中间件版的登录验证需要依靠 session, 所以数据库中要有 django_session 表.
urls.py
- from django.conf.urls import url
- from app01 import views
- urlpatterns = [
- url(r'^index/$', views.index),
- url(r'^login/$', views.login, name='login'),
- ]
views.py
- from django.shortcuts import render, HttpResponse, redirect
- def index(request):
- return HttpResponse('this is index')
- def home(request):
- return HttpResponse('this is home')
- def login(request):
- if request.method == "POST":
- user = request.POST.get("user")
- pwd = request.POST.get("pwd")
- if user == "Q1mi" and pwd == "123456":
- # 设置 session
- request.session["user"] = user
- # 获取跳到登陆页面之前的 URL
- next_url = request.GET.get("next")
- # 如果有, 就跳转回登陆之前的 URL
- if next_url:
- return redirect(next_url)
- # 否则默认跳转到 index 页面
- else:
- return redirect("/index/")
- return render(request, "login.html")
login.HTML
- lang="en">
- charset="UTF-8">
- http-equiv="x-ua-compatible" content="IE=edge">
- name="viewport" content="width=device-width, initial-scale=1">
登录页面
- action="{% url'login'%}">
- for="user">
用户名:
- type="text" name="user" id="user">
- for="pwd">
密 码:
- type="text" name="pwd" id="pwd">
- type="submit" value="登录">
middlewares.py
- class AuthMD(MiddlewareMixin):
- white_list = ['/login/', ] # 白名单
- balck_list = ['/black/', ] # 黑名单
- def process_request(self, request):
- from django.shortcuts import redirect, HttpResponse
- next_url = request.path_info
- print(request.path_info, request.get_full_path())
- if next_url in self.white_list or request.session.get("user"):
- return
- elif next_url in self.balck_list:
- return HttpResponse('This is an illegal URL')
- else:
- return redirect("/login/?next={}".format(next_url))
在 settings.py 中注册
- MIDDLEWARE = [
- 'django.middleware.security.SecurityMiddleware',
- 'django.contrib.sessions.middleware.SessionMiddleware',
- 'django.middleware.common.CommonMiddleware',
- 'django.middleware.csrf.CsrfViewMiddleware',
- 'django.contrib.auth.middleware.AuthenticationMiddleware',
- 'django.contrib.messages.middleware.MessageMiddleware',
- 'middlewares.AuthMD',
- ]
注
AuthMD 中间件注册后, 所有的请求都要走 AuthMD 的 process_request 方法.
访问的 URL 在白名单内或者 session 中有 user 用户名, 则不做阻拦走正常流程;
如果 URL 在黑名单中, 则返回 This is an illegal URL 的字符串;
正常的 URL 但是需要登录后访问, 让浏览器跳转到登录页面.
!:AuthMD 中间件中需要 session, 所以 AuthMD 注册的位置要在 session 中间的下方.
来源: http://www.bubuko.com/infodetail-2980665.html