Python - Django - 在 CBV 中使用装饰器

urls.py:

from django.conf.urls import url
from app02 import views


urlpatterns = [
    # app02
    url(r'^app02/login/', views.login),
    url(r'^app02/home/', views.home),
    url(r'^app02/index/', views.index),
    url(r'^app02/logout/', views.logout),
    url(r'^app02/userinfo/', views.UserInfo.as_view()),
]

views.py:

from django.shortcuts import render, redirect
from django import views
from functools import wraps


def check_login(func):
    @wraps(func)
    def inner(request, *args, **kwargs):
        ret = request.session.get("login")

        if ret == "success":
            # 如果已经登录过
            return func(request, *args, **kwargs)
        else:
            # 没有登录过的 跳转到登录页面
            # 获取当前访问的URL
            next_url = request.path_info
            print(next_url)
            return redirect("/app02/login/?next={}".format(next_url))
    return inner


def login(request):
    if request.method == "POST":
        username = request.POST.get("user")
        password = request.POST.get("pwd")
        # 从URL里面取到 next 参数
        next_url = request.GET.get("next")

        if username == "admin" and password == "admin":
            # 登录成功
            if next_url:
                rep = redirect(next_url)  # 得到一个响应对象
            else:
                rep = redirect("/app02/home/")  # 得到一个响应对象

            # 设置 session
            request.session["login"] = "success"
            request.session["username"] = username
            request.session.set_expiry(60)   # 60 秒之后失效
            return rep
    ret = request.session.get("login")
    if ret == "success":
        return redirect("/app02/home/")
    else:
        return render(request, "app02/login.html")


@check_login
def home(request):
    username = request.session.get("username")
    return render(request, "app02/home.html", {"username": username})


@check_login
def index(request):
    username = request.session.get("username")
    return render(request, "app02/index.html", {"username": username})


# 注销函数
def logout(request):
    request.session.flush()  # 删除 session 数据和 cookie
    request.session.delete()  # 只删除 session 数据,不删除 cookie
    return render(request, "/app02/login/")


class UserInfo(views.View):
    @check_login  # 直接把装饰器加给 get 函数
    def get(self, request):
        username = request.session.get("username")
        return render(request, "app02/userinfo.html", {"username": username})

访问,http://127.0.0.1:8888/app02/userinfo/

 

修改 views.py:

from django.shortcuts import render, redirect
from django import views
from functools import wraps
from django.utils.decorators import method_decorator  # Django 提供的工具,把函数装饰器转变成方法装饰器


def check_login(func):
    @wraps(func)
    def inner(request, *args, **kwargs):
        ret = request.session.get("login")

        if ret == "success":
            # 如果已经登录过
            return func(request, *args, **kwargs)
        else:
            # 没有登录过的 跳转到登录页面
            # 获取当前访问的URL
            next_url = request.path_info
            print(next_url)
            return redirect("/app02/login/?next={}".format(next_url))
    return inner


def login(request):
    if request.method == "POST":
        username = request.POST.get("user")
        password = request.POST.get("pwd")
        # 从URL里面取到 next 参数
        next_url = request.GET.get("next")

        if username == "admin" and password == "admin":
            # 登录成功
            if next_url:
                rep = redirect(next_url)  # 得到一个响应对象
            else:
                rep = redirect("/app02/home/")  # 得到一个响应对象

            # 设置 session
            request.session["login"] = "success"
            request.session["username"] = username
            request.session.set_expiry(60)   # 60 秒之后失效
            return rep
    ret = request.session.get("login")
    if ret == "success":
        return redirect("/app02/home/")
    else:
        return render(request, "app02/login.html")


@check_login
def home(request):
    username = request.session.get("username")
    return render(request, "app02/home.html", {"username": username})


@check_login
def index(request):
    username = request.session.get("username")
    return render(request, "app02/index.html", {"username": username})


# 注销函数
def logout(request):
    request.session.flush()  # 删除 session 数据和 cookie
    request.session.delete()  # 只删除 session 数据,不删除 cookie
    return render(request, "/app02/login/")


class UserInfo(views.View):
    @method_decorator(check_login)
    def get(self, request):
        username = request.session.get("username")
        return render(request, "app02/userinfo.html", {"username": username})

访问,http://127.0.0.1:8888/app02/userinfo/

 

 

直接在类前面加上装饰器:

from django.shortcuts import render, redirect
from django import views
from functools import wraps
from django.utils.decorators import method_decorator  # Django 提供的工具,把函数装饰器转变成方法装饰器


def check_login(func):
    @wraps(func)
    def inner(request, *args, **kwargs):
        ret = request.session.get("login")

        if ret == "success":
            # 如果已经登录过
            return func(request, *args, **kwargs)
        else:
            # 没有登录过的 跳转到登录页面
            # 获取当前访问的URL
            next_url = request.path_info
            print(next_url)
            return redirect("/app02/login/?next={}".format(next_url))
    return inner


@method_decorator(check_login, name="get")  # name 参数要写上加装饰器的函数名
class UserInfo(views.View):

    def get(self, request):
        username = request.session.get("username")
        return render(request, "app02/userinfo.html", {"username": username})

如果类中 get 和 post 方法都需要登录校验就需要写两次装饰器

from django.shortcuts import render, redirect
from django import views
from functools import wraps
from django.utils.decorators import method_decorator  # Django 提供的工具,把函数装饰器转变成方法装饰器


def check_login(func):
    @wraps(func)
    def inner(request, *args, **kwargs):
        ret = request.session.get("login")

        if ret == "success":
            # 如果已经登录过
            return func(request, *args, **kwargs)
        else:
            # 没有登录过的 跳转到登录页面
            # 获取当前访问的URL
            next_url = request.path_info
            print(next_url)
            return redirect("/app02/login/?next={}".format(next_url))
    return inner


@method_decorator(check_login, name="get")  # name 参数要写上加装饰器的函数名
@method_decorator(check_login, name="post")
class UserInfo(views.View):

    def get(self, request):
        username = request.session.get("username")
        return render(request, "app02/userinfo.html", {"username": username})
        
    def post(self, request):
        username = request.session.get("username")
        return render(request, "app02/userinfo.html", {"username": username})

 如果装饰器加在 dispatch 方法上,则该类的所有方法都会被加上装饰器

from django.shortcuts import render, redirect
from django import views
from functools import wraps
from django.utils.decorators import method_decorator  # Django 提供的工具,把函数装饰器转变成方法装饰器


def check_login(func):
    @wraps(func)
    def inner(request, *args, **kwargs):
        ret = request.session.get("login")

        if ret == "success":
            # 如果已经登录过
            return func(request, *args, **kwargs)
        else:
            # 没有登录过的 跳转到登录页面
            # 获取当前访问的URL
            next_url = request.path_info
            print(next_url)
            return redirect("/app02/login/?next={}".format(next_url))
    return inner



class UserInfo(views.View):
    @method_decorator(check_login)
    def dispatch(self, request, *args, **kwargs):
        return super(UserInfo, self).dispatch(request, *args, **kwargs)

    def get(self, request):
        username = request.session.get("username")
        return render(request, "app02/userinfo.html", {"username": username})
        
    def post(self, request):
        username = request.session.get("username")
        return render(request, "app02/userinfo.html", {"username": username})

因为 CBV 中首先执行的就是 dispatch 方法,然后由 dispatch 方法分派去执行其它的方法,所以 get 方法和 post 方法都会被加上装饰器

CSRF Token 补充:

csrf token 相关的装饰器在 CBV 只能加到 dispatch 方法上, 或者加在视图类上 name 参数指定为 dispatch 方法

csrf_exempt:取消当前防跨站请求伪造功能,即便 settings 中设置了全局中间件

csrf_protect:为当前函数强制设置防跨站请求伪造功能,即便 setting 中没有设置全局中间件

将 login.html 中的 csrf token 删除

 

 去 login 界面登录

 

 views,py:

from django.shortcuts import render, redirect
from django import views
from functools import wraps
from django.utils.decorators import method_decorator  # Django 提供的工具,把函数装饰器转变成方法装饰器
from django.views.decorators.csrf import csrf_exempt, csrf_protect


def check_login(func):
    @wraps(func)
    def inner(request, *args, **kwargs):
        ret = request.session.get("login")

        if ret == "success":
            # 如果已经登录过
            return func(request, *args, **kwargs)
        else:
            # 没有登录过的 跳转到登录页面
            # 获取当前访问的URL
            next_url = request.path_info
            print(next_url)
            return redirect("/app02/login/?next={}".format(next_url))
    return inner


@csrf_exempt
def login(request):
    if request.method == "POST":
        username = request.POST.get("user")
        password = request.POST.get("pwd")
        # 从URL里面取到 next 参数
        next_url = request.GET.get("next")

        if username == "admin" and password == "admin":
            # 登录成功
            if next_url:
                rep = redirect(next_url)  # 得到一个响应对象
            else:
                rep = redirect("/app02/home/")  # 得到一个响应对象

            # 设置 session
            request.session["login"] = "success"
            request.session["username"] = username
            request.session.set_expiry(60)   # 60 秒之后失效
            return rep
    ret = request.session.get("login")
    if ret == "success":
        return redirect("/app02/home/")
    else:
        return render(request, "app02/login.html")


@check_login
def home(request):
    username = request.session.get("username")
    return render(request, "app02/home.html", {"username": username})


@check_login
def index(request):
    username = request.session.get("username")
    return render(request, "app02/index.html", {"username": username})


# 注销函数
def logout(request):
    request.session.flush()  # 删除 session 数据和 cookie
    request.session.delete()  # 只删除 session 数据,不删除 cookie
    return render(request, "/app02/login/")


@method_decorator(check_login, name="get")
class UserInfo(views.View):
    @method_decorator(check_login)
    def get(self, request):
        username = request.session.get("username")
        return render(request, "app02/userinfo.html", {"username": username})

 再去 login 界面登录

 

 把 settings.py 中的 csrf 注释

 

再把 login 函数的装饰器改为 @csrf_protect

去 login 页面登录

 

posted @ 2019-08-31 23:20  Sch01aR#  阅读(390)  评论(0编辑  收藏  举报