Python - Django - 在 CBV 中使用装饰器
urls.py:
from django.conf.urls import url from app02 import views urlpatterns = [ # app02 url(r'^app02/login/', views.login), url(r'^app02/home/', views.home), url(r'^app02/index/', views.index), url(r'^app02/logout/', views.logout), url(r'^app02/userinfo/', views.UserInfo.as_view()), ]
views.py:
from django.shortcuts import render, redirect from django import views from functools import wraps def check_login(func): @wraps(func) def inner(request, *args, **kwargs): ret = request.session.get("login") if ret == "success": # 如果已经登录过 return func(request, *args, **kwargs) else: # 没有登录过的 跳转到登录页面 # 获取当前访问的URL next_url = request.path_info print(next_url) return redirect("/app02/login/?next={}".format(next_url)) return inner def login(request): if request.method == "POST": username = request.POST.get("user") password = request.POST.get("pwd") # 从URL里面取到 next 参数 next_url = request.GET.get("next") if username == "admin" and password == "admin": # 登录成功 if next_url: rep = redirect(next_url) # 得到一个响应对象 else: rep = redirect("/app02/home/") # 得到一个响应对象 # 设置 session request.session["login"] = "success" request.session["username"] = username request.session.set_expiry(60) # 60 秒之后失效 return rep ret = request.session.get("login") if ret == "success": return redirect("/app02/home/") else: return render(request, "app02/login.html") @check_login def home(request): username = request.session.get("username") return render(request, "app02/home.html", {"username": username}) @check_login def index(request): username = request.session.get("username") return render(request, "app02/index.html", {"username": username}) # 注销函数 def logout(request): request.session.flush() # 删除 session 数据和 cookie request.session.delete() # 只删除 session 数据,不删除 cookie return render(request, "/app02/login/") class UserInfo(views.View): @check_login # 直接把装饰器加给 get 函数 def get(self, request): username = request.session.get("username") return render(request, "app02/userinfo.html", {"username": username})
访问,http://127.0.0.1:8888/app02/userinfo/
修改 views.py:
from django.shortcuts import render, redirect from django import views from functools import wraps from django.utils.decorators import method_decorator # Django 提供的工具,把函数装饰器转变成方法装饰器 def check_login(func): @wraps(func) def inner(request, *args, **kwargs): ret = request.session.get("login") if ret == "success": # 如果已经登录过 return func(request, *args, **kwargs) else: # 没有登录过的 跳转到登录页面 # 获取当前访问的URL next_url = request.path_info print(next_url) return redirect("/app02/login/?next={}".format(next_url)) return inner def login(request): if request.method == "POST": username = request.POST.get("user") password = request.POST.get("pwd") # 从URL里面取到 next 参数 next_url = request.GET.get("next") if username == "admin" and password == "admin": # 登录成功 if next_url: rep = redirect(next_url) # 得到一个响应对象 else: rep = redirect("/app02/home/") # 得到一个响应对象 # 设置 session request.session["login"] = "success" request.session["username"] = username request.session.set_expiry(60) # 60 秒之后失效 return rep ret = request.session.get("login") if ret == "success": return redirect("/app02/home/") else: return render(request, "app02/login.html") @check_login def home(request): username = request.session.get("username") return render(request, "app02/home.html", {"username": username}) @check_login def index(request): username = request.session.get("username") return render(request, "app02/index.html", {"username": username}) # 注销函数 def logout(request): request.session.flush() # 删除 session 数据和 cookie request.session.delete() # 只删除 session 数据,不删除 cookie return render(request, "/app02/login/") class UserInfo(views.View): @method_decorator(check_login) def get(self, request): username = request.session.get("username") return render(request, "app02/userinfo.html", {"username": username})
访问,http://127.0.0.1:8888/app02/userinfo/
直接在类前面加上装饰器:
from django.shortcuts import render, redirect from django import views from functools import wraps from django.utils.decorators import method_decorator # Django 提供的工具,把函数装饰器转变成方法装饰器 def check_login(func): @wraps(func) def inner(request, *args, **kwargs): ret = request.session.get("login") if ret == "success": # 如果已经登录过 return func(request, *args, **kwargs) else: # 没有登录过的 跳转到登录页面 # 获取当前访问的URL next_url = request.path_info print(next_url) return redirect("/app02/login/?next={}".format(next_url)) return inner @method_decorator(check_login, name="get") # name 参数要写上加装饰器的函数名 class UserInfo(views.View): def get(self, request): username = request.session.get("username") return render(request, "app02/userinfo.html", {"username": username})
如果类中 get 和 post 方法都需要登录校验就需要写两次装饰器
from django.shortcuts import render, redirect from django import views from functools import wraps from django.utils.decorators import method_decorator # Django 提供的工具,把函数装饰器转变成方法装饰器 def check_login(func): @wraps(func) def inner(request, *args, **kwargs): ret = request.session.get("login") if ret == "success": # 如果已经登录过 return func(request, *args, **kwargs) else: # 没有登录过的 跳转到登录页面 # 获取当前访问的URL next_url = request.path_info print(next_url) return redirect("/app02/login/?next={}".format(next_url)) return inner @method_decorator(check_login, name="get") # name 参数要写上加装饰器的函数名 @method_decorator(check_login, name="post") class UserInfo(views.View): def get(self, request): username = request.session.get("username") return render(request, "app02/userinfo.html", {"username": username}) def post(self, request): username = request.session.get("username") return render(request, "app02/userinfo.html", {"username": username})
如果装饰器加在 dispatch 方法上,则该类的所有方法都会被加上装饰器
from django.shortcuts import render, redirect from django import views from functools import wraps from django.utils.decorators import method_decorator # Django 提供的工具,把函数装饰器转变成方法装饰器 def check_login(func): @wraps(func) def inner(request, *args, **kwargs): ret = request.session.get("login") if ret == "success": # 如果已经登录过 return func(request, *args, **kwargs) else: # 没有登录过的 跳转到登录页面 # 获取当前访问的URL next_url = request.path_info print(next_url) return redirect("/app02/login/?next={}".format(next_url)) return inner class UserInfo(views.View): @method_decorator(check_login) def dispatch(self, request, *args, **kwargs): return super(UserInfo, self).dispatch(request, *args, **kwargs) def get(self, request): username = request.session.get("username") return render(request, "app02/userinfo.html", {"username": username}) def post(self, request): username = request.session.get("username") return render(request, "app02/userinfo.html", {"username": username})
因为 CBV 中首先执行的就是 dispatch 方法,然后由 dispatch 方法分派去执行其它的方法,所以 get 方法和 post 方法都会被加上装饰器
CSRF Token 补充:
csrf token 相关的装饰器在 CBV 只能加到 dispatch 方法上, 或者加在视图类上 name 参数指定为 dispatch 方法
csrf_exempt:取消当前防跨站请求伪造功能,即便 settings 中设置了全局中间件
csrf_protect:为当前函数强制设置防跨站请求伪造功能,即便 setting 中没有设置全局中间件
将 login.html 中的 csrf token 删除
去 login 界面登录
views,py:
from django.shortcuts import render, redirect from django import views from functools import wraps from django.utils.decorators import method_decorator # Django 提供的工具,把函数装饰器转变成方法装饰器 from django.views.decorators.csrf import csrf_exempt, csrf_protect def check_login(func): @wraps(func) def inner(request, *args, **kwargs): ret = request.session.get("login") if ret == "success": # 如果已经登录过 return func(request, *args, **kwargs) else: # 没有登录过的 跳转到登录页面 # 获取当前访问的URL next_url = request.path_info print(next_url) return redirect("/app02/login/?next={}".format(next_url)) return inner @csrf_exempt def login(request): if request.method == "POST": username = request.POST.get("user") password = request.POST.get("pwd") # 从URL里面取到 next 参数 next_url = request.GET.get("next") if username == "admin" and password == "admin": # 登录成功 if next_url: rep = redirect(next_url) # 得到一个响应对象 else: rep = redirect("/app02/home/") # 得到一个响应对象 # 设置 session request.session["login"] = "success" request.session["username"] = username request.session.set_expiry(60) # 60 秒之后失效 return rep ret = request.session.get("login") if ret == "success": return redirect("/app02/home/") else: return render(request, "app02/login.html") @check_login def home(request): username = request.session.get("username") return render(request, "app02/home.html", {"username": username}) @check_login def index(request): username = request.session.get("username") return render(request, "app02/index.html", {"username": username}) # 注销函数 def logout(request): request.session.flush() # 删除 session 数据和 cookie request.session.delete() # 只删除 session 数据,不删除 cookie return render(request, "/app02/login/") @method_decorator(check_login, name="get") class UserInfo(views.View): @method_decorator(check_login) def get(self, request): username = request.session.get("username") return render(request, "app02/userinfo.html", {"username": username})
再去 login 界面登录
把 settings.py 中的 csrf 注释
再把 login 函数的装饰器改为 @csrf_protect
去 login 页面登录