1.1 DjangoRestFramework基本使用
1、回顾CBV基本使用
from django.contrib import admin from django.urls import path,re_path,include urlpatterns = [ path('admin/', admin.site.urls), re_path(r'users/',include(('users.urls', 'users'), namespace='users')) ]
from django.contrib import admin from django.urls import path,re_path,include urlpatterns = [ path('admin/', admin.site.urls), re_path(r'users/',include(('users.urls', 'users'), namespace='users')) ]
import json from django.shortcuts import render,HttpResponse from django.views import View class HomeView(View): def dispatch(self, request, *args, **kwargs): return super(HomeView, self).dispatch(request, *args, **kwargs) def get(self, request): return HttpResponse('get') def post(self, request): return HttpResponse('post')
2、安装DjangoRestFramework
pip install djangorestframework==3.9.2 pip install markdown==3.0.1 # Markdown support for the browsable API. pip install django-filter==2.1.0 # Filtering support
3、DjangoRestFramework 基本使用
from django.contrib import admin from django.urls import path,re_path,include urlpatterns = [ path('admin/', admin.site.urls), re_path(r'users/',include(('users.urls', 'users'), namespace='users')) ]
from django.urls import path,re_path,include from users import views urlpatterns = [ re_path(r'info', views.UserInfoViewSet.as_view(), name='user'), ]
from rest_framework.views import APIView from django.http import JsonResponse class UserInfoViewSet(APIView): def __init__(self): super(UserInfoViewSet, self).__init__() def get(self, request, *args, **kwargs): result = { 'status': True, 'data': 'response data' } return JsonResponse(result, status=200) def post(self, request, *args, **kwargs): result = { 'status': True, 'data': 'response data' } return JsonResponse(result, status=200)
1.2 drf认证&权限 模块 返回顶部
1、authentication基本使用
class UserInfoViewSet(APIView): authentication_classes = [authentication.IsAuthenticated,] # 用户认证模块 permission_classes = (authentication.IsOwnerOrReadOnly,) # 用户授权模块
from django.contrib import admin from django.urls import path,re_path,include urlpatterns = [ path('admin/', admin.site.urls), re_path(r'users/',include(('users.urls', 'users'), namespace='users')) ]
#! /usr/bin/env python # -*- coding: utf-8 -*- from django.urls import path,re_path,include from users import views urlpatterns = [ re_path(r'info', views.UserInfoViewSet.as_view(), name='user'), ]
from rest_framework.views import APIView from django.http import JsonResponse from common.auth import authentication class UserInfoViewSet(APIView): authentication_classes = [authentication.IsAuthenticated,] permission_classes = (authentication.IsOwnerOrReadOnly,) def __init__(self): super(UserInfoViewSet, self).__init__() def get(self, request, *args, **kwargs): result = { 'status': True, 'data': 'response data' } return JsonResponse(result, status=200) def post(self, request, *args, **kwargs): result = { 'status': True, 'data': 'response data' } return JsonResponse(result, status=200)
#! /usr/bin/env python # -*- coding: utf-8 -*- from rest_framework import authentication from rest_framework import exceptions from rest_framework import permissions class IsOwnerOrReadOnly(permissions.BasePermission): def has_permission(self, request, view): if False: # 这里暂且不进行权限验证 raise exceptions.ParseError('您没有操作的权限') return True class IsAuthenticated(authentication.BaseAuthentication): def authenticate(self, request): auth = request.META.get('HTTP_AUTHORIZATION', None) # 获取 header中的 Authorization if auth is None: raise exceptions.NotAuthenticated() '''这里应该是验证token是否合法逻辑''' # token = Token.objects.filter(key=auth) # try: # request.user = token[0].user # except IndexError: # raise exceptions.NotAuthenticated('Invalid input Authenticated') return (request, None) def authenticate_header(self, request): msg = 'Invalid token.Please get token first' return exceptions.NotAuthenticated(msg)
2、测试接口
1.3 djangorestframework 序列化 返回顶部
'''1. 选项参数''' name = serializers.CharField(min_length=3,max_length=20) max_length # 最大长度 min_lenght # 最小长度 allow_blank # 是否允许为空 max_value # 最大值 min_value # 最小值 '''2. 通用参数''' gp = serializers.SerializerMethodField(read_only=True) read_only # 表明该字段仅用于序列化输出,默认False write_only # 表明该字段仅用于反序列化输入,默认False required # 表明该字段在反序列化时必须输入,默认True default # 反序列化时使用的默认值 allow_null # 表明该字段是否允许传入None,默认False validators # 该字段使用的验证器 label # 用于HTML展示API页面时,显示的字段名称 help_text # 用于HTML展示API页面时,显示的字段帮助提示信息 error_messages # 包含错误编号与错误信息的字典
1、序列化使用
INSTALLED_APPS = [ 'rest_framework', 'users', ]
from django.contrib import admin from django.urls import path,re_path,include urlpatterns = [ path('admin/', admin.site.urls), re_path(r'users/',include(('users.urls', 'users'), namespace='users')) ]
#! /usr/bin/env python # -*- coding: utf-8 -*- from django.urls import path,re_path from users import views urlpatterns = [ re_path(r'^info/$', views.UserInfoViewSet.as_view(), name='userinfo'), ]
from django.db import models class UserInfo(models.Model): name = models.CharField(max_length=64,unique=True) ut = models.ForeignKey(to='UserType', on_delete=models.CASCADE) gp = models.ManyToManyField(to='UserGroup') def __str__(self): return self.name class UserType(models.Model): type_name = models.CharField(max_length=64,unique=True) def __str__(self): return self.type_name class UserGroup(models.Model): group = models.CharField(max_length=64) def __str__(self): return self.group
from rest_framework.views import APIView from rest_framework.views import Response import json from users import serializers from users import models as users_model class UserInfoViewSet(APIView): # 查询用户信息 def get(self, request, *args, **kwargs): # 一对多、多对多查询都是一样的语法 obj = users_model.UserInfo.objects.all() ser = serializers.UserInfoSerializer(instance=obj,many=True) # 关联数据多个 # ser = serializers.UserInfoSerializer(instance=obj[0]) # 关联数据一个 return Response(ser.data, status=200) # 创建用户 '''创建用户''' def post(self,request): ser = serializers.UserInfoSerializer(data=request.data) if ser.is_valid(): ser.save() return Response(data=ser.data, status=201) return Response(data=ser.errors,status=400) # 更新用户信息 def put(self, request): pk = request.data.get('pk') userinfo = users_model.UserInfo.objects.get(id = pk) # 创建序列化对象,并将要反序列化的数据传递给data构造参数,进而进行验证 ser = serializers.UserInfoSerializer(userinfo,data=request.data) if ser.is_valid(): ser.save() return Response(data=ser.data, status=201) return Response(data=ser.errors,status=400)
from rest_framework import serializers from users.models import UserInfo class UserInfoSerializer(serializers.Serializer): name = serializers.CharField(min_length=3,max_length=20) # 显示普通字段 ut_id = serializers.IntegerField(write_only=True) # 外键约束,关联字段要定义 ut = serializers.CharField(source='ut.type_name',required=False) # 显示一对多字段名称 gp = serializers.SerializerMethodField(read_only=True) # 自定义显示(显示多对多) xxx = serializers.CharField(source='name',required=False) # 也可以自定义显示字段名称 '''PrimaryKeyRelatedField和StringRelatedField:可以用对 一对多 和 多对多 关联对象序列化''' # gp = serializers.PrimaryKeyRelatedField(read_only=True, many=True) # gp = serializers.StringRelatedField(read_only=True,many=True) class Meta: model = UserInfo # 自定义显示 多对多 字段 def get_gp(self,row): '''row: 传过来的正是 UserInfo表的对象''' gp_obj_list = row.gp.all().values('id','group') # 获取用户所有组 return gp_obj_list # 定义创建语法 def create(self, validated_data): return UserInfo.objects.create(**validated_data) # 定义更新方法 def update(self, instance, validated_data): if validated_data.get('name'): instance.name = validated_data['name'] if validated_data.get('ut_id'): instance.ut_id = validated_data['ut_id'] instance.save() return instance # 定义单一字段验证的方法 def validate_name(self, value): if value == 'root': raise serializers.ValidationError('不能创建root管理员账号') return value # 定义多字段验证方法 def validate(self, attrs): if attrs['name'] == 'admin': raise serializers.ValidationError('不能创建admin用户') return attrs # 一对多序列化(反向查找) class UserTypeSerializer(serializers.Serializer): type_name = serializers.CharField() # 法1一对多关联对象序列化:此字段将被序列化为关联对象的主键 userinfo_set = serializers.PrimaryKeyRelatedField(read_only=True, many=True) # 法2一对多关联对象序列化:此字段将被序列化为关联对象的字符串表示方式(即__str__方法的返回值) # userinfo_set = serializers.StringRelatedField(read_only=True,many=True) # 法3一对多关联对象序列化:使用关联对象的序列化器 # userinfo_set = UserInfoSerializer(many=True) # 多对多序列化(反向) class UserGroupSerializer(serializers.Serializer): group = serializers.CharField() # 法1一对多关联对象序列化:此字段将被序列化为关联对象的主键 # userinfo_set = serializers.PrimaryKeyRelatedField(read_only=True, many=True) # 法2一对多关联对象序列化:此字段将被序列化为关联对象的字符串表示方式(即__str__方法的返回值) # userinfo_set = serializers.StringRelatedField(read_only=True,many=True) # 法3一对多关联对象序列化:使用关联对象的序列化器 # userinfo_set = UserInfoSerializer(many=True)
2、序列化(serializers.Serializer)
1)序列化(正向查找)
from rest_framework import serializers
from users.models import UserInfo
class UserInfoSerializer(serializers.Serializer):
name = serializers.CharField(min_length=3,max_length=20) # 显示普通字段
ut = serializers.CharField(source='ut.type_name',required=False) # 显示一对多字段名称
gp = serializers.SerializerMethodField(read_only=True) # 自定义显示(显示多对多)
xxx = serializers.CharField(source='name',required=False) # 也可以自定义显示字段名称
ut_id = serializers.IntegerField(write_only=True) # 一对多关联字段定义(外键约束)
'''PrimaryKeyRelatedField和StringRelatedField:可以用对 一对多 和 多对多 关联对象序列化'''
# gp = serializers.PrimaryKeyRelatedField(read_only=True, many=True)
# gp = serializers.StringRelatedField(read_only=True,many=True)
class Meta:
model = UserInfo
# 自定义显示 多对多 字段
def get_gp(self,row):
'''row: 传过来的正是 UserInfo表的对象'''
gp_obj_list = row.gp.all().values('id','group') # 获取用户所有组
return gp_obj_list
2)序列化(反向查找)
''' 一对多序列化(反向查找)'''
class UserTypeSerializer(serializers.Serializer):
type_name = serializers.CharField()
# 法1一对多关联对象序列化:此字段将被序列化为关联对象的主键
userinfo_set = serializers.PrimaryKeyRelatedField(read_only=True, many=True)
# 法2一对多关联对象序列化:此字段将被序列化为关联对象的字符串表示方式(即__str__方法的返回值)
# userinfo_set = serializers.StringRelatedField(read_only=True,many=True)
# 法3一对多关联对象序列化:使用关联对象的序列化器
# userinfo_set = UserInfoSerializer(many=True)
3)视图函数中使用序列化
class UserInfoViewSet(APIView):
def get(self, request, *args, **kwargs):
# 一对多、多对多查询都是一样的语法
obj = users_model.UserInfo.objects.all()
ser = serializers.UserInfoSerializer(instance=obj,many=True) # 关联数据多条
# ser = serializers.UserInfoSerializer(instance=obj[0]) # 关联数据一条
return Response(ser.data, status=200)
3、反序列化
1)使用反序列化保存数据
'''创建用户'''
def post(self,request):
ser = serializers.UserInfoSerializer(data=request.data)
if ser.is_valid():
ser.save()
return Response(data=ser.data, status=201)
return Response(data=ser.errors,status=400)
2)反序列化定义创建和更新方法
# 定义创建语法
def create(self, validated_data):
return UserInfo.objects.create(**validated_data)
# 定义更新方法
def update(self, instance, validated_data):
if validated_data.get('name'):
instance.name = validated_data['name']
if validated_data.get('ut_id'):
instance.ut_id = validated_data['ut_id']
instance.save()
return instance
# 定义单一字段验证的方法
def validate_name(self, value):
if value == 'root':
raise serializers.ValidationError('不能创建root管理员账号')
return value
# 定义多字段验证方法
def validate(self, attrs):
if attrs['name'] == 'admin':
raise serializers.ValidationError('不能创建admin用户')
return attrs
4、序列化使用举例(serializers.ModelSerializer)
1. ModelSerializer本质是继承了Serielizer类添加了部分功能
2. 在使用上ModelSerializer可以使用 fields = '__all__' 定义要显示的字段
'''users/serializers/userinfo_serializers.py''' from rest_framework import serializers from users.models import UserInfo class UserInfoSerializer(serializers.ModelSerializer): # name = serializers.CharField() # 显示普通字段 ut = serializers.CharField(source='ut.type_name') # 显示一对多字段 gp = serializers.SerializerMethodField() # 自定义显示(显示多对多) xxx = serializers.CharField(source='name') # 也可以自定义显示字段名称 class Meta: model = UserInfo # fields = "__all__" fields = ["name",'ut','gp','xxx'] # 定义显示那些字段 def get_gp(self,row): '''row: 传过来的正是 UserInfo表的对象''' gp_obj_list = row.gp.all() # 获取用户所有组 ret = [] for item in gp_obj_list: ret.append({'id':item.id,'gp':item.group}) return ret
5、使用serializers.ModelSerializer 进行数据验证
from rest_framework.views import APIView from users.serializers.userinfo_serializers import UserInfoSerializer from users.models import UserInfo class UserInfoViewSet(APIView): def get(self, request, *args, **kwargs): obj = UserInfo.objects.all() ser = UserInfoSerializer(instance=obj,many=True) ret = json.dumps(ser.data,ensure_ascii=False) return HttpResponse(ret) def post(self, request, *args, **kwargs): ser = UserInfoSerializer(data=request.data) # 验证,对请求发来的数据进行验证 if ser.is_valid(): print(ser.validated_data) # post请求数据字典 else: print(ser.errors) # form验证错误信息 return HttpResponse(json.dumps({'status':True}))
'''users/serializers/userinfo_serializers.py''' from rest_framework import serializers from django.core.exceptions import ValidationError from users.models import UserInfo class UserInfoSerializer(serializers.ModelSerializer): name = serializers.CharField(min_length=10, error_messages={'required': '该字段必填'}) # 显示普通字段 ut = serializers.CharField(source='ut.type_name',required=False) # 显示一对多字段 gp = serializers.SerializerMethodField(required=False) # 自定义显示(显示多对多) xxx = serializers.CharField(source='name', required=False) # 也可以自定义显示字段名称 class Meta: model = UserInfo # fields = "__all__" fields = ["name",'ut','gp','xxx'] # 定义显示那些字段 # 局部钩子: def validate_name(self, value): # value 是name字段提交的值 if value.startswith('sb'): # 不能以sb开头 raise ValidationError('不能以sb开头') else: return value # 全局钩子找到了 def validate(self, value): # value是所有校验通过数据的字典 name = value.get('name') if False: raise ValidationError('全局钩子引发异常') return value
'''1、ser.is_valid()''' # 验证post请求中数据是否合法 '''2、全局校验钩子''' def validate(self, value): # value是所有校验通过数据的字典 '''3、局部钩子''' def validate_name(self, value): # value 是name字段提交的值
1.4 djangorestframework 分页 返回顶部
1、分页中基本语法
'''1、实例化一个Paginator对象''' paginator = Paginator(objs, page_size) # paginator对象 '''2、获取总数量&总页数''' total_count = paginator.count # 总数量 total = paginator.num_pages # 总页数 '''3、使用objs对象获取指定页数内容''' objs = paginator.page(page) '''4、对分页后的数据进行序列化操作''' serializer = Serializer(objs, many=True) # 序列化操作
2、分页模块使用举例
#!/usr/bin/python # -*- coding: utf-8 -*- from django.conf import settings from rest_framework import status from django.core.paginator import EmptyPage, Paginator, PageNotAnInteger from rest_framework.views import Response def Paginators(objs, request, Serializer): """ objs : 实体对象, queryset request : 请求对象 Serializer : 对应实体对象的类 page_size : 每页显示多少条数据 page : 显示第几页数据 total_count :总共有多少条数据 total :总页数 """ try: page_size = int(request.GET.get('page_size', settings.REST_FRAMEWORK['PAGE_SIZE'])) page = int(request.GET.get('page', 1)) except (TypeError, ValueError): return Response(status=400) paginator = Paginator(objs, page_size) # paginator对象 total_count = paginator.count total = paginator.num_pages # 总页数 try: objs = paginator.page(page) except PageNotAnInteger: objs = paginator.page(1) except EmptyPage: objs = paginator.page(paginator.num_pages) serializer = Serializer(objs, many=True) # 序列化操作 return Response( data={ 'detail': serializer.data, 'page': page, 'page_size': page_size, 'total': total, 'total_count': total_count } )
# 分页 REST_FRAMEWORK = { # 全局分页 'DEFAULT_PAGINATION_CLASS': 'rest_framework.pagination.PageNumberPagination', # 关闭api root页面展示 'DEFAULT_RENDERER_CLASSES': ( 'rest_framework.renderers.JSONRenderer', ), 'UNICODE_JSON': False, # 自定义异常处理 'EXCEPTION_HANDLER': ( 'common.utils.custom_exception_handler' ), 'PAGE_SIZE': 10 }
'''users/serializers/userinfo_serializers.py''' from rest_framework import serializers from users.models import UserInfo class UserInfoSerializer(serializers.Serializer): name = serializers.CharField() # 显示普通字段 ut = serializers.CharField(source='ut.type_name') # 显示一对多字段 gp = serializers.SerializerMethodField() # 自定义显示(显示多对多) xxx = serializers.CharField(source='name') # 也可以自定义显示字段名称 class Meta: model = UserInfo def get_gp(self,row): '''row: 传过来的正是 UserInfo表的对象''' gp_obj_list = row.gp.all() # 获取用户所有组 ret = [] for item in gp_obj_list: ret.append({'id':item.id,'gp':item.group}) return ret
''' users/views.py''' from rest_framework.views import APIView from rest_framework.views import Response from users.serializers.userinfo_serializers import UserInfoSerializer from users.models import UserInfo from common.utils.api_paginator import Paginators class UserInfoViewSet(APIView): queryset = UserInfo.objects.all().order_by('id') serializer_class = UserInfoSerializer def get(self, request, *args, **kwargs): self.queryset = self.queryset.all() ret = Paginators(self.queryset, request, self.serializer_class) print(json.dumps(ret.data)) # ret.data 返回的是最终查询的json数据 return Response(ret.data) # http://127.0.0.1:8000/users/info/?page_size=1 ''' { "detail": [ { "name": "zhangsan", "ut": "学生", "gp": [ { "id": 1, "gp": "group01" }, { "id": 2, "gp": "group02" } ], "xxx": "zhangsan" } ], "page": 1, "page_size": 1, "total": 3, "total_count": 3 } '''
1.5 JWT:使用djangorestframework-jwt模块进行用户身份验证 返回顶部
安装: pip install djangorestframework-jwt
添加应用:python manage.py startapp users
官方网站:https://jpadilla.github.io/django-rest-framework-jwt/
1、JWT配置使用
########### 1、在INSTALLED_APPS中加入'rest_framework.authtoken', ################# INSTALLED_APPS = [ ''' 'rest_framework.authtoken', # ''' ] ################### 2、配置jwt验证 ###################### REST_FRAMEWORK = { # 身份认证 'DEFAULT_AUTHENTICATION_CLASSES': ( 'rest_framework_jwt.authentication.JSONWebTokenAuthentication', 'rest_framework.authentication.SessionAuthentication', 'rest_framework.authentication.BasicAuthentication', ), } import datetime JWT_AUTH = { 'JWT_AUTH_HEADER_PREFIX': 'JWT', 'JWT_EXPIRATION_DELTA': datetime.timedelta(days=1), 'JWT_RESPONSE_PAYLOAD_HANDLER': 'users.views.jwt_response_payload_handler', # 重新login登录返回函数 } AUTH_USER_MODEL='users.User' # 指定使用users APP中的 model User进行验证
from django.contrib import admin from django.urls import path,re_path,include urlpatterns = [ path('admin/', admin.site.urls), re_path(r'users/',include(('users.urls','users'),namespace='users')) ]
#! /usr/bin/env python # -*- coding: utf-8 -*- from django.urls import path,re_path,include from users import views from rest_framework_jwt.views import obtain_jwt_token # 验证密码后返回token urlpatterns = [ path('v1/register/', views.RegisterView.as_view(), name='register'), # 注册用户 path('v1/login/', obtain_jwt_token,name='login'), # 用户登录后返回token path('v1/list/', views.UserList.as_view(), name='register'), # 测试需要携带token才能访问 ]
from django.db import models from django.contrib.auth.models import AbstractUser class User(AbstractUser): username = models.CharField(max_length=64, unique=True) password = models.CharField(max_length=255) phone = models.CharField(max_length=64) token = models.CharField(max_length=255)
#! /usr/bin/env python # -*- coding: utf-8 -*- from rest_framework_jwt.settings import api_settings from rest_framework import serializers from users.models import User class UserSerializer(serializers.Serializer): username = serializers.CharField() password = serializers.CharField() phone = serializers.CharField() token = serializers.CharField(read_only=True) def create(self, data): user = User.objects.create(**data) user.set_password(data.get('password')) user.save() # 补充生成记录登录状态的token jwt_payload_handler = api_settings.JWT_PAYLOAD_HANDLER jwt_encode_handler = api_settings.JWT_ENCODE_HANDLER payload = jwt_payload_handler(user) token = jwt_encode_handler(payload) user.token = token return user
from django.shortcuts import render import json from rest_framework.views import APIView from rest_framework.views import Response from rest_framework.permissions import IsAuthenticated from rest_framework_jwt.authentication import JSONWebTokenAuthentication from users.serializers import UserSerializer # 用户注册 class RegisterView(APIView): def post(self, request, *args, **kwargs): serializer = UserSerializer(data=request.data) if serializer.is_valid(): serializer.save() return Response(serializer.data, status=201) return Response(serializer.errors, status=400) # 重新用户登录返回函数 def jwt_response_payload_handler(token, user=None, request=None): ''' :param token: jwt生成的token值 :param user: User对象 :param request: 请求 ''' return { 'token': token, 'user': user.username, 'userid': user.id } # 测试必须携带token才能访问接口 class UserList(APIView): permission_classes = [IsAuthenticated] # 接口中加权限 authentication_classes = [JSONWebTokenAuthentication] def get(self,request, *args, **kwargs): print(request.META.get('HTTP_AUTHORIZATION', None)) return Response({'name':'zhangsan'}) def post(self,request, *args, **kwargs): return Response({'name':'zhangsan'})
#1、指定允许的hosts,否则通过 http://jack.com:8888/index/ 无法访问jack_django程序 ALLOWED_HOSTS = ['*'] #2、将corsheaders 注册到app中 INSTALLED_APPS = [ 'django.contrib.admin', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', 'corsheaders', 'app01', ] #3、将下面两条添加到中间件重 MIDDLEWARE = [ 'corsheaders.middleware.CorsMiddleware', 'django.middleware.common.CommonMiddleware', ] #4、配置 django-cors-headers 中的参数 CORS_ALLOW_CREDENTIALS = True CORS_ORIGIN_ALLOW_ALL = True # CORS_ORIGIN_WHITELIST = ( # '*', # ) CORS_ALLOW_METHODS = ( 'DELETE', 'GET', 'OPTIONS', 'PATCH', 'POST', 'PUT', 'VIEW', ) CORS_ALLOW_HEADERS = ( 'XMLHttpRequest', 'X_FILENAME', 'accept-encoding', 'authorization', 'content-type', 'dnt', 'origin', 'user-agent', 'x-csrftoken', 'x-requested-with', 'Pragma', )
# 通过用户token获取用户信息
from rest_framework_jwt.utils import jwt_decode_handler toke_user = jwt_decode_handler(token) # {'user_id': 2, 'username': 'lisi', 'exp': 1561504444, 'email': ''}
1111
'''定义显示的字段'''