一、基本流程
rest_framework框架是基於CBV基礎開發的(VPIView(View)),所以基本流程與CBV流程相似
當我們的請求發來后,會走as_views,執行view里面的方法,最開始都要執行dispatch方法
urls.py
url(r'^books/$', views.BookViews.as_view())
views.py
class BookViews(APIView):
def get(self,request,*args,**kwargs):
passdef post(self,request,*args,**kwargs):
pass
當請求進來時首先進入as_view()
APIView類中的as_view(),
class APIView(View):
@classmethod
def as_view(cls, **initkwargs):
"""
Store the original class on the view function.
This allows us to discover information about the view when we do URL
reverse lookups. Used for breadcrumb generation.
"""
if isinstance(getattr(cls, 'queryset', None), models.query.QuerySet):
def force_evaluation():
raise RuntimeError(
'Do not evaluate the `.queryset` attribute directly, '
'as the result will be cached and reused between requests. '
'Use `.all()` or call `.get_queryset()` instead.'
)
cls.queryset._fetch_all = force_evaluation
view = super(APIView, cls).as_view(**initkwargs) #執行父類(view)的as_view()
view.cls = cls
view.initkwargs = initkwargs
# Note: session based authentication is explicitly CSRF validated,
# all other authentication is CSRF exempt.
return csrf_exempt(view)
進入原生View類中
class View(object):
http_method_names = ['get', 'post', 'put', 'patch', 'delete', 'head', 'options', 'trace']
def __init__(self, **kwargs):
for key, value in six.iteritems(kwargs):
setattr(self, key, value)
@classonlymethod
def as_view(cls, **initkwargs):
def view(request, *args, **kwargs):
self = cls(**initkwargs)
if hasattr(self, 'get') and not hasattr(self, 'head'):
self.head = self.get
self.request = request
self.args = args
self.kwargs = kwargs
return self.dispatch(request, *args, **kwargs) #執行dispatch()(走APIView中的dispatch())
view.view_class = cls
view.view_initkwargs = initkwargs
# take name and docstring from class
update_wrapper(view, cls, updated=())
# and possible attributes set by decorators
# like csrf_exempt from dispatch
update_wrapper(view, cls.dispatch, assigned=())
return view
所以訪問views中的類是先執行dispatch方法(如果自己定義了則走自己的dispatch()),然后再用調用 其他方法
APIView中的dispatch():
def dispatch(self, request, *args, **kwargs):
"""
`.dispatch()` is pretty much the same as Django's regular dispatch,
but with extra hooks for startup, finalize, and exception handling.
"""
self.args = args
self.kwargs = kwargs
1.#執行此方法
request = self.initialize_request(request, *args, **kwargs)
def initialize_request(self, request, *args, **kwargs):
"""
Returns the initial request object.
"""
parser_context = self.get_parser_context(request)
#對request進行二次封裝,增加了一些功能,放入到rest_framerwork中Request中
# 原來request對象,django.core.handlers.wsgi.WSGIRequest
# 現在的request對象,rest_framework.request.Request return Request(
request,
parsers=self.get_parsers(),
authenticators=self.get_authenticators(),#用於用戶認證,為一個列表
negotiator=self.get_content_negotiator(), parser_context=parser_context )
將這些東西前部都封裝在rest_framework的Resquest中,並返回她的對象request,從這以后我們調用的request對象不再是Django提供的request對象了,而是APIView的Resquest的對象,
self.request = request
self.headers = self.default_response_headers # deprecate?
try:
#2.處理版本信息 處理認證信息 處理權限信息 對用戶的訪問頻率進行限制
self.initial(request, *args, **kwargs)
def initial(self, request, *args, **kwargs):
"""
Runs anything that needs to occur prior to calling the method handler.
"""
self.format_kwarg = self.get_format_suffix(**kwargs)
# Perform content negotiation and store the accepted info on the request
neg = self.perform_content_negotiation(request)
request.accepted_renderer, request.accepted_media_type = neg
# Determine the API version, if versioning is in use.
#版本
version, scheme = self.determine_version(request, *args, **kwargs)
request.version, request.versioning_scheme = version, scheme
# Ensure that the incoming request is permitted
#認證
self.perform_authentication(request)
#權限
self.check_permissions(request)
#訪問頻率
self.check_throttles(request)
# Get the appropriate handler method
#3 根據用戶提交的請求方法利用反射得到請求方式
if request.method.lower() in self.http_method_names:
handler = getattr(self, request.method.lower(),
self.http_method_not_allowed)
else:
handler = self.http_method_not_allowed
#調用具體的方法做具體的操作
response = handler(request, *args, **kwargs)
except Exception as exc:
response = self.handle_exception(exc)
#4.將處理后的response包裝
self.response = self.finalize_response(request, response, *args, **kwargs)
return self.response
二、處理認證的具體分析
當diapatch方法進行到第一步時,我們調用了initialize_request方法將request等封裝在Request中頂返回其對象,
def dispatch(self, request, *args, **kwargs):
"""
`.dispatch()` is pretty much the same as Django's regular dispatch,
but with extra hooks for startup, finalize, and exception handling.
"""
self.args = args
self.kwargs = kwargs
request = self.initialize_request(request, *args, **kwargs)
self.request = request
self.headers = self.default_response_headers # deprecate?
try:
self.initial(request, *args, **kwargs)
# Get the appropriate handler method
if request.method.lower() in self.http_method_names:
handler = getattr(self, request.method.lower(),
self.http_method_not_allowed)
else:
handler = self.http_method_not_allowed
response = handler(request, *args, **kwargs)
except Exception as exc:
response = self.handle_exception(exc)
self.response = self.finalize_response(request, response, *args, **kwargs)
return self.response
authenticators=self.get_authenticators() #用於用戶認證 是一個由authentication對象組成的列表
def get_authenticators(self):
"""
Instantiates and returns the list of authenticators that this view can use.
"""
return [auth() for auth in self.authentication_classes]
authentication_classes為一個authentication類組成的列表,他默認是調用
authentication_classes = api_settings.DEFAULT_AUTHENTICATION_CLASSES
當然我們一般是自己定義或者配置到settings中,至此我們的得到authentication對象的列表,其封裝在Request對象中,
接的執行第二步
#2.處理版本信息 處理認證信息 處理權限信息 對用戶的訪問頻率進行限制
self.initial(request, *args, **kwargs)
#2.2處理認證信息
self.perform_authentication(request)
查看perform_authentication的源碼如下
def perform_authentication(self, request):
"""
Perform authentication on the incoming request.
Note that if you override this and simply 'pass', then authentication
will instead be performed lazily, the first time either
`request.user` or `request.auth` is accessed.
"""
request.user
其調用了rest_framework中Request的user方法(這個方法肯定別@property裝飾(靜態方法),不然的話不可能直接不加括號的調用)
from rest_framework.request import Request
Request類中的user方法
@property
def user(self):
"""
Returns the user associated with the current request, as authenticated
by the authentication classes provided to the request.
"""
#判斷當前類中是否有已經認證過的user
if not hasattr(self, '_user'):
#沒有認證則去認證
self._authenticate()
#認證過了直接返回
return self._user
注意:user中的self代表的是request對象
沒認證的話執行 調用Request類中的_authenticate()方法
def _authenticate(self):
"""
Attempt to authenticate the request using each authentication instance
in turn.
"""
#遍歷request對象中封裝的Authentication對象
for authenticator in self.authenticators:
try:
#調用Authentication對象中的authenticate方法,必須要有這個方法不然拋出異常
#當然Authentication類一般有我們自己定義,實現這個方法就可以了
user_auth_tuple = authenticator.authenticate(self)
except exceptions.APIException:
self._not_authenticated()
raise
if user_auth_tuple is not None:
self._authenticator = authenticator
self.user, self.auth = user_auth_tuple
return
self._not_authenticated()
局部認證
auth.py
# 局部認證
from ..models import *
from rest_framework.authentication import BaseAuthentication
from rest_framework import exceptions
class MyAuthenticate(BaseAuthentication):
def authenticate(self,request):
token=request._request.GET.get("token")
print("token",token)
user_token_obj=UserToken.objects.filter(token=token).first()
if user_token_obj:
# 必須返回元祖request.user=user_token_obj, request.auth=token
return user_token_obj,token
else:
raise exceptions.AuthenticationFailed("校驗失敗")
view.py
class BookViewsSet(viewsets.ModelViewSet):
# 認證
authentication_classes=[MyAuthenticate]
queryset = Book.objects.all()
serializer_class = BookModelSerializer(序列化)
全局認證
settings.py
REST_FRAMEWORK={
"DEFAULT_AUTHENTICATION_CLASSES": ["api.servise.auth.MyAuthenticate"],
}
auth.py
# 局部認證
from ..models import *
from rest_framework.authentication import BaseAuthentication
from rest_framework import exceptions class MyAuthenticate(BaseAuthentication): def authenticate(self,request): token=request._request.GET.get("token") print("token",token) user_token_obj=UserToken.objects.filter(token=token).first() if user_token_obj: # 必須返回元祖request.user=user_token_obj, request.auth=token return user_token_obj,token else: raise exceptions.AuthenticationFailed("校驗失敗")
待續
