Django Rest Framework
一、rest api
a、api就是接口
如: - http://www.oldboyedu.com/get_user/
- http://www.oldboyedu.com/get_users/
b、api的两个用途
1、为别人提供服务
2、前后端分离
二、restful
a、--字面意思:表征状态转移
b、面向资源编程,对互联网上的任意东西都视为资源
如:- http://www.oldboyedu.com/get_user/
- http://www.oldboyedu.com/get_img/1.png
普通的API:
如:
姑娘列表: http://www.oldboyedu.com/get_girls/ http://www.oldboyedu.com/add_girl/ http://www.oldboyedu.com/del_girl/1/ http://www.oldboyedu.com/update_girl/1/
restful api:
姑娘列表: http://www.oldboyedu.com/girls/ GET: 获取 POST: 添加 PUT: 更新 DELETE:删除
三、restful规范
---URL
---url名词
路径,视网络上任何东西都是资源,均使用名词表示(可复数) https://api.example.com/v1/zoos https://api.example.com/v1/animals https://api.example.com/v1/employees
---status状态码
200 OK - [GET]:服务器成功返回用户请求的数据,该操作是幂等的(Idempotent)。 201 CREATED - [POST/PUT/PATCH]:用户新建或修改数据成功。 202 Accepted - [*]:表示一个请求已经进入后台排队(异步任务) 204 NO CONTENT - [DELETE]:用户删除数据成功。 400 INVALID REQUEST - [POST/PUT/PATCH]:用户发出的请求有错误,服务器没有进行新建或修改数据的操作,该操作是幂等的。 401 Unauthorized - [*]:表示用户没有权限(令牌、用户名、密码错误)。 403 Forbidden - [*] 表示用户得到授权(与401错误相对),但是访问是被禁止的。 404 NOT FOUND - [*]:用户发出的请求针对的是不存在的记录,服务器没有进行操作,该操作是幂等的。 406 Not Acceptable - [GET]:用户请求的格式不可得(比如用户请求JSON格式,但是只有XML格式)。 410 Gone -[GET]:用户请求的资源被永久删除,且不会再得到的。 422 Unprocesable entity - [POST/PUT/PATCH] 当创建一个对象时,发生一个验证错误。 500 INTERNAL SERVER ERROR - [*]:服务器发生错误,用户将无法判断发出的请求是否成功。 更多看这里:http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
---提交方式
- GET :从服务器取出资源(一项或多项)
- POST :在服务器新建一个资源
- PUT :在服务器更新资源(客户端提供改变后的完整资源)
- PATCH :在服务器更新资源(客户端提供改变的属性)
- DELETE :从服务器删除资源
---错误信息
状态码是4xx时,应返回错误信息,error当做key。 { error: "Invalid API key" }
---版本
URL,如:https://api.example.com/v1/ 请求头 跨域时,引发发送多次请求
---Hypermedia link,RESTful API最好做到Hypermedia,即返回结果中提供链接,连向其他API方法,使得用户不查文档,也知道下一步应该做什么。
{"link": { "rel": "collection https://www.example.com/zoos", "href": "https://api.example.com/zoos", "title": "List of zoos", "type": "application/vnd.yourformat+json" }}
---域名
https://api.example.com 尽量将API部署在专用域名(会存在跨域问题) https://example.org/api/ API很简单
---过滤,通过在url上传参的形式传递搜索条件
https://api.example.com/v1/zoos?limit=10:指定返回记录的数量 https://api.example.com/v1/zoos?offset=10:指定返回记录的开始位置 https://api.example.com/v1/zoos?page=2&per_page=100:指定第几页,以及每页的记录数 https://api.example.com/v1/zoos?sortby=name&order=asc:指定返回结果按照哪个属性排序,以及排序顺序 https://api.example.com/v1/zoos?animal_type_id=1:指定筛选条件
---返回结果,针对不同操作,服务器向用户返回的结果应该符合以下规范
GET /collection:返回资源对象的列表(数组) GET /collection/resource:返回单个资源对象 POST /collection:返回新生成的资源对象 PUT /collection/resource:返回完整的资源对象 PATCH /collection/resource:返回完整的资源对象 DELETE /collection/resource:返回一个空文档
- 姑娘: 方式一: http://www.oldboyedu.com/girls/ http://www.oldboyedu.com/girls/1/ GET: 获取 POST: 添加 PUT: 更新 DELETE:删除 方式二: http://www.oldboyedu.com/girls/ - 姑娘列表 http://www.oldboyedu.com/girl/1/ - 单独一个
四、基于Django做API
---FBV
---CBV
路由系统:
from django.conf.urls import url
from django.contrib import admin
from app01 import views
urlpatterns = [
url(r'^admin/', admin.site.urls),
url(r'^users/', views.users),
url(r'^user/(\d+)', views.user),
]
FBV视图:
from django.shortcuts import render,HttpResponse
import json
def users(request):
response = {'code':1000,'data':None}
response['data'] = [
{'name':'lg','age':19},
{'name':'mqj','age':20},
{'name':'wxp','age':5},
]
return HttpResponse(json.dumps(response),status=200)
def user(request,pk):
if request.method == "GET":
return HttpResponse(json.dumps({'name':'lg','age':19}))
elif request.method == "POST":
return HttpResponse(json.dumps({'code':1111}))
elif request.method == "PUT":
pass
elif request.method == "DELETE":
pass
CBV:
路由系统:
from django.conf.urls import url from django.contrib import admin from app01 import views urlpatterns = [ url(r'^admin/', admin.site.urls), url(r'^users/', views.UsersView.as_view()), url(r'^user/(\d+)', views.UserView.as_view()), 】
CBV视图:
from django.shortcuts import render,HttpResponse from django.views import View import json class UsersView(View): def get(self,request): response = {'code': 1000, 'data': None} response['data'] = [ {'name': 'lg', 'age': 19}, {'name': 'mqj', 'age': 20}, {'name': 'wxp', 'age': 5}, ] return HttpResponse(json.dumps(response), status=200) class UserView(View): def dispatch(self, request, *args, **kwargs): # method = request.method.lower() # func = getattr(self,method) # ret = func() # return ret ret = super(UserView,self).dispatch(request,*args, **kwargs) return ret def get(self,request,pk): print(request,type(request)) return HttpResponse(json.dumps({'name': 'lg', 'age': 19})) def post(self,request,pk): return HttpResponse(json.dumps({'name': 'lg', 'age': 19})) def put(self,request,pk): return HttpResponse(json.dumps({'name': 'lg', 'age': 19})) def delete(self,request,pk): return HttpResponse(json.dumps({'name': 'lg', 'age': 19}))
五、 基于Django Rest Framework框架实现
a、安装:pip3 install djangorestframework -i http://pypi.douban.com/simple/ --trusted-host=pypi.douban.com
b、基本流程
url.py from django.conf.urls import url, include from web.views.s1_api import TestView urlpatterns = [ url(r'^test/', TestView.as_view()), ]
views.py
from rest_framework.views import APIView from rest_framework.response import Response class TestView(APIView): def dispatch(self, request, *args, **kwargs): """ 请求到来之后,都要执行dispatch方法,dispatch方法根据请求方式不同触发 get/post/put等方法 注意:APIView中的dispatch方法有好多好多的功能 """ return super().dispatch(request, *args, **kwargs) def get(self, request, *args, **kwargs): return Response('GET请求,响应内容') def post(self, request, *args, **kwargs): return Response('POST请求,响应内容') def put(self, request, *args, **kwargs): return Response('PUT请求,响应内容')
c、基于Token的用户认证
url.py:
from django.conf.urls import url from django.contrib import admin from app01 import views from app02 import views as app02_view urlpatterns = [ # django rest framework url(r'^auth/', app02_view.AuthView.as_view()), url(r'^hosts/', app02_view.HostView.as_view()), ]
views.py
from django.views import View from rest_framework.views import APIView from rest_framework.authentication import SessionAuthentication from rest_framework.authentication import BasicAuthentication from rest_framework.authentication import BaseAuthentication from rest_framework.request import Request from rest_framework.exceptions import APIException from rest_framework.response import Response from app02 import models import hashlib import time # class MyBasicAuthentication(BasicAuthentication): # def authenticate_credentials(self, userid, password, request=None): # if userid == 'alex' and password == '123': # return ('alex','authaaaaaaaaaaaa') # raise APIException('认证失败') class AuthView(APIView): authentication_classes=[] def get(self,request): """ 接收用户名和密码 :param request: :return: """ ret = {'code':1000,'msg':None} user = request.query_params.get('user') pwd = request.query_params.get('pwd') obj = models.UserInfo.objects.filter(username=user,password=pwd).first() if not obj: ret['code'] = 1001 ret['msg'] = "用户名或密码错误" return Response(ret) # 创建随机字符串 ctime = time.time() key = "%s|%s" %(user,ctime) m = hashlib.md5() m.update(key.encode('utf-8')) token = m.hexdigest() # 保存到数据 obj.token = token obj.save() ret['token'] = token return Response(ret) class HostView(APIView): def get(self,request,*args,**kwargs): # 原来request对象,django.core.handlers.wsgi.WSGIRequest # 现在的request对象,rest_framework.request.Request\ self.dispatch print(request.user) print(request.auth) return Response('主机列表')
django-rest-framework - 认证 - 局部 class MyAuthentication(BaseAuthentication): def authenticate(self, request): # return None ,我不管 token = request.query_params.get('token') obj = models.UserInfo.objects.filter(token=token).first() if obj: return (obj.username,obj) raise APIException('用户认证失败') class AuthView(APIView): authentication_classes=[MyAuthentication,] - 全局 #配置文件 REST_FRAMEWORK = { 'UNAUTHENTICATED_USER': None, 'UNAUTHENTICATED_TOKEN': None, "DEFAULT_AUTHENTICATION_CLASSES": [ "app02.utils.MyAuthentication", ], } class HostView(APIView): def get(self,request,*args,**kwargs): # 原来request对象,django.core.handlers.wsgi.WSGIRequest # 现在的request对象,rest_framework.request.Request print(request.user) print(request.auth) return HttpResponse('主机列表')