Django REST Framework剖析
一、简介
Django REST Framework(简称DRF),是一个用于构建Web API的强大且灵活的工具包。
先说说REST:REST是一种Web API设计标准,是目前比较成熟的一套互联网应用程序的API设计理论。
Fielding将他对互联网软件的架构原则,定名为REST,即Representational State Transfer的缩写。我对这个词组的翻译是”表现层状态转化”。如果一个架构符合REST原则,就称它为RESTful架构。所以简单来说,RESTful是一种Web API设计规范,根据产品需求需要定出一份方便前后端的规范,因此不是所有的标准要求都需要遵循。
二、Django 的 CBV&FBV
Django FBV, function base view 视图里使用函数处理请求
url(r‘^users/‘, views.users),
from django.shortcuts import HttpResponse
import json
def users(request):
user_list = ['lcg','superman']
return HttpResponse(json.dumps((user_list)))
Django CBV, class base view 视图里使用类处理请求
路由:
url(r'^students/', views.StudentsView.as_view()),
视图:
from django.shortcuts import HttpResponse
from django.views import View
class StudentsView(View):
def get(self,request,*args,**kwargs):
return HttpResponse('GET')
def post(self, request, *args, **kwargs):
return HttpResponse('POST')
def put(self, request, *args, **kwargs):
return HttpResponse('PUT')
def delete(self, request, *args, **kwargs):
return HttpResponse('DELETE')
注意:
- cbv定义类的时候必须要继承view
- 在写url的时候必须要加as_view
- 类里面使用form表单提交的话只有get和post方法
- 类里面使用ajax发送数据的话支持定义以下很多方法
restful规范:
'get'获取数据, 'post'创建新数据, 'put'更新, 'patch'局部更新, 'delete'删除, 'head', 'options', 'trace'
三、Django CBV之CSRF
1.csrf校验:
基于中间件的process_view方法实现对请求的csrf_token验证
2.不需要csrf验证方法:
fbv:
from django.views.decorators.csrf import csrf_exempt
@csrf_exempt
def index(request):
pass
cbv:
方式一
###方式一
from django.shortcuts import render,HttpResponse
from django.views.decorators.csrf import csrf_exempt,csrf_protect
from django.utils.decorators import method_decorator
from django.views import View
class Myview(View):
@method_decorator(csrf_exempt) #必须将装饰器写在dispatch上,单独加不生效
def dispatch(self, request, *args, **kwargs):
return super(Myview,self).dispatch(request,*args,**kwargs)
def get(self):
return HttpResponse('get')
def post(self):
return HttpResponse('post')
def put(self):
return HttpResponse('put')
方式二:
from django.shortcuts import render,HttpResponse
from django.views.decorators.csrf import csrf_exempt,csrf_protect
from django.utils.decorators import method_decorator
from django.views import View
@method_decorator(csrf_exempt,name='dispatch')##name参数指定是dispatch方法
class Myview(View):
def dispatch(self, request, *args, **kwargs):
return super(Myview,self).dispatch(request,*args,**kwargs)
def get(self):
return HttpResponse('get')
def post(self):
return HttpResponse('post')
def put(self):
return HttpResponse('put')
四、CBV原理:继承,反射
请求到达Django会先执行Django中间件里的方法,然后进行进行路由匹配。在路由匹配完成后,会执行CBV类中的as_view方法。
CBV中并没有定义as_view方法,由于CBV继承自Django的View,所以会执行Django的View类中的as_view方法
Django的View类的源码:
class View(object):
"""
Intentionally simple parent class for all views. Only implements
dispatch-by-method and simple sanity checking.
"""
http_method_names = ['get', 'post', 'put', 'patch', 'delete', 'head', 'options', 'trace']
def __init__(self, **kwargs):
"""
Constructor. Called in the URLconf; can contain helpful extra
keyword arguments, and other things.
"""
# Go through keyword arguments, and either save their values to our
# instance, or raise an error.
for key, value in six.iteritems(kwargs):
setattr(self, key, value)
@classonlymethod
def as_view(cls, **initkwargs):
"""
Main entry point for a request-response process.
"""
for key in initkwargs:
if key in cls.http_method_names:
raise TypeError("You tried to pass in the %s method name as a "
"keyword argument to %s(). Don't do that."
% (key, cls.__name__))
if not hasattr(cls, key):
raise TypeError("%s() received an invalid keyword %r. as_view "
"only accepts arguments that are already "
"attributes of the class." % (cls.__name__, key))
def view(request, *args, **kwargs):
self = cls(**initkwargs)
if hasattr(self, 'get') and not hasattr(self, 'head'):
self.head = self.get
self.request = request
self.args = args
self.kwargs = kwargs
return self.dispatch(request, *args, **kwargs)
view.view_class = cls
view.view_initkwargs = initkwargs
# take name and docstring from class
update_wrapper(view, cls, updated=())
# and possible attributes set by decorators
# like csrf_exempt from dispatch
update_wrapper(view, cls.dispatch, assigned=())
return view
def dispatch(self, request, *args, **kwargs):
# Try to dispatch to the right method; if a method doesn't exist,
# defer to the error handler. Also defer to the error handler if the
# request method isn't on the approved list.
if request.method.lower() in self.http_method_names:
handler = getattr(self, request.method.lower(), self.http_method_not_allowed)
else:
handler = self.http_method_not_allowed
return handler(request, *args, **kwargs)
def http_method_not_allowed(self, request, *args, **kwargs):
logger.warning(
'Method Not Allowed (%s): %s', request.method, request.path,
extra={'status_code': 405, 'request': request}
)
return http.HttpResponseNotAllowed(self._allowed_methods())
def options(self, request, *args, **kwargs):
"""
Handles responding to requests for the OPTIONS HTTP verb.
"""
response = http.HttpResponse()
response['Allow'] = ', '.join(self._allowed_methods())
response['Content-Length'] = '0'
return response
def _allowed_methods(self):
return [m.upper() for m in self.http_method_names if hasattr(self, m)]
上面实质上是路由里面的那里写的as_view ,返回值是view 而view方法返回的是self.dispath
在dispatch方法中,把request.method转换为小写再判断是否在定义的http_method_names中,如果request.method存在于http_method_names中,则使用getattr反射的方式来得到handler
def dispatch(self, request, *args, **kwargs):
# Try to dispatch to the right method; if a method doesn't exist,
# defer to the error handler. Also defer to the error handler if the
# request method isn't on the approved list.
if request.method.lower() in self.http_method_names:
handler = getattr(self, request.method.lower(), self.http_method_not_allowed)
else:
handler = self.http_method_not_allowed
return handler(request, *args, **kwargs)
在这里的dispatch方法中,self指的是自定义的CBV类实例化得到的对象,从CBV类中获取request.method对应的方法,再执行CBV中的方法并返回
由此,可以知道如果在Django项目中使用CBV的模式,实际上调用了getattr的方式来执行获取类中的请求方法对应的函数
也就是说,继承自View的类下的所有的方法本质上都是通过dispatch这个函数反射执行,如果想要在执行get或post方法前执行其他步骤,可以重写dispatch
我们的征途是星辰大海
