一 : CSRF 验证
为了防止模拟跨站访问的 CSRF 攻击, Django 里中间件通常会设置一个
django.middleware.csrf.CsrfViewMiddleware
来确保此次访问是用户行为, 本地生成随机字符串, 并且放入 cookie 中, 假如再次提交时候没有此随机字符串则无法通过
templates 处理
在 form 表单中放入{% csrf_token %}
- <form action="/myapp/sessionLogin" method="POST">
- {% csrf_token %}
- <input id="btn" type="button" value="按钮"/>
- </form>
template Ajax 处理
- <script>
- $(function () {
- # 全局作用域
- $.ajaxSetup({
- beforeSend:function (xhr,settings) {
- xhr.setRequestHeader('X-CSRFtoken',$.cookie('csrftoken'));
- }
- });
- # 按钮点击事件
- $('#btn').click(function () {
- $.ajax({
- url:'/myapp/sessionLogin',
- type:"POST",
- data:{
- 'user':'tz111',
- 'pwd':'123',
- suceess:function (arg) {
- }
- }
- })
- })
- })
- </script>
局部添加 / 取消
@csrf_protect, 为当前函数强制设置防跨站请求伪造功能, 即便 settings 中没有设置全局中间件
@csrf_exempt, 取消当前函数防跨站请求伪造功能, 即便 settings 中设置了全局中间件
二 : 中间件
在 Django 的请求周期中中间件好像一层过滤网, 网这个 View 添加或者屏蔽功能
流程图
过程解析
当请求发出时候 ->经过 precess_request->进行路由分发, 函数匹配到相关 url 则进行 process_view 否则请求失败 ->函数 (viewfunction) 处理完毕 ->经过 precess_response 返回数据层层返回 ->假如有异常则执行 process_exception
实例
用自定义中间件模拟请求, 观察流程
创造自定义中间件
- rom django.utils.deprecation import MiddlewareMixin
- from django.shortcuts import HttpResponse
- class first(MiddlewareMixin):
- def process_request(self,request):
- print('雪芙')
- def process_view(self,request,view_func,view_func_args,view_fun_kwargs):
- print('n1')
- def process_response(self,request,response):
- print('1')
- return response
- class second(MiddlewareMixin):
- def process_request(self,request):
- print('曼丽')
- # return HttpResponse('NO')
- def process_view(self,request,view_func,view_func_args,view_fun_kwargs):
- print('n2')
- def process_response(self,request,response):
- print('2')
- return response
- class third(MiddlewareMixin):
- def process_request(self,request):
- print('梦瑶')
- def process_view(self,request,view_func,view_func_args,view_fun_kwargs):
- print('n3')
- def process_response(self,request,response):
- print('3')
- return response
- # View 如果出错 执行
- def process_exception(self, request, exception):
- if isinstance(exception, ValueError):
- print('4454545545 楚翔')
- return HttpResponse('出现异常')
- print('ex')
- #如果 View 中的函数返回的对象中, 具有 render 方法
- def process_template_response(self,request,response):
- print('--------------')
- return response
setting 配置中间件
- MIDDLEWARE = [
- ...
- 'TZmiddle.m1.first',
- 'TZmiddle.m1.second',
- 'TZmiddle.m1.third',
- ...
- ]
执行结果
执行结果
三 : 缓存
配置:
5 种配置
实例
3 种应用 : 全局 视图函数 模板
全局:
- MIDDLEWARE = [
- # 'django.middleware.cache.UpdateCacheMiddleware',
- ...
- ...
- # 'django.middleware.cache.FetchFromCacheMiddleware',
- ]
setting 设置
- CACHES = {
- 'default': {
- 'BACKEND': 'django.core.cache.backends.filebased.FileBasedCache',
- 'LOCATION': os.path.join(BASE_DIR,'cache')
- }
- }
- View
- from django.views.decorators.cache import cache_page
- @cache_page(20)
- def cache(request):
- ctime = time.time()
- return render(request,'cache.html',{'ctime':ctime})
- templates
- {% load cache %}
- <!DOCTYPE html>
- <html lang="en">
- <head>
- <meta charset="UTF-8">
- <title>cache</title>
- </head>
- <body>
- {{ ctime }}
- {{ ctime }}
- {% cache 10 c1 %}
- {{ ctime }}
- {% endcache %}
- </body>
- </html>
四 : 信号
官方解释:
Django includes a signal dispatcher which helps allow decoupled applications get notified when actions occur elsewhere in the framework.In a nutshell, signals allow certain senders to notify a set of receivers that some action has taken place. Theyre especially useful when many pieces of code may be interested in the same events.
Django 内部包含了一位信号调度员: 当某事件在框架内发生时, 它可以通知到我们的应用程序 简而言之, 当 event(事件)发生时, signals(信号)允许若干 senders(寄件人)通知一组 receivers(接收者)这在我们多个独立的应用代码对同一事件的发生都感兴趣时, 特别有用
自定义信号实例 View 部分
- def signal(request):
- from sg import pizza_done
- pizza_done.send(sender="tz",topping =11111,size = 456)
- return HttpResponse('ok')
信号 Py
- from django.db.models.signals import pre_init,post_init
- import django.dispatch
- pizza_done = django.dispatch.Signal(providing_args=["toppings","size"])
- def callback(sender,**kwargs):
- print("callback")
- print(sender,kwargs)
- pizza_done.connect(callback)
五 : form 组件验证
django 中的 Form 可以进行用户验证 , 也可以生成响应页面, 功能十分强大.
实例 View 部分
- from django import forms
- from django.forms import widgets
- from django.forms import fields
- class FM(forms.Form):
- user = fields.CharField(
- error_messages={'required': '用户名不能为空.'},
- widget=widgets.Textarea(attrs={'class': 'c1'}),
- label="用户名",
- # 初始值
- # initial='root',
- )
- pwd = fields.CharField(max_length=12,
- min_length=6,
- error_messages={'required':'密码不能为空',"min_length":"密码长度不能小于 6","max_length":"密码长度不能大于 12"},
- widget = widgets.PasswordInput,
- )
- email = fields.EmailField(error_messages={'required':'邮箱不能为空','invalid':"邮箱格式错误"})
- # f = fields.FileField()
- p = fields.FilePathField(path='myapp')
- city1 = fields.ChoiceField(
- choices=[{0,'欧洲'},{1,'美洲'},{2,'沈阳'},{3,'大连'}]
- )
- city2 = fields.MultipleChoiceField(
- choices=[{0, '欧洲'}, {1, '美洲'}, {2, '沈阳'}, {3, '大连'}]
- )
- def fm(request):
- if request.method == 'GET':
- #从数据库红把数据获取到
- dic = {
- "user":'tz',
- "pwd":'123123',
- "email":'54544@qq.com,"city":1,'city2':[1,2]
- }
- obj = FM(initial=dic)
- return render(request,'fm.html',{'obj':obj})
- elif request.method =="POST":
- obj = FM(request.POST)
- r1 = obj.is_valid()
- if r1:
- print(obj.cleaned_data)
- #注册
- # models.UserInfo.objects.creat(**obj.cleaned_data)
- else:
- print(obj.errors.as_json())
- return render(request, 'fm.html',{'obj':obj})
- return render(request, 'fm.html')
实例 tempaltes 部分
- <!DOCTYPE html>
- <html lang="en">
- <head>
- <meta charset="UTF-8">
- <title>fm</title>
- </head>
- <body>
- <form action="/myapp/fm" method="POST">
- {% csrf_token %}
- <p>{{ obj.user.label }}{{ obj.user }}{{ obj.errors.user.0 }} </p>
- <p>{{ obj.pwd }}{{ obj.errors.pwd.0 }}</p>
- <p>{{ obj.email }}{{ obj.errors.email.0 }}</p>
- <P>{{ obj.f }}{{ obj.errors.f.0 }}</P>
- {{ obj.city1 }}
- {{ obj.city2 }}
- <input type="submit" value="提交"/>
- </form>
- </body>
- </html>
来源: http://www.jianshu.com/p/9142e5cd735d