一 : CSRF验证
为了防止模拟跨站访问的CSRF攻击,Django里中间件通常会设置一个django.middleware.csrf.CsrfViewMiddleware 来确保此次访问是用户行为,本地生成随机字符串,并且放入cookie中,假如再次提交时候没有此随机字符串则无法通过
- templates处理
在form表单中放入{% csrf_token %}
<form action="/myapp/sessionLogin" method="POST">
{% csrf_token %}
<input id="btn" type="button" value="按钮"/>
</form>
- template Ajax处理
<script>
$(function () {
#全局作用域
$.ajaxSetup({
beforeSend:function (xhr,settings) {
xhr.setRequestHeader('X-CSRFtoken',$.cookie('csrftoken'));
}
});
#按钮点击事件
$('#btn').click(function () {
$.ajax({
url:'/myapp/sessionLogin',
type:"POST",
data:{
'user':'tz111',
'pwd':'123',
suceess:function (arg) {
}
}
})
})
})
</script>
- 局部添加/取消
@csrf_protect,为当前函数强制设置防跨站请求伪造功能,即便settings中没有设置全局中间件。
@csrf_exempt,取消当前函数防跨站请求伪造功能,即便settings中设置了全局中间件。
二 : 中间件
在Django的请求周期中中间件好像一层过滤网,网这个View添加或者屏蔽功能
流程图
过程解析
当请求发出时候->经过precess_request->进行路由分发,函数匹配到相关url 则进行process_view否则请求失败->函数(viewfunction)处理完毕->经过precess_response返回数据层层返回->假如有异常则执行process_exception实例
用自定义中间件模拟请求,观察流程
创造自定义中间件
rom django.utils.deprecation import MiddlewareMixin
from django.shortcuts import HttpResponse
class first(MiddlewareMixin):
def process_request(self,request):
print('雪芙')
def process_view(self,request,view_func,view_func_args,view_fun_kwargs):
print('n1')
def process_response(self,request,response):
print('1')
return response
class second(MiddlewareMixin):
def process_request(self,request):
print('曼丽')
# return HttpResponse('NO')
def process_view(self,request,view_func,view_func_args,view_fun_kwargs):
print('n2')
def process_response(self,request,response):
print('2')
return response
class third(MiddlewareMixin):
def process_request(self,request):
print('梦瑶')
def process_view(self,request,view_func,view_func_args,view_fun_kwargs):
print('n3')
def process_response(self,request,response):
print('3')
return response
# View如果出错 执行
def process_exception(self, request, exception):
if isinstance(exception, ValueError):
print('4454545545楚翔')
return HttpResponse('出现异常')
print('ex')
#如果View中的函数返回的对象中,具有render方法
def process_template_response(self,request,response):
print('--------------')
return response
- setting配置中间件
MIDDLEWARE = [
...
'TZmiddle.m1.first',
'TZmiddle.m1.second',
'TZmiddle.m1.third',
...
]
-
执行结果
执行结果
三 : 缓存
- 配置:
5 种配置 - 实例
3种应用 :全局 视图函数 模板
全局:
MIDDLEWARE = [
# 'django.middleware.cache.UpdateCacheMiddleware',
...
...
# 'django.middleware.cache.FetchFromCacheMiddleware',
]
setting设置
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.filebased.FileBasedCache',
'LOCATION': os.path.join(BASE_DIR,'cache')
}
}
View
from django.views.decorators.cache import cache_page
@cache_page(20)
def cache(request):
ctime = time.time()
return render(request,'cache.html',{'ctime':ctime})
templates
{% load cache %}
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>cache</title>
</head>
<body>
{{ ctime }}
{{ ctime }}
{% cache 10 c1 %}
{{ ctime }}
{% endcache %}
</body>
</html>
四 : 信号
官方解释:Django includes a “signal dispatcher” which helps allow decoupled applications get notified when actions occur elsewhere in the framework.In a nutshell, signals allow certain senders to notify a set of receivers that some action has taken place. They’re especially useful when many pieces of code may be interested in the same events.
Django内部包含了一位“信号调度员”:当某事件在框架内发生时,它可以通知到我们的应用程序。 简而言之,当event(事件)发生时,signals(信号)允许若干 senders(寄件人)通知一组 receivers(接收者)。这在我们多个独立的应用代码对同一事件的发生都感兴趣时,特别有用。
- 自定义信号实例View部分
def signal(request):
from sg import pizza_done
pizza_done.send(sender="tz",topping =11111,size = 456)
return HttpResponse('ok')
- 信号Py
from django.db.models.signals import pre_init,post_init
import django.dispatch
pizza_done = django.dispatch.Signal(providing_args=["toppings","size"])
def callback(sender,**kwargs):
print("callback")
print(sender,kwargs)
pizza_done.connect(callback)
五 : form组件验证
django中的Form可以进行用户验证 ,也可以生成响应页面,功能十分强大.
- 实例View部分
from django import forms
from django.forms import widgets
from django.forms import fields
class FM(forms.Form):
user = fields.CharField(
error_messages={'required': '用户名不能为空.'},
widget=widgets.Textarea(attrs={'class': 'c1'}),
label="用户名",
# 初始值
# initial='root',
)
pwd = fields.CharField(max_length=12,
min_length=6,
error_messages={'required':'密码不能为空',"min_length":"密码长度不能小于6","max_length":"密码长度不能大于12"},
widget = widgets.PasswordInput,
)
email = fields.EmailField(error_messages={'required':'邮箱不能为空','invalid':"邮箱格式错误"})
# f = fields.FileField()
p = fields.FilePathField(path='myapp')
city1 = fields.ChoiceField(
choices=[{0,'欧洲'},{1,'美洲'},{2,'沈阳'},{3,'大连'}]
)
city2 = fields.MultipleChoiceField(
choices=[{0, '欧洲'}, {1, '美洲'}, {2, '沈阳'}, {3, '大连'}]
)
def fm(request):
if request.method == 'GET':
#从数据库红把数据获取到
dic = {
"user":'tz',
"pwd":'123123',
"email":'54544@qq.com,
"city":1,
'city2':[1,2]
}
obj = FM(initial=dic)
return render(request,'fm.html',{'obj':obj})
elif request.method =="POST":
obj = FM(request.POST)
r1 = obj.is_valid()
if r1:
print(obj.cleaned_data)
#注册
# models.UserInfo.objects.creat(**obj.cleaned_data)
else:
print(obj.errors.as_json())
return render(request, 'fm.html',{'obj':obj})
return render(request, 'fm.html')
- 实例tempaltes部分
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>fm</title>
</head>
<body>
<form action="/myapp/fm" method="POST">
{% csrf_token %}
<p>{{ obj.user.label }}{{ obj.user }}{{ obj.errors.user.0 }} </p>
<p>{{ obj.pwd }}{{ obj.errors.pwd.0 }}</p>
<p>{{ obj.email }}{{ obj.errors.email.0 }}</p>
<P>{{ obj.f }}{{ obj.errors.f.0 }}</P>
{{ obj.city1 }}
{{ obj.city2 }}
<input type="submit" value="提交"/>
</form>
</body>
</html>
