django不使用@login_required而用middleware怎么实现
答案:2 悬赏:20
解决时间 2021-02-27 20:58
- 提问者网友:温柔又任性
- 2021-02-27 08:31
如何用中间键实现每个页面间的登陆,应该怎么做?不是在views.py文件里面每个页面前加@login_required的/
最佳答案
- 二级知识专家网友:哥在撩妹请勿打扰
- 2021-02-27 08:51
有第三方模块,django-stronghold#可以搜下教程
或者可以尝试这样的做法。自行新建middleware.py#
from django.http import HttpResponseRedirect
from django.conf import settings
from re import compile
EXEMPT_URLS = [compile(settings.LOGIN_URL.lstrip('/'))]
if hasattr(settings, 'LOGIN_EXEMPT_URLS'):
EXEMPT_URLS += [compile(expr) for expr in settings.LOGIN_EXEMPT_URLS]
class LoginRequiredMiddleware:
"""
Middleware that requires a user to be authenticated to view any page other
than LOGIN_URL. Exemptions to this requirement can optionally be specified
in settings via a list of regular expressions in LOGIN_EXEMPT_URLS (which
you can copy from your urls.py).
Requires authentication middleware and template context processors to be
loaded. You'll get an error if they aren't.
"""
def process_request(self, request):
assert hasattr(request, 'user'), "The Login Required middleware\
requires authentication middleware to be installed. Edit your\
MIDDLEWARE_CLASSES setting to insert\
'django.contrib.auth.middlware.AuthenticationMiddleware'. If that doesn't\
work, ensure your TEMPLATE_CONTEXT_PROCESSORS setting includes\
'django.core.context_processors.auth'."
if not request.user.is_authenticated():
path = request.path_info.lstrip('/')
if not any(m.match(path) for m in EXEMPT_URLS):
return HttpResponseRedirect(settings.LOGIN_URL)settings.py中设置
Example:
`` LOGIN_EXEMPT_URLS = (
r'^about\.html$',
r'^legal/', # allow the entire /legal/* subsection
) ``
或者可以尝试这样的做法。自行新建middleware.py#
from django.http import HttpResponseRedirect
from django.conf import settings
from re import compile
EXEMPT_URLS = [compile(settings.LOGIN_URL.lstrip('/'))]
if hasattr(settings, 'LOGIN_EXEMPT_URLS'):
EXEMPT_URLS += [compile(expr) for expr in settings.LOGIN_EXEMPT_URLS]
class LoginRequiredMiddleware:
"""
Middleware that requires a user to be authenticated to view any page other
than LOGIN_URL. Exemptions to this requirement can optionally be specified
in settings via a list of regular expressions in LOGIN_EXEMPT_URLS (which
you can copy from your urls.py).
Requires authentication middleware and template context processors to be
loaded. You'll get an error if they aren't.
"""
def process_request(self, request):
assert hasattr(request, 'user'), "The Login Required middleware\
requires authentication middleware to be installed. Edit your\
MIDDLEWARE_CLASSES setting to insert\
'django.contrib.auth.middlware.AuthenticationMiddleware'. If that doesn't\
work, ensure your TEMPLATE_CONTEXT_PROCESSORS setting includes\
'django.core.context_processors.auth'."
if not request.user.is_authenticated():
path = request.path_info.lstrip('/')
if not any(m.match(path) for m in EXEMPT_URLS):
return HttpResponseRedirect(settings.LOGIN_URL)settings.py中设置
Example:
`` LOGIN_EXEMPT_URLS = (
r'^about\.html$',
r'^legal/', # allow the entire /legal/* subsection
) ``
全部回答
- 1楼网友:夢想黑洞
- 2021-02-27 09:39
三种解决方案,
第一种就是模拟浏览器的session id cookie,这种解决方案的好处是你的浏览器异步请求和移动端app共享基本不用改后端服务。
第二种解决方案,也就是restful service一般推荐的认证解决方案,就是把用户名密码用base64编码后放到请求的header里面,实际就是传统的http basic认证方式。这个其实改动很小,因为django支持这种认证方式,你把认证方式改一下,view代码不用改
第三种解决方案虽然简单,但是不推荐,那就是把用户名密码附加到每次的请求参数,这种方式乍看很简单,但实际不好,一是不安全,二是你或者改view,或者得写middleware.
我要举报
如以上问答内容为低俗、色情、不良、暴力、侵权、涉及违法等信息,可以点下面链接进行举报!
大家都在看
推荐资讯
| • 手机登qq时,显示手机磁盘不足,清理后重新登 |
| • 刺客的套装怎么选啊? |