drf

DRF

什么是DRF?

DRF从本质上来讲, 它就是一个Django的App, 有了这样一个App, 我们就可以更好的设计出符合RESTful规范的web应用 实际上, 即便没有DRF, 我们也能够自行设计出符合RESTful规范的web应用,是一个框架

为什么要使用DRF?

DRF就是这样一个优秀的工具, 另外, 它不仅能够帮助我们快速的设计出符合RESTful规范的接口, 还提供了诸如 认证 , 权限 等等其他强大的功能.使用了drf之后,可以快速帮我们开发restful规范来开发接口

drf组件的功能:
	+ 根据请求方式不同做不同操作    get/post/put/patch/delete
	+ 视图,继承APIView(在内部apiview继承了django的View)
	+ 解析器,解析请求体中的数据,将其变成我们想要的格式。request.data,query_params
	+ 序列化,对对象或对象列表(queryset)进行序列化操作以及表单验证的功能。
	+ 渲染器,渲染页面
	


记忆:请求到来之后,先执行视图的dispatch方法。

1. 视图
2. 版本处理
3. 认证
4. 权限
5. 节流(频率限制)
6. 解析器
7. 筛选器
8. 分页
9. 序列化
10. 渲染

DRF的应用场景

参与前后端分离项目、参与为app写接口时,用drf会比较方便。

restful规范

第一步:整体说restful规范是什么?
	接口的规范,规则,程序之间做数据交互遵循的规则

第二步:再详细说restful建议
	1. https代替http,保证数据传输时安全。
    
	2. 在url中一般要体现api标识,这样看到url就知道他是一个api。
		http://www.luffycity.com/api/....(建议,因为他不会存在跨域的问题)
		http://api.luffycity.com/....
		假设:
			前段:https://www.luffycity.com/home
			后端:https://www.luffycity.com/api/
                
	3. 在接口中要体现版本
		http://www.luffycity.com/api/v1....(建议,因为他不会存在跨域的问题)
		注意:版本还可以放在请求头中
			http://www.luffycity.com/api/
			accept: ...
			
	4. restful也称为面向资源编程,视网络上的一切都是资源,对资源可以进行操作,所以一般资源都用名词。
		http://www.luffycity.com/api/user/
		
	5. 如果要加入一些筛选条件,可以添加在url中	
		http://www.luffycity.com/api/user/?page=1&type=9

	6. 根据method不同做不同操作。get/post/delete/patch/put
	
	7. 返回给用户状态码
		- 200,成功
		- 300,301永久 /302临时
		- 400,403拒绝 /404找不到
		- 500,服务端代码错误
		
		很多公司:
                def get(self,request,*args,**kwargs):
                    result = {'code':1000,'data':None,'error':None}
                    try:
                        val = int('你好')
                    except Exception as e:
                        result['code'] = 10001
                        result['error'] = '数据转换错误'

                    return Response(result)
        
	8. 返回值
		GET http://www.luffycity.com/api/user/
			[
				{'id':1,'name':'alex','age':19},
				{'id':1,'name':'alex','age':19},
			]
		POST http://www.luffycity.com/api/user/
			{'id':1,'name':'alex','age':19}
			
		GET http://www.luffycity.com/api/user/2/
			{'id':2,'name':'alex','age':19}
			
		PUT http://www.luffycity.com/api/user/2/
			{'id':2,'name':'alex','age':19}
		
		PATCH https//www.luffycity.com/api/user/2/
			{'id':2,'name':'alex','age':19}
			
		DELETE https//www.luffycity.com/api/user/2/
			空
            
	9. 操作异常时,要返回错误信息
	
		{
            error: "Invalid API key"
        }
	10. 对于下一个请求要返回一些接口:Hypermedia AP
		{
			'id':2,
			'name':'alex',
			'age':19,
			'depart': "http://www.luffycity.com/api/user/30/"
		}

安装DRF

pip3 install djangorestframework

使用DRF步骤

0.设计表结构
from django.db import models
class Category(models.Model):
    """
    文章分类
    """
    name = models.CharField(verbose_name='分类',max_length=32)

class Article(models.Model):
    """
    文章表
    """
    title = models.CharField(verbose_name='标题',max_length=32)
    summary = models.CharField(verbose_name='简介',max_length=255)
    content = models.TextField(verbose_name='文章内容')

1.注册drf,在settings中INSTALLED_APPS注册drf:
	'rest_framework'
2.写路由
	from django.conf.urls import url
	from django.contrib import admin
	from drf_app import views
	urlpatterns = [
    	url(r'^admin/', admin.site.urls),
    	# 文章类型url
    	url(r'^drf/categore/$', views.DrfCategoreView.as_view()),   #展示用
    	url(r'^drf/categore/(?P<pk>\d+)/$', views.DrfCategoreView.as_view()),  #编辑删除用
	]
3.写视图
	from django.shortcuts import render	
    from drf_app import models
	from rest_framework.response import Response
	from rest_framework.views import APIView
	from django.forms import model_to_dict   
	

	# 文章类型
	class DrfCategoreView(APIView):   #继承APIView
        #接口:实现访问接口时,创建一个文章类型
    	def post(self,request,*args,**kwargs):   #添加文章类型数据
        	name = request.POST.get('name')      #获取提交的内容,key_values
        	category_obj = models.Category(
            	name=name                        #创建文章类型数据
        	)
        	category_obj.save()       
        	return Response('成功')              #给前端返回结果
		#接口:获取所有文章类型
    	def get(self,request,*args,**kwargs):    #获取数据,在前端展示
        	pk = kwargs.get('pk')                #获取单条数据的p值k
        	if not pk:                           #判断pk知否存在
            	obj = models.Article.objects.all().values()
            	data = list(obj)
            	return Response(data)            #Response只接受列表,字典,字符串类型的数据
        	else:
            	obj_dict = models.Article.objects.filter(pk=pk).first()
            	data = model_to_dict(obj_dict)  #把对象转换成字典
            	return Response(data)
         #接口:更新文章类型
        def put(self,request,*args,**kwargs):     #更新数据
        	pk = kwargs.get('pk')
        	models.Category.objects.filter(id=pk).update(**request.data)  
            								#request.data 返回解析之后的请求体数据
        	return Response('更新成功')

    	#接口:删除文章类型
    	def delete(self,request,*args,**kwargs):   #删除数据
        	pk = kwargs.get('pk')
        	if not pk:
            	return Response('删除失败,没有该条数据')
        	models.Article.objects.filter(pk=pk).delete()
        	return Response('删除成功')

DRF的request.data方法

request.data 返回解析之后的请求体数据
包含了解析之后的文件和非文件数据
包含了对POST、PUT、PATCH请求方式解析后的数据
利用了REST framework的parsers解析器,不仅支持表单类型数据,也支持JSON数据

request.query_params.get('xx')类似于django的GET方法

DRF的序列化

基于上一个代码添加校验功能

from rest_framework import serializers
class NewCategorySerializer(serializers.ModelSerializer):
    class Meta:
        model = models.Category
        # fields = "__all__"
        fields = ['id','name']

class NewCategoryView(APIView):
    def get(self,request,*args,**kwargs):
        pk = kwargs.get('pk')
        if not pk:
            queryset = models.Category.objects.all()
            ser = NewCategorySerializer(instance=queryset,many=True)
            return Response(ser.data)
        else:
            model_object = models.Category.objects.filter(id=pk).first()
            ser = NewCategorySerializer(instance=model_object, many=False)
            return Response(ser.data)

    def post(self,request,*args,**kwargs):
        ser = NewCategorySerializer(data=request.data)
        if ser.is_valid():
            ser.save()
            return Response(ser.data)
        return Response(ser.errors)

    def put(self,request,*args,**kwargs):
        pk = kwargs.get('pk')
        category_object = models.Category.objects.filter(id=pk).first()
        ser = NewCategorySerializer(instance=category_object,data=request.data)
        if ser.is_valid():
            ser.save()
            return Response(ser.data)
        return Response(ser.errors)

    def delete(self,request,*args,**kwargs):
        pk = kwargs.get('pk')
        models.Category.objects.filter(id=pk).delete()
        return Response('删除成功')
    
   #局部更新
   def patch(self,request,*args,**kwargs):
        pk = kwargs.get('pk')
        article_obj = models.Article.objects.filter(pk=pk).first()
        ser = ArticleSerializer(instance=article_obj, data=request.data,partial=True)  # partial=True
        if ser.is_valid():
            ser.save()
            return Response('更新成功')
        return Response(ser.errors)

postman工具的安装使用

安装:

安装:https://www.getpostman.com/

使用:

1572939531806

1572952711366

显示关联表的数据值

from rest_framework import serializers
from drf_app import models
# 文章的Serializer
class ArticleSerializer(serializers.ModelSerializer):
    class Meta:
        model = models.Article
        fields = '__all__'     #拿到该表的全部字段
上述的代码用的这种方法来展示获取数据,全部字段但如果有关联的表的字段,会显示一下内容:
        {
        "id": 2,
        "status": 1,
        "title": "标题1",
        "summary": "简介1",
        "content": "标题1内容",
        "category": 1
    },
    {
        "id": 3,
        "status": 1,
        "title": "标题3",
        "summary": "简介3",
        "content": "标题3内容",
        "category": 2
    },
关联的category表都为数字,但想要他显示该id对应的中文,需要对Serializer进行一些操作!
对ArticleSerializer进行操作!
有四种方法:
    1.  from rest_framework import serializers
        from drf_app import models
        # 文章的Serializer
        class ArticleSerializer(serializers.ModelSerializer):
            category = serializers.CharField(source='category.name')
            class Meta:
                model = models.Article
                fields = ['id','title','summary','content','category']
                
	2.  from rest_framework import serializers
        from drf_app import models
        # 文章的Serializer
        class ArticleSerializer(serializers.ModelSerializer):
      
            category = serializers.SerializerMethodField()
            class Meta:
                model = models.Article
              
                fields = ['id','title','summary','content','category']

            def get_category(self,obj):   #obj是表中的一行记录的对象
                return obj.category.name
            
            
      3.可以直接进行筛选值:
        article_obj = models.Article.objects.all().values('刷选想要的数据,可以进行跨表查')
      
      4.
        from rest_framework import serializers
        from drf_app import models
        # 文章的Serializer
        class ArticleSerializer(serializers.ModelSerializer):
   
        class Meta:
            model = models.Article
            fields = '__all__'
            depth = 1	#会把关联的表的数据全部拿出来,可以理解为与当前的表关联表的个数
	{
        "id": 2,
        "status": 1,
        "title": "标题1",
        "summary": "简介1",
        "content": "标题1内容",
        "category": {
            "id": 1,
            "name": "广告"
        }
    },
    {
        "id": 3,
        "status": 1,
        "title": "标题3",
        "summary": "简介3",
        "content": "标题3内容",
        "category": {
            "id": 2,
            "name": "it"
        }
    },

 推荐前两种!!!!!!!!!!

显示choice类型字段的对应数据

1.
from rest_framework import serializers
from drf_app import models
# 文章的Serializer
class ArticleSerializer(serializers.ModelSerializer):
    category = serializers.CharField(source='category.name')   
    status = serializers.CharField(source='get_status_display')   # get_status_display方法,不用加括号,drf中会检查get_status_display是否可以执行,自动会加括号执行
    class Meta:
        model = models.Article
        fields = ['id','title','summary','content','category','status']
       
        
2.
from rest_framework import serializers
from drf_app import models
# 文章的Serializer
class ArticleSerializer(serializers.ModelSerializer):
    category = serializers.SerializerMethodField()
    class Meta:
        model = models.Article
        fields = ['id','title','summary','content','category','status']
        def get_category(self,obj):   #obj是表中的一行记录的对象
            return get_status_display()

DRF分页

方式一:PageNumberPagination

针对于每页固定显示数据个数,在访问路径需要加:?page=xx,看第几页的数据

# settings.py
#定义每页显示的数据个数
REST_FRAMEWORK = {
    'PAGE_SIZE': 2
}  
# serializer.py
class PageArticleSerializer(serializers.ModelSerializer):
    class Meta:
        model = models.Article
        fields = "__all__"

# view.py
from drf_app.serializer import PageArticleSerializer
from rest_framework.pagination import PageNumberPagination
class PageArticleView(APIView):
  def get(self,request,*args,**kwargs):        
    queryset = models.Article.objects.all()
        # 方式一:仅数据 
        # 分页对象        
        page_object = PageNumberPagination()        
        # 调用 分页对象.paginate_queryset方法进行分页,得到的结果是分页之后的数据       
        # result就是分完页的一部分数据        
        result = page_object.paginate_queryset(queryset,request,self)        
        # 序列化分页之后的数据       
        ser = PageArticleSerializer(instance=result,many=True)       
        	return Response(ser.data)        
        
        # 方式二:数据 + 分页信息        
        page_object = PageNumberPagination()     
        result = page_object.paginate_queryset(queryset, request, self)    
        ser = PageArticleSerializer(instance=result, many=True)        
        	return page_object.get_paginated_response(ser.data)  
        
        # 方式三:数据 + 部分分页信息
        page_object = PageNumberPagination()        
        result = page_object.paginate_queryset(queryset, request, self)        
        ser = PageArticleSerializer(instance=result, many=True)        
        	return Response({'count':page_object.page.paginator.count,'result':ser.data})


        

方式二: LimitOffsetPagination

针对于每页显示个数不固定,在访问路径上加/?offset=xx$limit=xx

from rest_framework.pagination import PageNumberPagination
from rest_framework.pagination import LimitOffsetPagination 
from rest_framework import serializers
class PageArticleSerializer(serializers.ModelSerializer):    
	class Meta:        
		model = models.Article     
         fields = "__all__"
class HulaLimitOffsetPagination(LimitOffsetPagination):    
	max_limit = 2     
class PageArticleView(APIView):   
	def get(self,request,*args,**kwargs):      
    queryset = models.Article.objects.all()
    page_object = HulaLimitOffsetPagination()        
    result = page_object.paginate_queryset(queryset, request, self)        
    ser = PageArticleSerializer(instance=result, many=True)        
    return Response(ser.data)

分页扩展:

# url
url(r'^page/view/article/$', views.PageViewArticleView.as_view()),

# view.py
from rest_framework.generics import ListAPIView
class PageViewArticleSerializer(serializers.ModelSerializer):    
	class Meta:        
		model = models.Article       
         fields = "__all__"
class PageViewArticleView(ListAPIView):    
	queryset = models.Article.objects.all()    
	serializer_class = PageViewArticleSerializer
# 源码里调用执行,在settings中配置用哪种分页方法
# settings.py
REST_FRAMEWORK = {    
    "PAGE_SIZE":2,   
    "DEFAULT_PAGINATION_CLASS":"rest_framework.pagination.PageNumberPagination"
}

筛选

class ArticleView(APIView):    
""" 文章视图类 """
    def get(self,request,*args,**kwargs):        
        """ 获取文章列表 """        
        pk = kwargs.get('pk')        
        if not pk:            
            condition = {}            
            category = request.query_params.get('category')           
            if category:                
                condition['category'] = category            
                queryset = models.Article.objects.filter(**condition).order_by('date')                        		pager = PageNumberPagination()            
                result = pager.paginate_queryset(queryset,request,self)           
                ser = ArticleListSerializer(instance=result,many=True)            
                return Response(ser.data)        
            article_object = models.Article.objects.filter(id=pk).first()        
            ser = PageArticleSerializer(instance=article_object,many=False)        
            return Response(ser.data)

DRF内置组件筛选

from django.shortcuts import render 
from rest_framework.views import APIView 
from rest_framework.response import Response 
from . import models
from rest_framework.filters import BaseFilterBackend
class MyFilterBackend(BaseFilterBackend):
    def filter_queryset(self, request, queryset, view):        
        val = request.query_params.get('cagetory')        
        return queryset.filter(category_id=val)    
class IndexView(APIView):
    def get(self,request,*args,**kwargs):        
        # http://www.xx.com/cx/index/        
        # models.News.objects.all()
        # http://www.xx.com/cx/index/?category=1        
        # models.News.objects.filter(category=1)
        # http://www.xx.com/cx/index/?category=1       
        # queryset = models.News.objects.all()        
        # obj = MyFilterBackend()        
        # result = obj.filter_queryset(request,queryset,self)        
        # print(result)                
        return Response('...')

DRF视图

class TagSer(serializers.ModelSerializer):
    category = serializers.CharField(source="get_category_display")
    author = serializers.SerializerMethodField()
    class Meta:
        model = models.Article
        fields = "__all__"
    def get_author(self,obj):
        return obj.author.username


class AddTagSer(serializers.ModelSerializer):
    class Meta:
        model = models.Article
        fields = "__all__"


# generics的展示,添加
class NewArticleView(ListAPIView,CreateAPIView):
    queryset = models.Article.objects.all()   #提供全部数据
    serializer_class = TagSer                 #提供序列化器,源码中的serializer_class为None

    def get_serializer_class(self):           #源码中提供的方法 返回值为return self.serializer_class,所以可以自定义serializer_class一个序列化器
        if self.request.method == 'GET':
            return TagSer 

        elif self.request.method == 'POST':
            return AddTagSer

    def perform_create(self,serializer):
        serializer.save(author_id=2)          #多添加一个存储数据,关联的数据

# generics的更新,删除
class OldArticleView(DestroyAPIView,UpdateAPIView,RetrieveAPIView):
    queryset = models.Article.objects.all()
    serializer_class = TagSer

    
    
ListAPIView:展示       执行get --->list
CreateAPIView:添加     执行perform_create方法
DestroyAPIView:删除    执行delete方法
UpdateAPIView:更新     执行perform_update方法
RetrieveAPIView:展示单条数据,不能和ListAPIView同用,因为都有get方法 , 执行retrieve方法 
    instance = self.get_object()获取的单条数据
    
当GenericAPIView提供的方法不能满足要求是,需要自定义方法

drf视图源码大致流程

# GenericAPIView提供了一些方法: 取数据,筛选,分页,验证等方法,充当一个桥梁的作用
    get_object
    get_serializer--->self.get_serializer_class()
    get_queryset---->self.queryset
    filter_queryset--->self.filter_backends
    paginator_queryset--->self.pagination_class()


# ListAPIView源码,当发送一个请求时(get请求)源码的执行流程,一个get请求
class NewsView(ListAPIView):
	queryset = models.News.objects.all()
    filter_backends = [NewFilterBackend, ]
    serializer_class = NewSerializers
    pagination_class = PageNumberPagination
    
1.去NewsView找get方法 
def get(self, request, *args, **kwargs):
        return self.list(request, *args, **kwargs)
2.执行self.list方法,本类中没有该方法,去父类中找list方法,执行list方法:
def list(self, request, *args, **kwargs):
        queryset = self.filter_queryset(self.get_queryset())   #筛选
  
        page = self.paginate_queryset(queryset)    #分页
        if page is not None:
            serializer = self.get_serializer(page, many=True)
            return self.get_paginated_response(serializer.data)

        serializer = self.get_serializer(queryset, many=True)  #校验
        return Response(serializer.data)
3.
先执行list中的get_queryset()方法,首先去自己的类中找get_queryset()方法,没有就去父类中找get_queryset(self)方法,
调用了一个self.queryset,先去自己的类中找,自己的类中定义了queryset,接着执行list中filter_queryset方法,
自己的类中没有该方法,去父类中找,父类中没有再去另一个父类中找,去GenericAPIView中找filter_queryset方法,
在执行循环filter_backends方法,自己有定义filter_backends,是一个列表,循环中实例化序列化器,在执行filter_queryset方法

DRF版本控制

第一步:写路由url(r'^api/(P<version>\w+)/user/$',views.UserView.as_view()),
第二步:写模块导入from rest_framework.versioning import URLPathVersioning
第三步:写视图 可不写
request.version获取版本号
class UserView(APIView):  # DEFAULT_VERSIONING_CLASS在APIView中默认配置
    def get(self,request,*args,**kwargs):
        print(request.version)
        return Response('....')
第四步:写settings配置:
REST_FRAMEWORK = {
    "DEFAULT_VERSIONING_CLASS": "rest_framework.versioning.URLPathVersioning",  #配置全局的版本信息
    "ALLOWED_VERSIONS":['v1','v2']    #配置允许版本号范围

}

源码

class APIView(View):
    versioning_class = api_settings.DEFAULT_VERSIONING_CLASS
    
	def dispatch(self, request, *args, **kwargs):
       
        # ###################### 第一步 ###########################
        """
        request,是django的request,它的内部有:request.GET/request.POST/request.method
        args,kwargs是在路由中匹配到的参数,如:
            url(r'^order/(\d+)/(?P<version>\w+)/$', views.OrderView.as_view()),
            http://www.xxx.com/order/1/v2/
        """
        self.args = args
        self.kwargs = kwargs

        """
        request = 生成了一个新的request对象,此对象的内部封装了一些值。
        request = Request(request)
            - 内部封装了 _request = 老的request
        """
        request = self.initialize_request(request, *args, **kwargs)
        self.request = request

        self.headers = self.default_response_headers  # deprecate?

        try:
            # ###################### 第二步 ###########################
            self.initial(request, *args, **kwargs)

            执行视图函数。。
	
	def initial(self, request, *args, **kwargs):
       
        # ############### 2.1 处理drf的版本 ##############
        version, scheme = self.determine_version(request, *args, **kwargs)
        request.version, request.versioning_scheme = version, scheme
		...
        
    def determine_version(self, request, *args, **kwargs):
        if self.versioning_class is None:
            return (None, None)
        scheme = self.versioning_class() # obj = XXXXXXXXXXXX()
        return (scheme.determine_version(request, *args, **kwargs), scheme)
        
class OrderView(APIView):
    versioning_class = URLPathVersioning
    def get(self,request,*args,**kwargs):
        print(request.version)
        print(request.versioning_scheme)
        return Response('...')

    def post(self,request,*args,**kwargs):
        return Response('post')
class URLPathVersioning(BaseVersioning):
    """
    urlpatterns = [
        url(r'^(?P<version>[v1|v2]+)/users/$', users_list, name='users-list'),
       
    ]
    """
    invalid_version_message = _('Invalid version in URL path.')

    def determine_version(self, request, *args, **kwargs):
        version = kwargs.get(self.version_param, self.default_version)
        if version is None:
            version = self.default_version

        if not self.is_allowed_version(version):
            raise exceptions.NotFound(self.invalid_version_message)
        return version

使用(局部)

  • url中写version

    url(r'^(?P<version>[v1|v2]+)/users/$', users_list, name='users-list'),
    
  • 在视图中应用

    from rest_framework.views import APIView
    from rest_framework.response import Response
    from rest_framework.request import Request
    from rest_framework.versioning import URLPathVersioning
    
    
    class OrderView(APIView):
    
        versioning_class = URLPathVersioning
        def get(self,request,*args,**kwargs):
            print(request.version)
            print(request.versioning_scheme)
            return Response('...')
    
        def post(self,request,*args,**kwargs):
            return Response('post')
    
  • 在settings中配置

    REST_FRAMEWORK = {
        "PAGE_SIZE":2,
        "DEFAULT_PAGINATION_CLASS":"rest_framework.pagination.PageNumberPagination",
        "ALLOWED_VERSIONS":['v1','v2'],
        'VERSION_PARAM':'version'
    }
    

使用(全局)推荐

  • url中写version

    url(r'^(?P<version>[v1|v2]+)/users/$', users_list, name='users-list'),
    
    url(r'^(?P<version>\w+)/users/$', users_list, name='users-list'),
    
  • 在视图中应用

    from rest_framework.views import APIView
    from rest_framework.response import Response
    from rest_framework.request import Request
    from rest_framework.versioning import URLPathVersioning
    
    
    class OrderView(APIView):
        def get(self,request,*args,**kwargs):
            print(request.version)
            print(request.versioning_scheme)
            return Response('...')
    
        def post(self,request,*args,**kwargs):
            return Response('post')
    
  • 在settings中配置

    REST_FRAMEWORK = {
        "PAGE_SIZE":2,
        "DEFAULT_PAGINATION_CLASS":"rest_framework.pagination.PageNumberPagination",
        "DEFAULT_VERSIONING_CLASS":"rest_framework.versioning.URLPathVersioning",
        "ALLOWED_VERSIONS":['v1','v2'],
        'VERSION_PARAM':'version'
    }
    

DRF认证

认证(面试)

from django.conf.urls import url,include
from django.contrib import admin
from . import views
urlpatterns = [
    url(r'^login/$', views.LoginView.as_view()),
    url(r'^order/$', views.OrderView.as_view()),
    url(r'^user/$', views.UserView.as_view()),
]

import uuid
from django.shortcuts import render
from django.views import View
from django.views.decorators.csrf import csrf_exempt
from django.utils.decorators import method_decorator
from rest_framework.versioning import URLPathVersioning
from rest_framework.views import APIView
from rest_framework.response import Response

from . import models

class LoginView(APIView):

    def post(self,request,*args,**kwargs):
        user_object = models.UserInfo.objects.filter(**request.data).first()
        if not user_object:
            return Response('登录失败')
        random_string = str(uuid.uuid4())
        user_object.token = random_string
        user_object.save()
        return Response(random_string)

class MyAuthentication:
    def authenticate(self, request):
        """
        Authenticate the request and return a two-tuple of (user, token).
        """
        token = request.query_params.get('token')
        user_object = models.UserInfo.objects.filter(token=token).first()
        if user_object:
            return (user_object,token)
        return (None,None)

class OrderView(APIView):
    authentication_classes = [MyAuthentication, ]
    def get(self,request,*args,**kwargs):
        print(request.user)
        print(request.auth)
        return Response('order')

class UserView(APIView):
    authentication_classes = [MyAuthentication,]
    def get(self,request,*args,**kwargs):
        print(request.user)
        print(request.auth)
        return Response('user')

源码分析

class Request:

    def __init__(self, request,authenticators=None):
        self._request = request
        self.authenticators = authenticators or ()
        
	@property
    def user(self):
        """
        Returns the user associated with the current request, as authenticated
        by the authentication classes provided to the request.
        """
        if not hasattr(self, '_user'):
            with wrap_attributeerrors():
                self._authenticate()
        return self._user
    
    def _authenticate(self):
        """
        Attempt to authenticate the request using each authentication instance
        in turn.
        """
        for authenticator in self.authenticators:  #认证的对象列表[TokenAuthentication,]
            try:
                user_auth_tuple = authenticator.authenticate(self)
            except exceptions.APIException:
                self._not_authenticated()
                raise

            if user_auth_tuple is not None:
                self._authenticator = authenticator
                self.user, self.auth = user_auth_tuple
                return

        self._not_authenticated()
        
	@user.setter
    def user(self, value):
        """
        Sets the user on the current request. This is necessary to maintain
        compatibility with django.contrib.auth where the user property is
        set in the login and logout functions.

        Note that we also set the user on Django's underlying `HttpRequest`
        instance, ensuring that it is available to any middleware in the stack.
        """
        self._user = value
        self._request.user = value
class APIView(View):
    authentication_classes = api_settings.DEFAULT_AUTHENTICATION_CLASSES
    
	def dispatch(self, request, *args, **kwargs):
        """
        `.dispatch()` is pretty much the same as Django's regular dispatch,
        but with extra hooks for startup, finalize, and exception handling.
        """
        # ###################### 第一步 ###########################
        """
        request,是django的request,它的内部有:request.GET/request.POST/request.method
        args,kwargs是在路由中匹配到的参数,如:
            url(r'^order/(\d+)/(?P<version>\w+)/$', views.OrderView.as_view()),
            http://www.xxx.com/order/1/v2/
        """
        self.args = args
        self.kwargs = kwargs


        """
        request = 生成了一个新的request对象,此对象的内部封装了一些值。
        request = Request(request)
            - 内部封装了 _request = 老的request
            - 内部封装了 authenticators = [MyAuthentication(), ]
        """
        request = self.initialize_request(request, *args, **kwargs)
        self.request = request
	
	def initialize_request(self, request, *args, **kwargs):
        """
        Returns the initial request object.
        """
        parser_context = self.get_parser_context(request)

        return Request(
            request,
            parsers=self.get_parsers(),
            authenticators=self.get_authenticators(), # [MyAuthentication(),]
            negotiator=self.get_content_negotiator(),
            parser_context=parser_context
        )

    def get_authenticators(self):
        """
        Instantiates and returns the list of authenticators that this view can use.
        """
        return [ auth() for auth in self.authentication_classes ]
    # 执行上一个代码块的class Request,判断user
    # 执行上一个代码块的class Request,判断user
    # 执行上一个代码块的class Request,判断user
    
    
class LoginView(APIView):
    authentication_classes = []
    def post(self,request,*args,**kwargs):
        user_object = models.UserInfo.objects.filter(**request.data).first()
        if not user_object:
            return Response('登录失败')
        random_string = str(uuid.uuid4())
        user_object.token = random_string
        user_object.save()
        return Response(random_string)

class OrderView(APIView):
    # authentication_classes = [TokenAuthentication, ]
    def get(self,request,*args,**kwargs):
        print(request.user)
        print(request.auth)
        if request.user:
            return Response('order')
        return Response('滚')

class UserView(APIView):
    同上

总结

当用户发来请求时,找到认证的所有类并实例化成为对象列表,然后将对象列表封装到新的request对象中。

以后在视同中调用request.user

在内部会循环认证的对象列表,并执行每个对象的authenticate方法,该方法用于认证,他会返回两个值分别会赋值给
request.user/request.auth 

DRF权限

权限

使用

也可以把权限全局应用,添加到settings中

from rest_framework.permissions import BasePermission
from rest_framework import exceptions

class MyPermission(BasePermission):
    message = {'code': 10001, 'error': '你没权限'}   #没有权限的报错信息
    def has_permission(self, request, view):
        """
        Return `True` if permission is granted, `False` otherwise.
        """
        if request.user:   
            return True

        # raise exceptions.PermissionDenied({'code': 10001, 'error': '你没权限'})
        return False

    def has_object_permission(self, request, view, obj):   #使用单条数据的时候
        """
        Return `True` if permission is granted, `False` otherwise.
        """
        return False
class OrderView(APIView):
    permission_classes = [MyPermission,]    #在这个视图中添加权限
    # permission_classes = []  不需要加权限就把改列表设置为空
    def get(self,request,*args,**kwargs):
        return Response('order')


class UserView(APIView):
    permission_classes = [MyPermission, ]
    def get(self,request,*args,**kwargs):
        return Response('user')
REST_FRAMEWORK = {
    "PAGE_SIZE":2,
    "DEFAULT_PAGINATION_CLASS":"rest_framework.pagination.PageNumberPagination",
    "DEFAULT_VERSIONING_CLASS":"rest_framework.versioning.URLPathVersioning",
    "ALLOWED_VERSIONS":['v1','v2'],
    'VERSION_PARAM':'version',
    "DEFAULT_AUTHENTICATION_CLASSES":["kka.auth.TokenAuthentication",] 
}

在同一个视图中对不同的功能进行权限

方式一:
class MyPermission(BasePermission):
    message = '你没有权限'
    def has_permission(self, request, view):  #获取多个对象的时候执行
        if request.method == "GET":   #对用户请求进行权限添加,当用户的请求为get方法,就不加权限,否则就添加权限
            return True   
        else:

            if request.user and request.auth: #有权限
                print(request.user)
                return True
            return False #无权限

    def has_object_permission(self, request, view, obj): #获取单个对象的时候执行
        return self.has_permission(request, view)
    
# 其余的同上

方式二:
# 加装饰器

from functools import update_wrapper

# 同一个视图中对不同功能添加权限的装饰器
def wrap_permission(*permissions, validate_permission=True):
    """custom permissions for special route"""
    def decorator(func):
        def wrapper(self, request, *args, **kwargs):
            self.permission_classes = permissions
            if validate_permission:
                self.check_permissions(request)
            return func(self, request, *args, **kwargs)
        return update_wrapper(wrapper, func)
    return decorator

def permission_classes(permission_classes):
    def decorator(func):
        func.permission_classes = permission_classes
        return func
    return decorator

class HandleArticleView(UpdateAPIView,DestroyAPIView,RetrieveAPIView):
    
    queryset = models.Article.objects.all()
    serializer_class = DetailArticleSerializer

    @wrap_permission(MyPermission)   # 只对删除添加权限
    def destroy(self, request, *args, **kwargs):
        instance = self.get_object()
        self.perform_destroy(instance)
        return Response('删除成功')

源码分析

class APIView(View):
    permission_classes = api_settings.DEFAULT_PERMISSION_CLASSES
    
    def dispatch(self, request, *args, **kwargs):
        封装request对象
        self.initial(request, *args, **kwargs)
        通过反射执行视图中的方法
	# 认证已经执行完了,request已经封装,接着向下执行initial
	def initial(self, request, *args, **kwargs):
        版本的处理
        # 认证
        self.perform_authentication(request)
		
        # 权限判断
        self.check_permissions(request)
        
        
        self.check_throttles(request)
        
    def perform_authentication(self, request):
        request.user
	
    def check_permissions(self, request):
        # [对象,对象,]
        for permission in self.get_permissions():
            if not permission.has_permission(request, self):
                self.permission_denied(request, message=getattr(permission, 'message', None))
    def permission_denied(self, request, message=None):
        if request.authenticators and not request.successful_authenticator:
            raise exceptions.NotAuthenticated()
        raise exceptions.PermissionDenied(detail=message)
        
    def get_permissions(self):
        return [permission() for permission in self.permission_classes] #权限对象列表
    
###
class UserView(APIView):
    permission_classes = [MyPermission, ]
    
    def get(self,request,*args,**kwargs):
        return Response('user')

同源跨域

跨域

跨域:由于浏览器具有“同源策略”的限制, 当一个请求url的协议、域名、端口三者之间任意一个与当前页面url不同即为跨域

由于浏览器具有“同源策略”的限制。
	如果在同一个域下发送ajax请求,浏览器的同源策略不会阻止。
	如果在不同域下发送ajax,浏览器的同源策略会阻止。

限制ajax请求
	一个域名两个端口访问时就得加端口,IP:端口

举例:

访问http:/www.xxxx.com,返回一个页面,页面上有按钮这个按钮可以发送ajax请求到其他网站获取数据,请求的网站是http:/api.xxxx.com. 这个网站和http:/www.xxxx.com不是同一个域,可以送出请求,访问的网站也有响应给浏览器,但浏览器有同源策略,当访问走到nginx的时候,就会报错,


+ 域相同,永远不会存在跨域。
  + crm,非前后端分离,没有跨域。
  + 路飞学城,前后端分离,没有跨域(之前有,现在没有)。
+ 域不同时,才会存在跨域。
  + 拉勾网,前后端分离,存在跨域(设置响应头解决跨域)

解决跨域:CORS

本质在数据返回值设置响应头

from django.shortcuts import render,HttpResponse

def json(request):
    response = HttpResponse("JSONasdfasdf")
    response['Access-Control-Allow-Origin'] = "*"
    return response
    

跨域时,发送了2次请求?

在跨域时,发送的请求会分为两种:

  • 简单请求,发一次请求。

    设置响应头就可以解决
    from django.shortcuts import render,HttpResponse
    
    def json(request):
        response = HttpResponse("JSONasdfasdf")
        response['Access-Control-Allow-Origin'] = "*"
        return response
    
    
  • 复杂请求,发两次请求。

    • 预检

    • 请求

    @csrf_exempt
    def put_json(request):
        response = HttpResponse("JSON复杂请求")
        if request.method == 'OPTIONS':
            # 处理预检
            response['Access-Control-Allow-Origin'] = "*"
            response['Access-Control-Allow-Methods'] = "PUT"
            return response
        elif request.method == "PUT":
            return response
    
条件:
    1、请求方式:HEAD、GET、POST
    2、请求头信息:
        Accept
        Accept-Language
        Content-Language
        Last-Event-ID
        Content-Type 对应的值是以下三个中的任意一个
                                application/x-www-form-urlencoded
                                multipart/form-data
                                text/plain
 
注意:同时满足以上两个条件时,则是简单请求,否则为复杂请求

DRF的访问频率限制

  • 频率限制在认证、权限之后

  • 知识点

    {
    	throttle_anon_1.1.1.1:[100121340,],
    	1.1.1.2:[100121251,100120450,]
    }
    
    
    限制:60s能访问3次
    来访问时:
    	1.获取当前时间 100121280
    	2.100121280-60 = 100121220,小于100121220所有记录删除
    	3.判断1分钟以内已经访问多少次了? 4 
    	4.无法访问
    停一会
    来访问时:
    	1.获取当前时间 100121340
    	2.100121340-60 = 100121280,小于100121280所有记录删除
    	3.判断1分钟以内已经访问多少次了? 0
    	4.可以访问
    

源码

from rest_framework.views import APIView
from rest_framework.response import Response

from rest_framework.throttling import AnonRateThrottle,BaseThrottle

class ArticleView(APIView):
    throttle_classes = [AnonRateThrottle,]
    def get(self,request,*args,**kwargs):
        return Response('文章列表')

class ArticleDetailView(APIView):
    def get(self,request,*args,**kwargs):
        return Response('文章列表')
class BaseThrottle:
    """
    Rate throttling of requests.
    """

    def allow_request(self, request, view):
        """
        Return `True` if the request should be allowed, `False` otherwise.
        """
        raise NotImplementedError('.allow_request() must be overridden')

    def get_ident(self, request):
        """
        Identify the machine making the request by parsing HTTP_X_FORWARDED_FOR
        if present and number of proxies is > 0. If not use all of
        HTTP_X_FORWARDED_FOR if it is available, if not use REMOTE_ADDR.
        """
        xff = request.META.get('HTTP_X_FORWARDED_FOR')
        remote_addr = request.META.get('REMOTE_ADDR')
        num_proxies = api_settings.NUM_PROXIES

        if num_proxies is not None:
            if num_proxies == 0 or xff is None:
                return remote_addr
            addrs = xff.split(',')
            client_addr = addrs[-min(num_proxies, len(addrs))]
            return client_addr.strip()

        return ''.join(xff.split()) if xff else remote_addr

    def wait(self):
        """
        Optionally, return a recommended number of seconds to wait before
        the next request.
        """
        return None


class SimpleRateThrottle(BaseThrottle):
    """
    A simple cache implementation, that only requires `.get_cache_key()`
    to be overridden.

    The rate (requests / seconds) is set by a `rate` attribute on the View
    class.  The attribute is a string of the form 'number_of_requests/period'.

    Period should be one of: ('s', 'sec', 'm', 'min', 'h', 'hour', 'd', 'day')

    Previous request information used for throttling is stored in the cache.
    """
    cache = default_cache
    timer = time.time
    cache_format = 'throttle_%(scope)s_%(ident)s'
    scope = None
    THROTTLE_RATES = api_settings.DEFAULT_THROTTLE_RATES

    def __init__(self):
        if not getattr(self, 'rate', None):
            self.rate = self.get_rate()
        self.num_requests, self.duration = self.parse_rate(self.rate)

    def get_cache_key(self, request, view):
        """
        Should return a unique cache-key which can be used for throttling.
        Must be overridden.

        May return `None` if the request should not be throttled.
        """
        raise NotImplementedError('.get_cache_key() must be overridden')

    def get_rate(self):
        """
        Determine the string representation of the allowed request rate.
        """
        if not getattr(self, 'scope', None):
            msg = ("You must set either `.scope` or `.rate` for '%s' throttle" %
                   self.__class__.__name__)
            raise ImproperlyConfigured(msg)

        try:
            return self.THROTTLE_RATES[self.scope]
        except KeyError:
            msg = "No default throttle rate set for '%s' scope" % self.scope
            raise ImproperlyConfigured(msg)

    def parse_rate(self, rate):
        """
        Given the request rate string, return a two tuple of:
        <allowed number of requests>, <period of time in seconds>
        """
        if rate is None:
            return (None, None)
        num, period = rate.split('/')
        num_requests = int(num)
        duration = {'s': 1, 'm': 60, 'h': 3600, 'd': 86400}[period[0]]
        return (num_requests, duration)

    def allow_request(self, request, view):
        """
        Implement the check to see if the request should be throttled.

        On success calls `throttle_success`.
        On failure calls `throttle_failure`.
        """
        if self.rate is None:
            return True

        # 获取请求用户的IP
        self.key = self.get_cache_key(request, view)
        if self.key is None:
            return True

        # 根据IP获取他的所有访问记录,[]
        self.history = self.cache.get(self.key, [])

        self.now = self.timer()

        # Drop any requests from the history which have now passed the
        # throttle duration
        while self.history and self.history[-1] <= self.now - self.duration:
            self.history.pop()
        if len(self.history) >= self.num_requests:
            return self.throttle_failure()
        return self.throttle_success()

    def throttle_success(self):
        """
        Inserts the current request's timestamp along with the key
        into the cache.
        """
        self.history.insert(0, self.now)
        self.cache.set(self.key, self.history, self.duration)
        return True

    def throttle_failure(self):
        """
        Called when a request to the API has failed due to throttling.
        """
        return False

    def wait(self):
        """
        Returns the recommended next request time in seconds.
        """
        if self.history:
            remaining_duration = self.duration - (self.now - self.history[-1])
        else:
            remaining_duration = self.duration

        available_requests = self.num_requests - len(self.history) + 1
        if available_requests <= 0:
            return None

        return remaining_duration / float(available_requests)


class AnonRateThrottle(SimpleRateThrottle):
    """
    Limits the rate of API calls that may be made by a anonymous users.

    The IP address of the request will be used as the unique cache key.
    """
    scope = 'anon'

    def get_cache_key(self, request, view):
        if request.user.is_authenticated:
            return None  # Only throttle unauthenticated requests.

        return self.cache_format % {
            'scope': self.scope,
            'ident': self.get_ident(request)
        }

自定义频率限制

1573526307873

总结

  1. 如何实现的频率限制

    - 匿名用户,用IP作为用户唯一标记,但如果用户换代理IP,无法做到真正的限制。
    - 登录用户,用用户名或用户ID做标识。
    具体实现:
    	在django的缓存中 = {
            throttle_anon_1.1.1.1:[100121340,],
            1.1.1.2:[100121251,100120450,]
        }
    
    
    DRF中的频率控制基本原理是基于访问次数和时间的,当然我们可以通过自己定义的方法来实现。
    
    当我们请求进来,走到我们频率组件的时候,DRF内部会有一个字典来记录访问者的IP,
    
    以这个访问者的IP为key,value为一个列表,存放访问者每次访问的时间,
    
    { IP1: [第三次访问时间,第二次访问时间,第一次访问时间],}
    
    把每次访问最新时间放入列表的最前面,记录这样一个数据结构后,通过什么方式限流呢~~
    
    如果我们设置的是10秒内只能访问5次,
    
      -- 1,判断访问者的IP是否在这个请求IP的字典里
    
      -- 2,保证这个列表里都是最近10秒内的访问的时间
    
          判断当前请求时间和列表里最早的(也就是最后的)请求时间的差
    
          如果差大于10秒,说明请求以及不是最近10秒内的,删除掉,
    
          继续判断倒数第二个,直到差值小于10秒
    
      -- 3,判断列表的长度(即访问次数),是否大于我们设置的5次,
    
          如果大于就限流,否则放行,并把时间放入列表的最前面
    

jwt

基本原理:

1573518094244

用于在前后端分离时,实现用户认证相关的一项技术。

一般用户认证有2种方式:

  • token

    用户登录成功之后,生成一个随机字符串,自己保留一分+给前端返回一份。
    
    以后前端再来发请求时,需要携带字符串。
    后端对字符串进行校验。
    
  • jwt

    用户登录成功之后,生成一个随机字符串,给前端。
    	- 生成随机字符串
    		{typ:"jwt","alg":'HS256'}     {id:1,username:'alx','exp':10}
    		98qow39df0lj980945lkdjflo.saueoja8979284sdfsdf.asiuokjd978928374
    		- 类型信息通过base64加密
    		- 数据通过base64加密
    		- 两个密文拼接在h256加密+加盐
    	- 给前端返回
    		98qow39df0lj980945lkdjflo.saueoja8979284sdfsdf.asiuokjd978928375
    
    前端获取随机字符串之后,保留起来。
    以后再来发送请求时,携带98qow39df0lj980945lkdjflo.saueoja8979284sdfsdf.asiuokjd978928375。
    
    
    后端接受到之后,
    	1.先做时间判断
        2.字符串合法性校验。
    

安装

pip3 install djangorestframework-jwt

案例

  • app中注册

    INSTALLED_APPS = [
        'django.contrib.admin',
        'django.contrib.auth',
        'django.contrib.contenttypes',
        'django.contrib.sessions',
        'django.contrib.messages',
        'django.contrib.staticfiles',
        'api.apps.ApiConfig',
        'rest_framework',
        'rest_framework_jwt'
    ]
    
  • 用户登录

    import uuid
    from rest_framework.views import APIView
    from rest_framework.response import Response
    from rest_framework.versioning import URLPathVersioning
    from rest_framework import status
    
    from api import models
    
    class LoginView(APIView):
        """
        登录接口
        """
        def post(self,request,*args,**kwargs):
    
            # 基于jwt的认证
            # 1.去数据库获取用户信息
            from rest_framework_jwt.settings import api_settings
            jwt_payload_handler = api_settings.JWT_PAYLOAD_HANDLER
            jwt_encode_handler = api_settings.JWT_ENCODE_HANDLER
    
            user = models.UserInfo.objects.filter(**request.data).first()
            if not user:
                return Response({'code':1000,'error':'用户名或密码错误'})
    
            payload = jwt_payload_handler(user)
            token = jwt_encode_handler(payload)
            return Response({'code':1001,'data':token})
    
    
  • 用户认证

    from rest_framework.views import APIView
    from rest_framework.response import Response
    
    # from rest_framework.throttling import AnonRateThrottle,BaseThrottle
    
    
    class ArticleView(APIView):
        # throttle_classes = [AnonRateThrottle,]
    
        def get(self,request,*args,**kwargs):
            # 获取用户提交的token,进行一步一步校验
            import jwt
            from rest_framework import exceptions
            from rest_framework_jwt.settings import api_settings
            jwt_decode_handler = api_settings.JWT_DECODE_HANDLER
    
            jwt_value = request.query_params.get('token')
            try:
                payload = jwt_decode_handler(jwt_value)
            except jwt.ExpiredSignature:
                msg = '签名已过期'
                raise exceptions.AuthenticationFailed(msg)
            except jwt.DecodeError:
                msg = '认证失败'
                raise exceptions.AuthenticationFailed(msg)
            except jwt.InvalidTokenError:
                raise exceptions.AuthenticationFailed()
            print(payload)
    
            return Response('文章列表')
    
    

    使用

    举例

    有文章,评论,订单视图,当匿名用户访问时文章可以访问,评论可以访问,添加评论需要认证,订单全部要认证,并且给访问文章页面加频率限制

    # url.py
    
    from django.conf.urls import url
    from .views import account
    from .views import article
    from .views import comment
    from .views import order
    
    urlpatterns = [
        url(r'^login/$',account.LoginView.as_view()),
        url(r'^article/$',article.ArticleAPIView.as_view()),
        url(r'^comment/$',comment.CommentAPIView.as_view()),
        url(r'^order/$',order.OrderAPIView.as_view()),
    
    ]
    
    
    
    
    # account.py
    
    from rest_framework.views import APIView
    from rest_framework.response import Response
    from api import models
    from rest_framework_jwt.settings import api_settings
    
    class LoginView(APIView):
        authentication_classes = []
        def post(self,request,*args,**kwargs):
            user = models.UserInfo.objects.filter(username=request.data.get('username'),password=request.data.get('password')).first()
            if not user:
                return Response('用户名或密码错误')
            jwt_payload_handler = api_settings.JWT_PAYLOAD_HANDLER
            payload = jwt_payload_handler(user)
    
            jwt_encode_handler = api_settings.JWT_ENCODE_HANDLER
            token= jwt_encode_handler(payload)
            return Response({'code':10000,'data':token})
    
    
    # auth.py
    import jwt
    from rest_framework import exceptions
    from rest_framework.authentication import BaseAuthentication
    from rest_framework_jwt.settings import api_settings
    from api import models
    
    class HulaQueryParamAuthentication(BaseAuthentication):
        def authenticate(self, request):
            """
            # raise Exception(), 不在继续往下执行,直接返回给用户。
            # return None ,本次认证完成,执行下一个认证
            # return ('x',"x"),认证成功,不需要再继续执行其他认证了,继续往后权限、节流、视图函数
            """
            token = request.query_params.get('token')
            if not token:
                raise exceptions.AuthenticationFailed({'code':10002,'error':"登录成功之后才能操作"})
    
            jwt_decode_handler = api_settings.JWT_DECODE_HANDLER
            try:
                payload = jwt_decode_handler(token)
            except jwt.ExpiredSignature:
                raise exceptions.AuthenticationFailed({'code':10003,'error':"token已过期"})
            except jwt.DecodeError:
                raise exceptions.AuthenticationFailed({'code':10004,'error':"token格式错误"})
            except jwt.InvalidTokenError:
                raise exceptions.AuthenticationFailed({'code':10005,'error':"认证失败"})
    
            jwt_get_username_from_payload = api_settings.JWT_PAYLOAD_GET_USERNAME_HANDLER
            username = jwt_get_username_from_payload(payload)
            user_object = models.UserInfo.objects.filter(username=username).first()
            return (user_object,token)
    
    
    # article.py , comment.py , order.py
    from rest_framework.views import APIView
    from rest_framework.response import Response
    from rest_framework.throttling import AnonRateThrottle #频率
    
    #文章
    class ArticleAPIView(APIView):
        throttle_classes = [AnonRateThrottle, ]   #频率
    
        def get(self,request,*args,**kwargs):
    
            return Response('文章列表')
    
        def get_authenticators(self):
            if self.request.method == 'GET':
                return [] #不需要认证就加[]
            
    # 评论
    class CommentAPIView(APIView):
    
        def get(self,request,*args,**kwargs):
            return Response('评论列表')
    
        def post(self,request,*args,**kwargs):
            return Response('添加评论')
    
        def get_authenticators(self):
            if self.request.method == 'GET':
                return []
            elif self.request.method == 'POST':
                return super().get_authenticators()  #执行父类的get_authenticators()会在settings中找DEFAULT_AUTHENTICATION_CLASSES
            
     # 订单
     class OrderAPIView(APIView):
    
        def get(self, request, *args, **kwargs):
            return Response('订单列表')
    
        def post(self, request, *args, **kwargs):
            return Response('添加订单')
    
    
  

  
  ```python 
  # settings.py
  import datetime
  REST_FRAMEWORK = {
      "DEFAULT_VERSIONING_CLASS":"rest_framework.versioning.URLPathVersioning",
      "ALLOWED_VERSIONS":['v1','v2'],#版本
      "DEFAULT_AUTHENTICATION_CLASSES":['api.extensions.auth.HulaQueryParamAuthentication',],
      "DEFAULT_THROTTLE_RATES":{
          "anon":'10/m' #1分钟访问3次
      }
  }
  
  JWT_AUTH={
      'JWT_EXPIRATION_DELTA': datetime.timedelta(minutes=10), #token过期时间
  }

posted @ 2019-11-22 16:02  corei5tj  阅读(894)  评论(0编辑  收藏  举报