zoukankan      html  css  js  c++  java

  • 中间件登录验证(白名单,黑名单)

    中间件版的登录验证需要依靠session,所以数据库中要有django_session表。

     urls.py

    from django.conf.urls import url
from app01 import views

urlpatterns = [
    url(r'^index/$', views.index),
    url(r'^login/$', views.login, name='login'),
]

urls.py
    View Code

    views.py

    from django.shortcuts import render, HttpResponse, redirect


def index(request):
    return HttpResponse('this is index')


def home(request):
    return HttpResponse('this is home')


def login(request):
    if request.method == "POST":
        user = request.POST.get("user")
        pwd = request.POST.get("pwd")

        if user == "Q1mi" and pwd == "123456":
            # 设置session
            request.session["user"] = user
            # 获取跳到登陆页面之前的URL
            next_url = request.GET.get("next")
            # 如果有,就跳转回登陆之前的URL
            if next_url:
                return redirect(next_url)
            # 否则默认跳转到index页面
            else:
                return redirect("/index/")
    return render(request, "login.html")

views.py
    View Code

    login,html

    <!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta http-equiv="x-ua-compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title>登录页面</title>
</head>
<body>
<form action="{% url 'login' %}">
    <p>
        <label for="user">用户名:</label>
        <input type="text" name="user" id="user">
    </p>
    <p>
        <label for="pwd">密 码:</label>
        <input type="text" name="pwd" id="pwd">
    </p>
    <input type="submit" value="登录">
</form>
</body>
</html>

login.html
    View Code

    middlewares.py

    class AuthMD(MiddlewareMixin):
    white_list = ['/login/', ]  # 白名单
    balck_list = ['/black/', ]  # 黑名单

    def process_request(self, request):
        from django.shortcuts import redirect, HttpResponse

        next_url = request.path_info
        print(request.path_info, request.get_full_path())

        if next_url in self.white_list or request.session.get("user"):
            return
        elif next_url in self.balck_list:
            return HttpResponse('This is an illegal URL')
        else:
            return redirect("/login/?next={}".format(next_url))
    View Code

    settings.py

    MIDDLEWARE = [
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'middlewares.AuthMD',
]
    View Code

    AuthMD中间件注册后,所有的请求都要走AuthMD的process_request方法。

    访问的URL在白名单内或者session中有user用户名,则不做阻拦走正常流程;

    如果URL在黑名单中,则返回This is an illegal URL的字符串;

    正常的URL但是需要登录后访问,让浏览器跳转到登录页面。

    注:AuthMD中间件中需要session,所以AuthMD注册的位置要在session中间的下方。
  • 相关阅读:
    在Linux CentOS上编译并安装Clang 3.5.0
    在Linux CentOS 6.6上安装Python 2.7.9
    Mac OS X上用CoreCLR运行一个真正的.NET控制台程序
    在Mac OS X上用自己编译出的CoreCLR运行.NET程序
    Mac OS X上尝试编译CoreCLR源代码
    Linux上成功编译CoreCLR源代码
    CoreCLR中超过3万行代码的gc.cpp文件的来源
    Windows上成功编译CoreCLR源代码
    “CoreCLR is now Open Source”阅读笔记
    AutoMapper指定列名进行映射
  • 原文地址:https://www.cnblogs.com/nick477931661/p/8779923.html
Copyright © 2011-2022 走看看