17 django中间件

django中间件

中间件就是中间商，你从厂家买东西，经过中间商的协调，拿到自己想要的东西，显然方便了很多，但是也存在一定性能问题，因为不是直接和服务器打交道，而是通过一层层的中间商。

直接上代码，包含两个应用

"""
Django settings for middleware project.

Generated by 'django-admin startproject' using Django 2.2.3.

For more information on this file, see
https://docs.djangoproject.com/en/2.2/topics/settings/

For the full list of settings and their values, see
https://docs.djangoproject.com/en/2.2/ref/settings/
"""

import os

# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))


# Quick-start development settings - unsuitable for production
# See https://docs.djangoproject.com/en/2.2/howto/deployment/checklist/

# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = '*k9n@iw!c6dsh_wdw!tc+v^4d(_k!v_(^j-g$^j@^e=#$w1vr8'

# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = True

ALLOWED_HOSTS = []


# Application definition

INSTALLED_APPS = [
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'middle_app01',
]

MIDDLEWARE = [
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
    'middlewares.AuthLimit',
    'middlewares.IpLimitMiddleWare',
    'middlewares.MdOne',
    'middlewares.MdTwo',
]

ROOT_URLCONF = 'middleware.urls'

TEMPLATES = [
    {
        'BACKEND': 'django.template.backends.django.DjangoTemplates',
        'DIRS': [os.path.join(BASE_DIR, 'templates')],
        'APP_DIRS': True,
        'OPTIONS': {
            'context_processors': [
                'django.template.context_processors.debug',
                'django.template.context_processors.request',
                'django.contrib.auth.context_processors.auth',
                'django.contrib.messages.context_processors.messages',
            ],
        },
    },
]

WSGI_APPLICATION = 'middleware.wsgi.application'


# Database
# https://docs.djangoproject.com/en/2.2/ref/settings/#databases

# DATABASES = {
#     'default': {
#         'ENGINE': 'django.db.backends.sqlite3',
#         'NAME': os.path.join(BASE_DIR, 'db.sqlite3'),
#     }
# }


# Password validation
# https://docs.djangoproject.com/en/2.2/ref/settings/#auth-password-validators

AUTH_PASSWORD_VALIDATORS = [
    {
        'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
    },
]


# Internationalization
# https://docs.djangoproject.com/en/2.2/topics/i18n/

LANGUAGE_CODE = 'en-us'

TIME_ZONE = 'UTC'

USE_I18N = True

USE_L10N = True

USE_TZ = True


# Static files (CSS, JavaScript, Images)
# https://docs.djangoproject.com/en/2.2/howto/static-files/

STATIC_URL = '/static/'
STATICFILES_DIRS = [
    os.path.join(BASE_DIR, 'statics')
]

LOGIN_URL = '/app01/login/'

DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.mysql',
        'NAME':'auth',# 要连接的数据库，连接前需要创建好
        'USER':'root',# 连接数据库的用户名
        'PASSWORD':'root',# 连接数据库的密码
        'HOST':'127.0.0.1',# 连接主机，默认本级
        'PORT':3306 #  端口 默认3306
    }
}

LOGGING = {
    'version': 1,
    'disable_existing_loggers': False,
    'handlers': {
        'console':{
            'level':'DEBUG',
            'class':'logging.StreamHandler',
        },
    },
    'loggers': {
        'django.db.backends': {
            'handlers': ['console'],
            'propagate': True,
            'level':'DEBUG',
        },
    }
}

from django.urls import path
from middle_app01 import views

urlpatterns = [
    path('index/', views.index),
    path('login/', views.login),
    path('secret/', views.secret),
]

from django import forms
from django.forms import widgets
from django.core.exceptions import ValidationError
from django.contrib.auth.models import User


name_widget = widgets.TextInput(attrs={'class':'form-control'})
pwd_widget = widgets.PasswordInput(attrs={'class':'form-control'})


class Form(forms.Form):
    name = forms.CharField(min_length=4, max_length=16, widget=name_widget, label='用户名')
    pwd = forms.CharField(min_length=4, max_length=16, widget=pwd_widget, label='密码')
    email = forms.EmailField(widget=name_widget, label='邮箱')

    def clean_name(self):
        val = self.cleaned_data.get('name')
        res = User.objects.filter(username=val).exists()
        if not res:
            return val
        else:
            raise ValidationError('用户名已存在！')


class LoginForm(forms.Form):
    name = forms.CharField(min_length=4, max_length=16, widget=name_widget, label='用户名')
    pwd = forms.CharField(min_length=4, max_length=16, widget=pwd_widget, label='密码')

12 django组件中间件/middleware/middle_app01/views.py   视图函数

from django.shortcuts import render, HttpResponse, redirect
from django.contrib import auth
from middle_app01.myforms import LoginForm

# Create your views here.


def index(request):
    print('----------------------> 视图函数给出的真实响应')
    return render(request, 'index.html')

    # 视图函数出错 测试 process_exception
    # return render(request, 'indexasdfadf.html')


def secret(request):
    return render(request, 'secret.html',locals())


def login(request):
    if request.method == 'POST':
        form = LoginForm(request.POST)
        if form.is_valid():
            print(form.cleaned_data)
            username = form.cleaned_data.get('name')
            pwd = form.cleaned_data.get('pwd')
            user = auth.authenticate(username=username, password=pwd)
            if user:
                auth.login(request, user)
                next_url = request.GET.get('next', '/app01/index')
                return redirect(next_url)
            else:
                error = '用户名或密码错误！'
                return render(request, 'login.html', locals())
        else:
            print(form.cleaned_data)
            print(form.errors)
            return render(request, 'login.html', locals())
    else:
        form = LoginForm()
        return render(request, 'login.html', locals())

12 django组件中间件middlewaremiddlewares.py    自己定义的中间件     

from django.utils.deprecation import MiddlewareMixin
from django.shortcuts import HttpResponse, redirect
from middleware import settings
import time


'''
中间件顾名思义，是介于request与response处理之间的一道处理过程，相对比较轻量级，并且在全局上改变django的输入与输出。
因为改变的是全局，所以需要谨慎实用，用不好会影响到性能。
如果你想修改请求，例如被传送到view中的HttpRequest对象。 或者你想修改view返回的HttpResponse对象，这些都可以通过中间件来实现。
可能你还想在view执行之前做一些操作，这种情况就可以用 middleware来实现。
'''


class MdOne(MiddlewareMixin):

    # 当用户发起请求的时候会依次经过所有的的中间件，这个时候的请求时process_request,最后到达views的函数中，views函数处理后，
    # 在依次穿过中间件，这个时候是process_response,最后返回给请求者。
    def process_request(self, request):
        ip_black_lis = ['127.0.0.1']
        print("----------------------> 请求到达MdOne.process_request")
        ip = request.META.get('REMOTE_ADDR')
        # 请求到达中间件process_request，如果process_request函数有return，那么将不再继续按正常的流程走到视图函数
        # 而是直接返回数据给客户端()，如之前是  A->B->C->视图函数  假如B中发生return，直接返回数据 B->A->客户端
        # if ip in ip_black_lis:
        #     return HttpResponse('ip在黑名单内，请求中断！')

    # 当最后一个中间的process_request到达路由关系映射之后，返回到中间件1的process_view，然后依次往下，到达views函数。
    # 最后通过process_response依次返回到达用户。
    def process_view(self, request, callback, callback_args, callback_kwargs):
        print("----------------------> 请求到达MdOne.process_view")
        # process_view如果有返回值，会越过其他的process_view以及视图函数，但是所有的process_response都还会执行。
        # return HttpResponse('ojbk!')

        # 还可以直接调用视图函数
        # response = callback(request, *callback_args, **callback_kwargs)
        # return response

    # 当视图函数报错时，执行这个函数，注意这里已经到达了视图函数，开始网上冒泡，所以这里先答应 MdTwo的process_exception
    # HttpResponse('内部有误！') 返回给客户端，如果在 MdTwo 中有返回，则跳过 MdOne 的 MdTwo的process_exception 直接到 MdTwo的process_response
    def process_exception(self, request, exception):
        print("----------------------> 当视图函数出错MdOne.process_exception")
        # return HttpResponse('内部有误！')

    def process_response(self, request, response):
        print("----------------------> 返回达到MdOne.process_response")
        return response


class MdTwo(MiddlewareMixin):

    def process_request(self, request):
        print("----------------------> 请求到达MdTwo.process_request")

    def process_view(self, request, callback, callback_args, callback_kwargs):
        print("----------------------> 请求到达MdTwo.process_view")

    def process_exception(self, request, exception):
        print("----------------------> 当视图函数出错MdTwo.process_exception")
        return HttpResponse('内部有误！')

    def process_response(self, request, response):
        print("----------------------> 返回达到MdTwo.process_response")
        return response


ip_pool = {}
# Django中间件限制用户每分钟访问次数不超过10次,一般用于反爬
class IpLimitMiddleWare(MiddlewareMixin):

    def time_filter(self, val):
        return time.time() - val < 60

    def process_request(self, request):
        ip = request.META.get('REMOTE_ADDR')
        if ip_pool.get(ip):
            ip_pool[ip] = list(filter(self.time_filter, ip_pool[ip]))
            ip_pool[ip].append(time.time())
        else:
            ip_pool[ip] = [time.time()]
        print(ip_pool)
        if len(ip_pool[ip]) > 10:
            return HttpResponse("频繁访问，请稍后再试！")


# URL访问过滤
# 如果用户访问的是login视图（放过）
# 如果访问其他视图，需要检测是不是有session认证，已经有了放行，没有返回login，这样就省得在多个视图函数上写装饰器了！
class AuthLimit(MiddlewareMixin):

    def process_request(self, request):
        path = request.path
        print(path)
        if path != settings.LOGIN_URL and not request.user.is_authenticated:
            new_path = settings.LOGIN_URL + '?next=' + path
            return redirect(new_path)

12 django组件中间件/middleware/templates/login.html

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>login</title>
    <link rel="stylesheet" href="/static/bootstrap.min.css">
</head>
<body>

<div class="container">
    <div class="row">
        <div class="col-md-6 col-md-offset-3">
            <h4>登录</h4>
            <form action="" method="post">
                {% csrf_token %}
                {% for field in form %}
                    <div class="form-group">
                        <label for="">{{ field.label }}</label>
                        {{ field }}
                        <span class="pull-right" style="color: red">{{ field.errors.0 }}</span>
                    </div>
                {% endfor %}
                <input type="submit" class="btn btn-success">
                <span class="pull-right" style="color: red">{{ error }}</span>
            </form>
        </div>
    </div>
</div>

</body>
</html>