1、中间件的概念
中间件顾名思义,是介于request与response处理之间的一道处理过程,相对比较轻量级,并且在全局上改变django的输入与输出。因为改变的是全局,所以需要谨慎实用,用不好会影响到性能。
Django的中间件的定义:
Middleware is a framework of hooks into Django’s request/response processing.
It’s a light, low-level “plugin” system for globally altering Django’s input or output.
如果你想修改请求,例如被传送到view中的HttpRequest对象。 或者你想修改view返回的HttpResponse对象,这些都可以通过中间件来实现。
可能你还想在view执行之前做一些操作,这种情况就可以用 middleware来实现。
Django 默认的Middleware
:
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
3、自定义中间件
中间件中一共有四个方法:
process_requestprocess_viewprocess_exceptionprocess_response
(1)添加process_request 请求方法
(2)添加到settings
(3)添加process_response响应方法
(4)添加中断
(5)process_view
process_view(self, request, callback, callback_args, callback_kwargs)
midware1 也添加 视图
去掉 return
执行call_back 函数,实质就是执行 view视图函数
(6)process_exception 异常函数
当views出现错误时
django自带的报错页面
自定义这样的views视图错误
捕获顺序
mid1捕获异常,返回页面,mid2 不捕获
如果 mid1不捕获,mid2捕获
3、完整代码
url
from django.contrib import admin
from django.urls import path, re_path
from app01 import viewsurlpatterns = [
path('admin/', admin.site.urls),
re_path(r"^index/$", views.index, name="index")
]
view视图
from django.shortcuts import render, HttpResponsedef index(request):
print("index ......")
yuna
return HttpResponse("index页面")
my_middlewares.py 自定义中间件
from django.utils.deprecation import MiddlewareMixin
from django.shortcuts import HttpResponse, render # Httprespnse对象# 自定义中间件
class MyMiddleware(MiddlewareMixin): # 继承MiddlewareMixin def process_request(self, request):
print("MyMiddleware 请求...")
# return HttpResponse("forbidden 禁止") # 被禁止的 def process_view(self, request, callback, callback_args, callback_kwargs):
print("MyMiddleware 视图") # return HttpResponse("视图 000") def process_exception(self, request, exception):
print("MyMiddleware 异常")
# return HttpResponse("md1 hello yuan" ) def process_response(self, request, response):
print("MyMiddleware 响应!!!")
return responseclass MyMiddleware2(MiddlewareMixin):
def process_request(self, request):
print("MyMiddleware222 请求...") def process_view(self, request, callback, callback_args, callback_kwargs):
# print("+++++++>>", callback(callback_args))
print("MyMiddleware22 视图")
# ret = callback(callback_args)
# return ret def process_exception(self, request, exception):
print("MyMiddleware222 异常")
return HttpResponse("<h1>mid2 %s<h1>" % exception) def process_response(self, request, response):
print("MyMiddleware22 响应!!!")
return response
settings中引入自定义中间件
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'app01.my_middlewares.MyMiddleware',
'app01.my_middlewares.MyMiddleware2',
]
4、中间件应用之用户认证
通过中间件实现装饰器 @login_required 用户认证
(1)用户认证组件实现
url
from django.contrib import admin
from django.urls import path, re_path
from app01 import viewsurlpatterns = [
path('admin/', admin.site.urls),
re_path(r"^login/$", views.login, name='login'),
re_path(r"^index/$", views.index, name='index'),
re_path(r"^order/$", views.order, name='order'),
re_path(r"^logout/$", views.logout, name='logout'),
re_path(r"^reg/$", views.reg, name='reg'),
]
views
from django.shortcuts import render, redirect
from django.contrib import auth # auth认证模块
from django.contrib.auth.decorators import login_required # 装饰器登录模块
from django.contrib.auth.models import User # 导入auth_user表对象
# Create your views here.def login(request):
if request.method == 'POST':
user = request.POST.get("user")
pwd = request.POST.get("pwd") user = auth.authenticate(username=user, password=pwd) # 用户认证下
if user:
auth.login(request, user) # request.user == user 当前登录用户对象 next_url = request.GET.get("next_url", "/index/")
return redirect(next_url) return render(request, "login.html")@login_required
def index(request): return render(request, "index.html")@login_required
def order(request): return render(request, "order.html")def logout(request):
auth.logout(request) return redirect("/login/")def reg(request):
if request.method == "POST":
user = request.POST.get("user")
pwd = request.POST.get("pwd")
user_obj = User.objects.create_user(username=user,password=pwd)
return redirect("/login/") return render(request, 'reg.html')
settings
# 添加
LOGIN_URL = "/login/"
注册html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body><h3>注册页面</h3>
<form action="" method="post">
{% csrf_token %}
useranme <input type="text" name="user">
password <input type="text" name="pwd">
<input type="submit" value="注册">
</form></body>
</html>
登录
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body><h3>登录页面</h3>
<form action="" method="post">
{% csrf_token %}
username <input type="text" name="user">
password <input type="text" name="pwd">
<input type="submit" value="登录">
</form></body>
</html><!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body><h3>登录页面</h3>
<form action="" method="post">
{% csrf_token %}
username <input type="text" name="user">
password <input type="text" name="pwd">
<input type="submit" value="登录">
</form></body>
</html>
index
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<h3>index页面</h3>
<h3>hi {{ request.user.username }}</h3>
<a href="/order/" rel="external nofollow" >前往order页面</a>
<a href="/logout/" rel="external nofollow" >注销</a>
</body>
</html>
order
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<h3>order 页面</h3>
<h3>hi {{ request.user.username }}</h3>
<a href="/index/" rel="external nofollow" >前往index页面</a></body>
</html>
数据迁移
C:\PycharmProjects\authorMid>python manage.py makemigrations
C:\PycharmProjects\authorMid>python manage.py migrate
注销后返回login页面
没有认证,不能访问index,order
(2)中间件实现 @login_required
用户认证中间件my_middlewares
from django.utils.deprecation import MiddlewareMixin
from django.shortcuts import redirect
from authorMid import settingsclass AuthMiddleware(MiddlewareMixin): def process_request(self,request):
white_list = settings.WHITE_LIST
if request.path in white_list:
return None
if not request.user.is_authenticated:
return redirect("/login/")
settings添加中间件
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'app01.my_middlewares.AuthMiddleware',
]LOGIN_URL = "/login/"# 设置白名单
WHITE_LIST = ["/login/", "/reg/", "/logout/"]
views
from django.shortcuts import render, redirect, HttpResponse
from django.contrib import auth # auth认证模块
from django.contrib.auth.decorators import login_required # 装饰器登录模块
from django.contrib.auth.models import User # 导入auth_user表对象
# Create your views here.def login(request):
if request.method == 'POST':
user = request.POST.get("user")
pwd = request.POST.get("pwd") user = auth.authenticate(username=user, password=pwd) # 用户认证下
if user:
auth.login(request, user) # request.user == user 当前登录用户对象 next_url = request.GET.get("next_url", "/index/")
return redirect(next_url) return render(request, "login.html")# @login_required
def index(request): return render(request, "index.html")# @login_required
def order(request): return render(request, "order.html")def logout(request):
auth.logout(request) return redirect("/login/")def reg(request):
if request.method == "POST":
user = request.POST.get("user")
pwd = request.POST.get("pwd")
user_obj = User.objects.create_user(username=user,password=pwd)
return redirect("/login/") return render(request, 'reg.html')
5、应用案例
1、做IP访问频率限制
某些IP访问服务器的频率过高,进行拦截,比如限制每分钟不能超过20次。
2、URL访问过滤
如果用户访问的是login视图(放过)
如果访问其他视图,需要检测是不是有session认证,已经有了放行,没有返回login,这样就省得在多个视图函数上写装饰器了!
6、源码试读
作为延伸扩展内容,有余力的同学可以尝试着读一下以下两个自带的中间件:
'django.contrib.sessions.middleware.SessionMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',