参考:
https://python-programming.courses/recipes/django-require-authentication-pages/
即通过中间件来做AOP拦截。不用每个函数每个类加修饰器/MixIn。
1. 在某个处理用户相关的模块中添加middleware.py, 内容如下:
from django.http import HttpResponseRedirect from django.conf import settings from re import compile EXEMPT_URLS = [compile(settings.LOGIN_URL.lstrip('/'))] if hasattr(settings, 'LOGIN_EXEMPT_URLS'): EXEMPT_URLS += [compile(expr) for expr in settings.LOGIN_EXEMPT_URLS] class LoginRequiredMiddleware: """ Middleware that requires a user to be authenticated to view any page other than LOGIN_URL. Exemptions to this requirement can optionally be specified in settings via a list of regular expressions in LOGIN_EXEMPT_URLS (which you can copy from your urls.py). Requires authentication middleware and template context processors to be loaded. You'll get an error if they aren't. """ def process_request(self, request): assert hasattr(request, 'user'), "The Login Required middleware requires authentication middleware to be installed. Edit your MIDDLEWARE_CLASSES setting to insert 'django.contrib.auth.middlware.AuthenticationMiddleware'. If that doesn't work, ensure your TEMPLATE_CONTEXT_PROCESSORS setting includes 'django.core.context_processors.auth'." if not request.user.is_authenticated(): path = request.path_info.lstrip('/') if not any(m.match(path) for m in EXEMPT_URLS): return HttpResponseRedirect(settings.LOGIN_URL)
2. 使用此middleware
settings.py 中的 middleware_classes的最后添加一行
MIDDLEWARE_CLASSES = [ ... 'myapplication.middleware.LoginRequiredMiddleware', ]
3. 如果有要放水的url,通过settings.py中添加LOGIN_EXEMPT_URLS(tuple of string)变量设置,例如:
LOGIN_EXEMPT_URLS = ( r'^accounts/signup/$', )