo import settings class AuthMiddleware(MiddlewareMixin): def process_request(self,request): white_list = settings.WHITE_LIST if request.path in white_list: return None if not request.user.is_authenticated: return redirect("/login/")
设置成白名单的才可以访问,其他的不能访问;当用户登陆成功后,其他的视图就可以直接
访问无需登录验证
装饰器,中间件具体情况具体分析
只有几个需要验证则装饰器
需要大量验证的则中间件