rest_framework

rest_framework 是基于restful 规范 开发的，帮助我们能快速开发符合restful规范的数据接口的一个app，记得在setting.py 的INSTALLED_APPS中进行app注册哦，

 序列化

一、基础序列化 

方式一：利用json模块下的dump，进行序列化

方式二：利用form组件下的model_to_dict方法将model对象转成字典，加入list序列化

方式三：利用Django原生的serializer进行序列化

# # 序列化
# class Book(APIView):
#     def get(self,request):
#         books = models.Book.objects.all()
# #         # 方式一
# #         # list(books)
# #         # return HttpResponse(json.dumps(books))
# #         # 方式二
# #         # from django.forms.models import model_to_dict
# #         # tem =[]
# #         # for obj in books:
# #         #     print(model_to_dict(obj))
# #         # return HttpResponse(json.dumps(tem))
# #         # 方式三
# #         # from django.core import serializers
# #         # data = serializers.serialize('json',books)
# #         # return HttpResponse(data)

二、rest_framework 序列化

rest_framework 提供的序列化方法的使用方法和form组件十分类似，在学习的时候可以类比的进行学习。

序列化用到的相关类的继承关系及作用：

 

rest_framework 提供的序列化方法都在rest_framework.serializers类下；

1、serializers的使用：先创建一个继承serializers.Serializer序列化类用于对数据的序列化

from rest_framework import serializers
from api import models

class BookSerializers(serializers.Serializer):
    nid = serializers.IntegerField()
    name = serializers.CharField()
    price = serializers.FloatField()
    publisher = serializers.CharField(source="publisher.name")
    #author = serializers.CharField(source="author.all")

    author = serializers.SerializerMethodField()  # 多对多取决于get_XXX()返回值

    def get_author(self, obj):
        temp = []
        for obj in obj.author.all():
            temp.append(obj.name)
        return temp


'''
序列化 BookSerializers(serializer.Serializer)的过程：
temp= []
for obj in books:
temp.append(
    'nid':obj.nid
    'price':obj.price
    'name':obj.name
    'publisher':str(obj.publisher) #obj.publisher.name
    'authors':get_authors(obj)
    )
'''

class Book(APIView):
    def get(self,request):
         books = models.Book.objects.all()
         bs = serializers.BookSerializers(books,many=True)
         return Response(bs.data)       

2、ModelSerializers的使用:

class BookModelSerializer(serializers.ModelSerializer):
    class Meta:
        model = models.Book
        fields = "__all__"  # 默认全部序列化，但是想按照自己的来可以覆盖
                                    #还有好像是 fields =("想要序列化的字段","...")

    publisher = serializers.CharField(source="publisher.pk")
    author = serializers.SerializerMethodField()  # 多对多取决于get_XXX()返回值
    def get_author(self, obj):
        temp = []
        for obj in obj.author.all():
            temp.append(obj.nid)
        return temp     

    #def create(self, validated_data):
    #   print(validated_data)  
    #按自己意愿覆盖时原来的create方法可能不支持需要重写

class BookViewSet(APIView):
    def get(self, request, *args, **kwargs):
        book_list = models.Book.objects.all()
        # bs = serializers.BookSerializers(book_list, many=True)
        bs = serializers.BookModelSerializers(book_list, many=True, context={'request': request})
        return Response(bs.data)

    def post(self, request, *args, **kwargs):
        # bs = serializers.BookSerializers(data=request.data, many=False)
        bs = serializers.BookModelSerializers(data=request.data, many=False)
        if bs.is_valid():
            print('123465', bs.validated_data)
            # bs.save()
            return Response(bs.data)
        else:
            return Response(bs.errors)

3、HyperlinkedIdentityField 超链接序列化：

class BookModelSerializers(serializers.ModelSerializer):
    class Meta:
        model = models.Book
        fields = "__all__"
        depth = 0

    publisher = serializers.HyperlinkedIdentityField(
        view_name="api:publisher_detail",#命名空间下的路由反向解析
        lookup_field="publisher_id",#需要反序列化的ID，放进URL分组里，组成完整URL
        lookup_url_kwarg="pk" #URL里面的分组
    )

　　4、generics.ListCreateAPIView对请求方法进行封装，使代码变得更加简单简洁

from rest_framework import generics
from api import serializers
from api import models

class BookViewSet(generics.ListCreateAPIView):#类里已经封装好了请求方法对应要执行的函数
    queryset = models.Book.objects.all()
    serializer_class = serializers.BookModelSerializers

　　5、viewsets类下的ModelViewSet进一步对路由封装

from rest_framework.viewsets import ModelViewSet
from rest_framework.response import Response
from api import serializers,models
from rest_framework import serializers

class BookViewSet(ModelViewSet):
    queryset = models.Book.objects.all()
    serializer_class = serializers.BookModelSerializers

urlpatterns = [
    # re_path(r'^home/$',views.Home.as_view()),
    re_path(r'books/$', views.BookViewSet.as_view({"get":"list"})),
    re_path(r'books/(?P<pk>d+)$', views.BookViewSet.as_view({"get":"retrieve"}), name="book_detail"),

    # re_path(r'books/$', views.BookViewSet.as_view()),
    # re_path(r'books/(?P<pk>d+)$', views.BookDtailViewSet.as_view(), name="book_detail"),
    re_path(r'publisher/$', views.PublisherViewSet.as_view()),
    re_path(r'publisher/(?P<pk>d+)$', views.PublisherDtailViewSet.as_view(), name="publisher_detail"),
]

 认证组件

 rest_framework认证组件的初始化在APIView类下的dispatch()里

使用方法：

#认证类
class AuthToken():
    def authenticate(self,request):
        nid = request.GET.get("nid")
        name = request._request.GET.get("name",None)
        print(name)
        user = models.Author.objects.filter(name=name).first()
        print(user)
        if user:
            return user.nid, user.name
        else:
            raise AuthenticationFailed("认证失败 ")
    def authenticate_header(self,request):
        pass

class PublisherDtailViewSet(APIView):
    authentication_classes = [serializers.AuthToken,]#局部设置

    def get(self, request, pk):
        print("dididi",request.user)
        print("didid",request.auth)
        publisher = models.Publisher.objects.filter(pk=pk)
        bs = serializers.PublisherModelSerializers(publisher, many=True)
        return Response(bs.data)

　　全局配置源码一解：

　　在视图类下寻找authentication_class = [“认证类1”，“认证类2”]认证类列表，如实没有设置，则最终会寻找到APIView 类下的authentication_class = api_settings.DEFAULT_AUTHENTICATION_CLASS 执行 ，进入api_settings发现是APISettings类的实例，传参default=DEFAULT，DEFAULT为rest_framework所有数据的迷人配置，进去执行APISettings类下 __init__()方法，完成__init__()方法后没有发现发现任何有关全局配置的信息，有点萌，但是仔细看发现 APISettings 类下的__getattr__()方法，类的实例方法调用该类没有的属性时会触发次方法，APISettings类下没有DEFAULT_AUTHENTICATION_CLASS 属性，所以在执行authentication_class = api_settings.DEFAULT_AUTHENTICATION_CLASS触发__getattr__()，__getattr__()先去setting.py 文件下寻找REST_FRAMEWORK字典，没有就是{},取出认证类的路径，进行解析，拿到认证类执行。如果想某得是图形忽略认证只需要在视图类下authentication_class = [] ，就会先会被截胡。

权限组件

rest_framework认证组件的初始化在APIView类下的dispatch()里

全局配置和认证类是一样的

使用方法：

 　　

# 权限组件用到的权限类
from rest_framework.exceptions import PermissionDenied


class SVIPermision():
    def has_permission(self,request,*args,**kwargs):
        permision_tyle = models.Author.objects.filter(name = request.user).first().permision_tyle
        if not permision_tyle:
            raise PermissionDenied("你没有权限")
        elif permision_tyle == 1:
            raise PermissionDenied("你权限不够")
        else:
            return True

class PublisherDtailViewSet(APIView):
    authentication_classes = [serializers.AuthToken,]
    permission_classes = [serializers.SVIPermision,]
    def get(self, request, pk):
        print("dididi",request.user)
        print("didid",request.auth)
        publisher = models.Publisher.objects.filter(pk=pk)
        bs = serializers.PublisherModelSerializers(publisher, many=True)
        return Response(bs.data)

 频率组件

 　　思想：设置间隔时间能访问的次数，对于匿名用户，获取远程IP，作为本地key，为它创建一个列表key：[],先清理列表中大于间隔时间的元素，计算列表元素个数，小于能访问的次数就将本次访问时间加入列表，否则限制访问。

对于登录用户则用用户名作为key。强制匿名用户登录是防止恶意访问的一种有效手段，但不可能真正做到限制访问（多账户分段访问）

# 频率组件
import time

Frequent_user_record = {}
from rest_framework.exceptions import Throttled


class Throttles():
    def __init__(self):
        self.interval = 1 * 5  # 间隔1分钟
        self.num = 2  # 可以访问2次
        self.history = None
        self.now = 0

    def allow_request(self, request, *args, **kwargs):
        self.now = time.time()
        remote_addr = request._request.META.get("REMOTE_ADDR")
        remote_addr_obj = Frequent_user_record.get(remote_addr, None)
        if not remote_addr_obj:
            Frequent_user_record[remote_addr] = [time.time(), ]
            return True
        self.history = Frequent_user_record[remote_addr]

        while self.history and time.time() - self.history[-1] > self.interval:
            Frequent_user_record[remote_addr].pop()

        if len(self.history) < self.num:
            Frequent_user_record[remote_addr].insert(0, self.now)
            return True
        else:
            return False

    def wait(self):
        return self.interval - (self.now - self.history[-1])

class PublisherDtailViewSet(APIView):
    authentication_classes = [serializers.AuthToken,]
    # permission_classes = [serializers.SVIPermision,]
    throttle_classes = [serializers.Throttles,]
    def get(self, request, pk):
        # print("dididi",request.user)
        # print("didid",request.auth)
        publisher = models.Publisher.objects.filter(pk=pk)
        bs = serializers.PublisherModelSerializers(publisher, many=True)
        return Response(bs.data)