目录
1, 一些准备工作
安装 django
创建 django 项目
创建博客应用 (App)
- ,models.py
- ,django admin
登录
创建超级用户
4, 修改 urls.py
5, 新增文章接口
6, 查询文章接口
7, 修改文章接口
8, 删除文章接口
9, 鉴权
鉴权接口
用户认证
1, 一些准备工作
安装 django
pip install django
创建 django 项目
进入项目代码存放目录执行命令:
django-admin.py startproject blog_demo
进入 blog_demo, 运行命令:
python3.6 manage.py runserver 9000
在浏览器地址栏打开: http://127.0.0.1:9000/ 如果出现以下画面, 则说明服务器正在运行
创建博客应用 (App)
django 中每一个 App 可以看作是一个模块, 以 App 为单位, 结构清晰, 方便管理.
python3.6 manage.py startapp blog_api
使用开发工具打开项目 blog_demo, 其结构如下:
2,models.py
编写模型层代码, 以下语句相当于创建了两张表: User,Article
- class User(models.Model):
- id = models.AutoField(primary_key=True)
- uname = models.CharField(max_length=50)
- upwd = models.CharField(max_length=100)
- #active inactive
- status = models.CharField(max_length=10)
- class Article(models.Model):
- id = models.AutoField(primary_key=True)
- title = models.CharField(max_length=50)
- content = models.TextField()
- #deleted alive
- status = models.CharField(max_length=10)
创建表结构:
python3.6 manage.py migrate
settings.py 文件 INSTALLED_APPS 处新增 App:blog_api
- INSTALLED_APPS = [
- 'django.contrib.admin',
- 'django.contrib.auth',
- 'django.contrib.contenttypes',
- 'django.contrib.sessions',
- 'django.contrib.messages',
- 'django.contrib.staticfiles',
- 'blog_api'
- ]
让 django 知道模型有了变化:
python3.6 manage.py makemigrations blog_api
再次创建表结构:
- python3.6 manage.py migrate
- 3,django admin
登录
在浏览器控制台输入: http://127.0.0.1:9000/admin/login/?next=/admin/
创建超级用户
- stephen@stephen-K55VD:~/IdeaProjects/blog_demo$ python3.6 manage.py createsuperuser
- Username (leave blank to use 'stephen'): admin
- Email address:
- Password:
- Password (again):
- This password is too common.
- Bypass password validation and create user anyway? [y/N]: y
- Superuser created successfully.
邮件地址可以不填, 注册成功后即可登录. 使用 admin 后台来管理模型需要先注册, 修改 blog_api/admin.py 代码
- # 导入模型 User,Article
- from blog_api.models import User,Article
- admin.site.register(User)
- admin.site.register(Article)
刷新 admin 后台, 就可以看到刚刚注册的模型了.
4, 修改 urls.py
- from blog_api.views import add_article,modify_article
- urlpatterns = [
- path('admin/', admin.site.urls),
- path('articles/',add_article),
- path('articles/<int:art_id>',modify_article)
- ]
5, 新增文章接口
- from django.http import HttpResponse,JsonResponse
- from blog_api.models import User,Article
- import JSON
- # 新增文章
- def add_article(request):
- if request.method == "POST":
- req = JSON.loads(request.body)
- print (req)
- key_flag = req.get("title") and req.get("content") and len(req)==2
- #判断请求体是否正确
- if key_flag:
- title = req["title"]
- content = req["content"]
- #title 返回的是一个 list
- title_exist = Article.objects.filter(title=title)
- #判断是否存在同名 title
- if len(title_exist) != 0:
- return JsonResponse({"status":"BS.400","msg":"title aleady exist,fail to publish."})
- '''插入数据'''
- add_art = Article(title=title,content=content,status="alive")
- add_art.save()
- return JsonResponse({"status":"BS.200","msg":"publish article sucess."})
- else:
- return JsonResponse({"status":"BS.400","message":"please check param."})
使用 postman 工具调用接口, 运行结果:
6, 查询文章接口
- # 查询所有文章和状态
- if request.method == "GET":
- articles = {}
- query_art = Article.objects.all()
- for title in query_art:
- articles[title.title] = title.status
- return JsonResponse({"status":"BS.200","all_titles":articles,"msg":"query articles sucess."})
运行结果:
7, 修改文章接口
- # 修改文章
- def modify_article(request,art_id):
- if request.method == "POST":
- req = JSON.loads(request.body)
- try:
- art = Article.objects.get(id=art_id)
- key_flag = req.get("title") and req.get("content") and len(req)==2
- if key_flag:
- title = req["title"]
- content = req["content"]
- title_exist = Article.objects.filter(title=title)
- if len(title_exist)> 1:
- return JsonResponse({"status":"BS.400","msg":"title aleady exist."})
- '''更新数据'''
- old_art = Article.objects.get(id=art_id)
- old_art.title = title
- old_art.content = content
- old_art.save()
- return JsonResponse({"status":"BS.200","msg":"modify article sucess."})
- except Article.DoesNotExist:
- return JsonResponse({"status":"BS.300","msg":"article is not exists,fail to modify."})
运行结果:
8, 删除文章接口
- # 删除文章
- if request.method == "DELETE":
- try:
- art = Article.objects.get(id=art_id)
- art_id = art.id
- art.delete()
- return JsonResponse({"status":"BS.200","msg":"delete article sucess."})
- except Article.DoesNotExist:
- return JsonResponse({"status":"BS.300","msg":"article is not exists,fail to delete."})
运行结果:
9, 鉴权
四个简单的接口已经可以运行了, 但是在发请求之前没有进行鉴权, 毫无安全性可言. 下面来实现简单的认证机制. 需要用到内建模块 hashlib,hashlib 提供了常见的摘要算法, 如 MD5,SHA1 等.
鉴权接口
新增一个专门用于鉴权的接口. 在 urls.py 中添加
path("auth/",get_token)
在 views.py 前面新增函数 get_token(request)
- import hashlib
- # 获取 token
- def get_token(request):
- req = JSON.loads(request.body)
- uname = req["username"]
- upwd = req["password"]
- if request.method == "POST":
- try:
- tmppwd =User.objects.get(uname=uname).upwd
- if upwd == tmppwd:
- md5 = hashlib.md5()
- #把密码变成一个长度固定的字符串
- md5.update(upwd.encode("utf-8"))
- return JsonResponse({"status":"BS.201","X-Token":md5.hexdigest()})
- else:
- return JsonResponse({"status":"BS.401","msg":"username or password may wrong."})
- except User.DoesNotExist:
- return JsonResponse({"status":"BS.500","msg":"username is not exist."})
登录 django admin 在 blog_api 下的 User 表新增一条记录. 运行结果:
用户认证
request.META.get("header key") 用于获取 header 的信息. 注意的是 header key 必须增加前缀 HTTP, 同时大写, 中划先会转成下划线, 例如你的 key 为 X-Token, 那么应该写成 request.META.get("HTTP_X_TOKEN"), 修改 views.py 在 get_token 后面加上如下代码:
- # 认证动作
- def user_auth(request):
- token = request.META.get("HTTP_X_TOKEN",b'')
- print (token)
- if token:
- #暂时先写上 auth 接口返回的数据
- if token=="0a6db4e59c7fff2b2b94a297e2e5632e":
- return "auth_sucess"
- else:
- return "auth_fail"
- else:
- return "auth_fail"
在接口中调用 user_auth 函数, 以发布文章接口为例:
- # 新增文章
- def add_article(request):
- auth_res = user_auth(request)
- if auth_res == "auth_fail":
- return JsonResponse({"status":"BS.401","msg":"user auth failed."})
- else:
- if request.method == "POST":
- req = JSON.loads(request.body)
- print (req)
- .......
再次使用 postman 工具调用新增文章接口, Header 中没有 X-Token 或 X-Token 错误时的运行结果:
来源: https://www.cnblogs.com/webDepOfQWS/p/10693152.html