认证组件
# 以后,有的接口需要登录后才能访问,有的接口,不登录就能访问
-登录认证的限制
# 写一个登录接口,返回token,以后只要带着token过来,就是登录了,不带,就没有登录
# 查询所有不需要登录就能访问
# 查询单个,需要登录才能访问
认证组件使用步骤
# 1 写一个认证类,继承BaseAuthentication
# 2 重写authenticate方法,在该方法在中实现登录认证:token在哪带的?如何认证它是登录的
# 3 如果认证成功,返回两个值【返回None或两个值】
# 4 认证不通过,抛异常AuthenticationFailed
# 5 局部使用和全局使用
-局部:只在某个视图类中使用【当前视图类管理的所有接口】
class BookDetailView(ViewSetMixin, RetrieveAPIView):
authentication_classes = [LoginAuth]
-全局:全局所有接口都生效(登录接口不要)
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES':['app01.authenticate.LoginAuth']
}
-局部禁用:
class BookDetailView(ViewSetMixin, RetrieveAPIView):
authentication_classes = []
代码
class BookView(ViewSetMixin, ListAPIView):
queryset = Book.objects.all()
serializer_class = BookSerializer
class BookDetailView(ViewSetMixin, RetrieveAPIView):
queryset = Book.objects.all()
serializer_class = BookSerializer
authentication_classes = [LoginAuth]
class LoginAuth(BaseAuthentication):
def authenticate(self, request):
token = request.query_params.get('token', None)
if token:
user_token = UserToken.objects.filter(token=token).first()
if user_token:
return user_token.user, token
else:
raise AuthenticationFailed('token认证失败')
else:
raise AuthenticationFailed('token没传')
router.register('books', views.BookView, 'books')
router.register('books', views.BookDetailView, 'books')
权限组件
-查询单个需要超级管理员才能访问
-查询所有,所有登录用户都能访问
权限依赖登录,如果没有登录无法验证权限
权限的使用
-局部:只在某个视图类中使用【当前视图类管理的所有接口】
class BookDetailView(ViewSetMixin, RetrieveAPIView):
permission_classes = [CommonPermission]
-全局:全局所有接口都生效
REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES': [
'app01.permissions.CommonPermission',
],
}
-局部禁用:
class BookDetailView(ViewSetMixin, RetrieveAPIView):
permission_classes = []
router = SimpleRouter()
router.register('books',views.BookView,'books')
router.register('books',views.BookDetailView,'books')
class BookView(ViewSetMixin,ListAPIView):
queryset = Book.objects.all()
serializer_class = BookSerializer
from .permissions import CommonPermission
class BookDetailView(ViewSetMixin,RetrieveAPIView):
queryset = Book.objects.all()
serializer_class = BookSerializer
authentication_classes = [LoginAuth]
permission_classes = [CommonPermission]
class CommonPermission(BasePermission):
def has_permission(self, request, view):
if request.user.user_type == 1:
return True
else:
self.message = '您是【%s】,您没有权限' % request.user.get_user_type_display()
return False
频率组件
使用步骤
'DEFAULT_THROTTLE_RATES': {
'book_5_m': '5/m',
},
-局部:只在某个视图类中使用【当前视图类管理的所有接口】
class BookDetailView(ViewSetMixin, RetrieveAPIView):
throttle_classes = [CommonThrottle]
-全局:全局所有接口都生效
REST_FRAMEWORK = {
'DEFAULT_THROTTLE_CLASSES': ['app01.throttling.CommonThrottle'],
}
-局部禁用:
class BookDetailView(ViewSetMixin, RetrieveAPIView):
throttle_classes = []
from rest_framework.throttling import BaseThrottle,SimpleRateThrottle
class CommonThrottle(SimpleRateThrottle):
scope = 'book_5_m'
def get_cache_key(self, request, view):
return request.META.get('REMOTE_ADDR')
过滤排序
# restful规范中,要求了,请求地址中带过滤条件
-5个接口中,只有一个接口需要有过滤和排序,查询所有接口
# 查询 所有图书接口,查询以 红 开头的所有图书
继承APIView 自己写(伪代码,自己补齐)
class BookView(APIView):
def get(self,request):
search=request.query_params.get('search')
books=Book.objects.filter()
内置过滤类的使用【继承GenericAPIView】
from rest_framework.filters import SearchFilter,OrderingFilter
class BookView(ViewSetMixin, ListAPIView):
queryset = Book.objects.all()
serializer_class = BookSerializer
# SearchFilter内置的,固定用法,模糊匹配
# 就有过滤功能了,指定按哪个字段过滤
filter_backends = [SearchFilter]
# search_fields = ['name'] # 可以按名字模糊匹配
search_fields = ['name','price'] # 可以按名字模糊匹配或价格模糊匹配
# 可以使用的搜索方式
http:
# 继承APIView如何写,完全自己写,麻烦,但是清晰
使用第三方djagno-filter实现过滤
# 安装:django-filter
from django_filters.rest_framework import DjangoFilterBackend
class BookView(ViewSetMixin, ListAPIView):
queryset = Book.objects.all()
serializer_class = BookSerializer
permission_classes = []
authentication_classes = []
throttle_classes = []
filter_backends = [DjangoFilterBackend]
filterset_fields = ['name','price'] # 支持完整匹配 name=聊斋11&price=933
# 支持的查询方式
http:
http:
自己定制过滤类实现过滤
# 查询价格大于100的所有图书
http://127.0.0.1:8000/api/v1/books/?price_gt=100
#第一步; 定义一个过滤类,继承BaseFilterBackend,重写filter_queryset方法
class CommonFilter(BaseFilterBackend):
def filter_queryset(self, request, queryset, view):
# 在里面实现过滤,返回qs对象,就是过滤后的数据
price_gt = request.query_params.get('price_gt', None)
if price_gt:
qs = queryset.filter(price__gt=int(price_gt))
return qs
else:
return queryset
# 第二步:配置在视图类上
from .filter import CommonFilter
class BookView(ViewSetMixin, ListAPIView):
queryset = Book.objects.all()
serializer_class = BookSerializer
filter_backends = [CommonFilter] # 可以定制多个,从左往右,依次执行
排序的使用
class BookView(ViewSetMixin, ListAPIView):
queryset = Book.objects.all()
serializer_class = BookSerializer
filter_backends = [OrderingFilter]
ordering_fields = ['price']
http://127.0.0.1:8000/api/v1/books/?ordering=price
http://127.0.0.1:8000/api/v1/books/?ordering=-price
http://127.0.0.1:8000/api/v1/books/?ordering=-id,price
分页
class CommonPageNumberPagination(PageNumberPagination):
page_size = 2
page_query_param = 'page'
page_size_query_param = 'size'
max_page_size = 5
class CommonLimitOffsetPagination(LimitOffsetPagination):
default_limit = 3
limit_query_param = 'limit'
offset_query_param = 'offset'
max_limit = 5
class CommonCursorPagination(CursorPagination):
cursor_query_param = 'cursor'
page_size = 2
ordering = 'id'
class BookView(ViewSetMixin, ListAPIView):
queryset = Book.objects.all()
serializer_class = BookSerializer
permission_classes = []
authentication_classes = []
throttle_classes = []
pagination_class = CommonCursorPagination
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 25岁的心里话
· 闲置电脑爆改个人服务器(超详细) #公网映射 #Vmware虚拟网络编辑器
· 零经验选手,Compose 一天开发一款小游戏!
· 通过 API 将Deepseek响应流式内容输出到前端
· AI Agent开发,如何调用三方的API Function,是通过提示词来发起调用的吗