全局性的逻辑处理
一、中间件的概念
中间件顾名思义,是介于request与response处理之间的一道处理过程,相对比较轻量级,并且在全局上改变django的输入与输出。因为改变的是全局,所以需要谨慎使用,用不好会影响到性能。
Django的中间件的定义:
Middleware is a framework of hooks into Django’s request/response processing. <br>It’s a light, low-level “plugin” system for globally altering Django’s input or output.
如果你想修改请求,例如被传送到view中的HttpRequest对象。 或者你想修改view返回的HttpResponse对象,这些都可以通过中间件来实现。
可能你还想在view执行之前做一些操作,这种情况就可以用 middleware来实现。
setting.py
Django 默认的Middleware:默认定义7个
一个中间件就是一个类
MIDDLEWARE = [ 'django.middleware.security.SecurityMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', ]
中间件起到什么角色,一个完整django经历那些阶段
自定义中间件
中间件中一共有四个方法:
process_request
process_view
process_exception
process_response
process_request,process_response
当用户发起请求的时候会依次经过所有的的中间件,这个时候的请求时process_request,最后到达views的函数中,views函数处理后,在依次穿过中间件,这个时候是process_response,最后返回给请求者。
上述截图中的中间件都是django中的,我们也可以自己定义一个中间件,我们可以自己写一个类,但是必须继承MiddlewareMixin
需要导入
from django.utils.deprecation import MiddlewareMixin
无论访问的路径是什么,中间件都会执行
url
from django.contrib import admin from django.urls import path from app01 import views urlpatterns = [ path('admin/', admin.site.urls), path('index/', views.index), path('index_new/', views.index_new), ]
views.py
from django.shortcuts import render,HttpResponse # Create your views here. def index(request): return HttpResponse('index') def index_new(request): return HttpResponse('is new index')
自定义中间件
my_middlewares.py
from django.utils.deprecation import MiddlewareMixin from django.shortcuts import HttpResponse class CustomerMiddleware(MiddlewareMixin): def process_request(self,request): print("CustomerMiddleware1 process_request....") #return HttpResponse("forbidden....") def process_response(self,request,response): print("CustomerMiddleware1 process_response") return response #return HttpResponse("hello yuan") def process_view(self, request, callback, callback_args, callback_kwargs): print("CustomerMiddleware1 process_view") def process_exception(self, request, exception): print("CustomerMiddleware1 process_exception") return HttpResponse(exception) class CustomerMiddleware2(MiddlewareMixin): def process_request(self,request): print("CustomerMiddleware2 process_request....") def process_response(self,request,response): print("CustomerMiddleware2 process_response") return response def process_view(self, request, callback, callback_args, callback_kwargs): # print("====>",callback(callback_args)) print("CustomerMiddleware2 process_view") # ret=callback(callback_args) # return ret def process_exception(self, request, exception): print("CustomerMiddleware2 process_exception") #return HttpResponse(exception)
在settings配置
分别访问index index_new
中间件都会执行
CustomerMiddleware1 process_request....
CustomerMiddleware2 process_request....
CustomerMiddleware1 process_view
CustomerMiddleware2 process_view
CustomerMiddleware2 process_response
CustomerMiddleware1 process_response
在view.py
def index(request): print('-----index-----') return HttpResponse('index')
在浏览器中访问index
CustomerMiddleware1 process_request....
CustomerMiddleware2 process_request....
CustomerMiddleware1 process_view
CustomerMiddleware2 process_view
-----index----- # view.py视图
CustomerMiddleware2 process_response
CustomerMiddleware1 process_response
先请求--视图--响应
具体分析:
1、当自定义的中间件中只有请求和相应 ,:
def process_request(self,request): print("CustomerMiddleware1 process_request....") #return HttpResponse("forbidden....") def process_response(self,request,response): print("CustomerMiddleware1 process_response")
2、当自定义的中间件有process_view
class CustomerMiddleware(MiddlewareMixin):
def process_request(self,request):
print("CustomerMiddleware1 process_request....")
#return HttpResponse("forbidden....")
def process_response(self,request,response):
print("CustomerMiddleware1 process_response")
return response
#return HttpResponse("hello yuan")
def process_view(self, request, callback, callback_args, callback_kwargs):
print("CustomerMiddleware1 process_view")
结果如下:
注意:process_view如果有返回值,会越过其他的process_view以及视图函数,但是所有的process_response都还会执行。3、当自定义的中间件有process_view 且 当views出现错误时:
from django.utils.deprecation import MiddlewareMixin from django.shortcuts import HttpResponse class CustomerMiddleware(MiddlewareMixin): def process_request(self,request): print("CustomerMiddleware1 process_request....") #return HttpResponse("forbidden....") def process_response(self,request,response): print("CustomerMiddleware1 process_response") return response #return HttpResponse("hello yuan") # def process_view(self, request, callback, callback_args, callback_kwargs): print("CustomerMiddleware1 process_view") # # # def process_exception(self, request, exception): print("CustomerMiddleware1 process_exception") return HttpResponse(exception)
只需要掌握两个
request
response
def process_request(self,request):
print("CustomerMiddleware1 process_request....")
def process_response(self,request,response):
print("CustomerMiddleware1 process_response")
return response #必须有返回值
中间件应用之用户认证
通过中间件实现装饰器 @login_required 用户认证
完整代码实现
url
from django.contrib import admin from django.urls import path from app01 import views urlpatterns = [ path('admin/', admin.site.urls), path('login/', views.login), path('index/', views.index), path('logout/', views.logout), path('reg/', views.reg), # path('set_pwd/', views.set_pwd), path('order/', views.order), ]
views
from django.shortcuts import render,redirect # Create your views here. from django.contrib import auth from django.contrib.auth.models import User from django.contrib.auth.decorators import login_required def login(request): if request.method=='POST': name=request.POST.get('user') pwd=request.POST.get('pwd') # 如果验证成功返回user对象,否则返回none user=auth.authenticate(username=name,password=pwd) print('user',user) if user: auth.login(request,user) # request.user:当前登录对象 # return redirect('/index/') # 加装饰器 next_url = request.GET.get("next", "/index/") return redirect(next_url) return render(request,'login.html') #@login_required def index(request): # print('request.user',request.user) # if not request.user.is_authenticated: # return redirect('/login/') # username=request.user return render(request,'index.html',locals()) # 注销 def logout(request): auth.logout(request) return redirect("/login/") # 注册 def reg(request): if request.method == "POST": name = request.POST.get("user") pwd = request.POST.get("pwd") # User.objects.create(username=user,password=pwd) user = User.objects.create_user(username=name, password=pwd) return redirect("/login/") return render(request, "reg.html") #@login_required # 加装饰器后必须登录才能访问,为登录跳转到默认的页面 def order(request): # if not request.user.is_authenticated: # return redirect("/login/") return render(request,"order.html")
settings.py
STATIC_URL = '/static/'
LOGIN_URL='/login/'
# 设置白名单 WHITE_LIST = ["/login/", "/reg/", "/logout/"]
my_middlewares.py
from django.utils.deprecation import MiddlewareMixin from django.shortcuts import redirect from authDemo import settings class AuthMiddleware(MiddlewareMixin): def process_request(self,request): white_list = settings.WHITE_LIST if request.path in white_list: return None if not request.user.is_authenticated: return redirect("/login/")
设置成白名单的才可以访问,其他的不能访问;当用户登陆成功后,其他的视图就可以直接
访问无需登录验证
装饰器,中间件具体情况具体分析
只有几个需要验证则装饰器
需要大量验证的则中间件
三、应用案例
1、做IP访问频率限制
某些IP访问服务器的频率过高,进行拦截,比如限制每分钟不能超过20次。
2、URL访问过滤
如果用户访问的是login视图(放过)
如果访问其他视图,需要检测是不是有session认证,已经有了放行,没有返回login,这样就省得在多个视图函数上写装饰器了!
作为延伸扩展内容,有余力的同学可以尝试着读一下以下两个自带的中间件:
'django.contrib.sessions.middleware.SessionMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
悟已往之不谏,知来者之可追。
