• Django----djagorestframwork使用


    restful(表者征状态转移,面向资源编程)------------------------------------------->约定
    	从资源的角度审视整个网络,将分布在网络中某个节点的资源通过url进行标识,客户端通过url获取资源的表征,
    	获得这些表征使应用转变状态。-----------------------------------------------------------是一种软件架构风格。
    	所有数据是通过网络获取的是操作的数据(增删改查),都是资源-------------------------------互联网上的一切东西都视为资源。
    	
    restf规则:
    	API与用户的通信协议,使用的是http协议
    	1:域名尽量部署在专有域名之下,若API很简单,不会进一步扩展,可以考虑放在主域名下。
    	2:应将api的版本号放入url,还可以将版本号放入Http请求头信息中,但不如放在url中方便。
    	3:在RESTful架构中,每个网址代表一种资源(resource),所以网址中应该有动词,应该使用名词,
    	   而且所用的名词往往与数据库的表格名对应。一般来说,数据库中的表都是同种记录的"集合"(collection),所以API中的名词也应该使用复数。
    	4:用于区别url接口应将API加入到url.
    	5: 如果记录数量很多,服务器不可能都将它们返回给用户。API应该提供参数,过滤返回结果。
    	6: 服务器向用户返回的状态码和提示信息。
    	8: 如果状态码是4xx,就应该向用户返回出错信息。一般来说,返回的信息中将error作为键名,出错信息作为键值即可。
    	9: 请求方式的不同,进行不同的操作。post----get----put----patch----delete
    	10:返回错误信息
    
    restful-api:
    	API与用户的通行协议,总是使用HTTPs协议
    	api:---------------------------------------------------------------------------------------接口
    		用途:
    			1:为别人提供服务----------发送短信
    			2:前后端分离--------------前后端分离
    		规范:
    			1:url+api
    				https://api.example.com------------------------------------------------------------尽量将API部署在专用域名(会存在跨域问题)
    				https://example.org/api/-----------------------------------------------------------API很简单
    			2:名词
    				资源名必须是名词,不能是动词.......
    			3:版本
    				URL,-------------------------------------------------------------------------------如:https://api.example.com/v1/
    				请求头------------------------------------------------------------------------------跨域时,引发发送多次请求
    			4:提交方式------------------------------------------------------------method
    				GET:-------------------------------------------------------------------------------从服务器取出资源(一项或多项)
    				POST:------------------------------------------------------------------------------在服务器新建一个资源
    				PUT:-------------------------------------------------------------------------------在服务器更新资源(客户端提供改变后的完整资源)
    				PATCH :----------------------------------------------------------------------------在服务器更新资源(客户端提供改变的属性)
    				DELETE:----------------------------------------------------------------------------从服务器删除资源
    			5:json数据------------------------------------------------------------返回json数据
    			6:status--------------------------------------------------------------状态码
    				200 OK - [GET]:服务器成功返回用户请求的数据,该操作是幂等的(Idempotent)。
    				201 CREATED - [POST/PUT/PATCH]:用户新建或修改数据成功。
    				202 Accepted - [*]:表示一个请求已经进入后台排队(异步任务)
    				204 NO CONTENT - [DELETE]:用户删除数据成功。
    				400 INVALID REQUEST - [POST/PUT/PATCH]:用户发出的请求有错误,服务器没有进行新建或修改数据的操作,该操作是幂等的。
    				401 Unauthorized - [*]:表示用户没有权限(令牌、用户名、密码错误)。
    				403 Forbidden - [*] 表示用户得到授权(与401错误相对),但是访问是被禁止的。
    				404 NOT FOUND - [*]:用户发出的请求针对的是不存在的记录,服务器没有进行操作,该操作是幂等的。
    				406 Not Acceptable - [GET]:用户请求的格式不可得(比如用户请求JSON格式,但是只有XML格式)。
    				410 Gone -[GET]:用户请求的资源被永久删除,且不会再得到的。
    				422 Unprocesable entity - [POST/PUT/PATCH] 当创建一个对象时,发生一个验证错误。
    				500 INTERNAL SERVER ERROR - [*]:服务器发生错误,用户将无法判断发出的请求是否成功。
    				更多看这里:http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    			7:aypermedia link-----------------------------------------------------返回链接
    				Hypermedia API,RESTful API最好做到Hypermedia,即返回结果中提供链接,连向其他API方法,使得用户不查文档,也知道下一步应该做什么。
    					{"link": {
    					  "rel":   "collection https://www.example.com/zoos",
    					  "href":  "https://api.example.com/zoos",
    					  "title": "List of zoos",
    					  "type":  "application/vnd.yourformat+json"
    					}}			
    			8:错误处理
    				错误处理,状态码是4xx时,应返回错误信息,error当做key。
    				{
    					error: "Invalid API key"
    				}
    	
    为什么做前后端分离?
    	数据的解耦,提高开发效率。
    
    安装:
    	pip3 install djangorestframework              -i http://pypi.douban.com/simple/ --trusted-host=pypi.douban.com
    	
    继承关系:
    	class View(object):-------------------------------------------------view
    			
    	class APIView(View):------------------------------------------------APIview
    	
    	class GenericAPIView(views.APIView):--------------------------------GenericAPIView
    	
    	class GenericViewSet(ViewSetMixin, generics.GenericAPIView)---------GenericViewSet
    	
    	class ModelViewSet(mixins.CreateModelMixin,-------------------------ModelViewSet(增删改查,genericViewset)
    		   mixins.RetrieveModelMixin,
    		   mixins.UpdateModelMixin,
    		   mixins.DestroyModelMixin,
    		   mixins.ListModelMixin,
    		   GenericViewSet):
    	
    Django Rest Framework 的的请求生命周期:
    		hTTP请求 —> wsgi —> 中间件 —> 路由分发 —> 执行对应类的dispatch方法 —> 视图函数 —>返回 
    		采用CBV的请求方式。
    
    源码剖析
    		接收HTTP请求---->wsgi----->中间件------->路由分发---------->执行对应类的dispatch方法------->视图函数------>返回
    		
    		首先执行 as_view 我们可以知道,as_view调用了dispatch.
    		执行:------------------------>执行对应类的dispatch方法:---------------------dispatch
    			一:第一步对------------------------------------------------------------------request二次封装
    			
    				1:--查看initialize_request方法,可以知道这个方法接收客户端的request请求,再重新封装成新的request。
    					def initialize_request(self, request, *args, **kwargs):
    						parser_context = self.get_parser_context(request)
    
    						return Request(
    							request,
    							parsers=self.get_parsers(),
    							authenticators=self.get_authenticators(),
    							negotiator=self.get_content_negotiator(),
    							parser_context=parser_context
    							)
    					点击进入Request
    					2:----再查看Request方法的源码,可以知道这个Request类是rest framework中定义的一个类
    						----Rquest类,这来类是经过Request处理过的request已经不再是客户端发送过来的那个request了
    						class Request(object):
    							def __init__(self, request, parsers=None, authenticators=None,
    										 negotiator=None, parser_context=None):
    								self._request = request
    								self.parsers = parsers or ()
    								self.authenticators = authenticators or ()
    								self.negotiator = negotiator or self._default_negotiator()
    								self.parser_context = parser_context
    								self._data = Empty
    								self._files = Empty
    								self._full_data = Empty
    								self._content_type = Empty
    								self._stream = Empty
    
    								if self.parser_context is None:
    									self.parser_context = {}
    								self.parser_context['request'] = self
    								self.parser_context['encoding'] = request.encoding or settings.DEFAULT_CHARSET
    
    								force_user = getattr(request, '_force_auth_user', None)
    								force_token = getattr(request, '_force_auth_token', None)
    								if force_user is not None or force_token is not None:
    									forced_auth = ForcedAuthentication(force_user, force_token)
    									self.authenticators = (forced_auth,)
    					3:----在initialize_request方法中,有一个方法处理过request,来看看get_parser_context方法的源码
    						在这里,view的值是self,代指的是UsersView这个对象,所以get_parser_context方法把UsersView这个类封装进来然后返回
    						所以get_parser_context方法最后返回的当前对象以及当前对象所传的参数,经过initialize_request函数处理之后的request,现在就变成了
    							Request(
    								request,
    								parsers=self.get_parsers(),
    								authenticators=self.get_authenticators(),
    								negotiator=self.get_content_negotiator(),
    								parser_context=parser_context
    							)
    						    def get_parser_context(self, http_request):
    								return {
    									'view': self,                          #代指的是UsersView这个对象
    									'args': getattr(self, 'args', ()),
    									'kwargs': getattr(self, 'kwargs', {})
    								}
    				    4:----现在再来看看Request的其他参数代指的是什么
    						get_parsers------------------根据字面意思,是解析get请求的意思
    							def get_parsers(self):
    								return [parser() for parser in self.parser_classes]
    						get_content_negotiator-------选择相关
    							def get_content_negotiator(self):
    								if not getattr(self, '_negotiator', None):
    									self._negotiator = self.content_negotiation_class()
    								return self._negotiator
    						parser_context---------------封闭self和self的参数
    							 parser_context = self.get_parser_context(request)		
    					    
    						*get_authenticators----------------------认证相关,在get_authenticators这个方法中循环了self.authentication_classes返回了一个列表对象,
    							def get_authenticators(self):
    								return [auth() for auth in self.authentication_classes]
    							----------他是self.找的,所有它先去我们写的那个类中去找authentication_classes,我们写的类中没有才去父类中找,因此我们就可以自定义这个列表类了。
    									  进入APIview类找------------------authentication_classes
    											class APIView(View):
    												# The following policies may be set at either globally, or per-view.
    												renderer_classes = api_settings.DEFAULT_RENDERER_CLASSES
    												parser_classes = api_settings.DEFAULT_PARSER_CLASSES
    												
    												authentication_classes = api_settings.DEFAULT_AUTHENTICATION_CLASSES #认证
    												throttle_classes = api_settings.DEFAULT_THROTTLE_CLASSES             #权限
    												permission_classes = api_settings.DEFAULT_PERMISSION_CLASSES		 #分流
    												
    												content_negotiation_class = api_settings.DEFAULT_CONTENT_NEGOTIATION_CLASS
    												metadata_class = api_settings.DEFAULT_METADATA_CLASS
    												versioning_class = api_settings.DEFAULT_VERSIONING_CLASS
    												..............
    								------------authentication_classes = api_settings.DEFAULT_AUTHENTICATION_CLASSES由此可以看出:
    											它默认的authentication_classes是从它的配置文件中读出来的。现在就可以去看看它配置文件中的类了。
    									 -------------进入api_settings可以看到api_settings=APISettings
    														api_settings = APISettings(None, DEFAULTS, IMPORT_STRINGS)
    											-----------进入APISettings,默认的authentication_classes是从它的配置文件中读出来的。现在就可以去看看它配置文件中的类了
    															DEFAULTS = {
    																# Base API policies
    																'DEFAULT_RENDERER_CLASSES': (
    																	'rest_framework.renderers.JSONRenderer',
    																	'rest_framework.renderers.BrowsableAPIRenderer',
    																),
    																'DEFAULT_PARSER_CLASSES': (
    																	'rest_framework.parsers.JSONParser',
    																	'rest_framework.parsers.FormParser',
    																	'rest_framework.parsers.MultiPartParser'
    																),
    																'DEFAULT_AUTHENTICATION_CLASSES': (
    																	'rest_framework.authentication.SessionAuthentication',
    																	'rest_framework.authentication.BasicAuthentication'
    																),
    																'DEFAULT_PERMISSION_CLASSES': (
    																	'rest_framework.permissions.AllowAny',
    																),
    																'DEFAULT_THROTTLE_CLASSES': (),
    																'DEFAULT_CONTENT_NEGOTIATION_CLASS': 'rest_framework.negotiation.DefaultContentNegotiation',
    																'DEFAULT_METADATA_CLASS': 'rest_framework.metadata.SimpleMetadata',
    																'DEFAULT_VERSIONING_CLASS': None,
    
    																# Generic view behavior
    																'DEFAULT_PAGINATION_CLASS': None,
    																'DEFAULT_FILTER_BACKENDS': (),
    
    																# Schema
    																'DEFAULT_SCHEMA_CLASS': 'rest_framework.schemas.AutoSchema',
    
    																# Throttling
    																'DEFAULT_THROTTLE_RATES': {
    																	'user': None,
    																	'anon': None,
    																},
    																'NUM_PROXIES': None,
    
    																# Pagination
    																'PAGE_SIZE': None,
    
    																# Filtering
    																'SEARCH_PARAM': 'search',
    																'ORDERING_PARAM': 'ordering',
    
    																# Versioning
    																'DEFAULT_VERSION': None,
    																'ALLOWED_VERSIONS': None,
    																'VERSION_PARAM': 'version',
    
    																# Authentication
    																'UNAUTHENTICATED_USER': 'django.contrib.auth.models.AnonymousUser',
    																'UNAUTHENTICATED_TOKEN': None,
    
    																# View configuration
    																'VIEW_NAME_FUNCTION': 'rest_framework.views.get_view_name',
    																'VIEW_DESCRIPTION_FUNCTION': 'rest_framework.views.get_view_description',
    
    																# Exception handling
    																'EXCEPTION_HANDLER': 'rest_framework.views.exception_handler',
    																'NON_FIELD_ERRORS_KEY': 'non_field_errors',
    
    																# Testing
    																'TEST_REQUEST_RENDERER_CLASSES': (
    																	'rest_framework.renderers.MultiPartRenderer',
    																	'rest_framework.renderers.JSONRenderer'
    																),
    																'TEST_REQUEST_DEFAULT_FORMAT': 'multipart',
    
    																# Hyperlink settings
    																'URL_FORMAT_OVERRIDE': 'format',
    																'FORMAT_SUFFIX_KWARG': 'format',
    																'URL_FIELD_NAME': 'url',
    
    																# Input and output formats
    																'DATE_FORMAT': ISO_8601,
    																'DATE_INPUT_FORMATS': (ISO_8601,),
    
    																'DATETIME_FORMAT': ISO_8601,
    																'DATETIME_INPUT_FORMATS': (ISO_8601,),
    
    																'TIME_FORMAT': ISO_8601,
    																'TIME_INPUT_FORMATS': (ISO_8601,),
    
    																# Encoding
    																'UNICODE_JSON': True,
    																'COMPACT_JSON': True,
    																'STRICT_JSON': True,
    																'COERCE_DECIMAL_TO_STRING': True,
    																'UPLOADED_FILES_USE_URL': True,
    
    																# Browseable API
    																'HTML_SELECT_CUTOFF': 1000,
    																'HTML_SELECT_CUTOFF_TEXT': "More than {count} items...",
    
    																# Schemas
    																'SCHEMA_COERCE_PATH_PK': True,
    																'SCHEMA_COERCE_METHOD_NAMES': {
    																	'retrieve': 'read',
    																	'destroy': 'delete'
    																},
    												}
    													-----------找到DEFAULT_AUTHENTICATION_CLASSES可以看出他有两个类是在authentication中:SessionAuthentication,BasicAuthentication,
    																'DEFAULT_AUTHENTICATION_CLASSES': (
    																	'rest_framework.authentication.SessionAuthentication',
    																	'rest_framework.authentication.BasicAuthentication'
    																		),
    															--------------from rest_framework import authentication进入
    															--------------SessionAuthentication
    																		  class SessionAuthentication(BaseAuthentication):
    																				"""
    																				Use Django's session framework for authentication.
    																				"""
    
    																				def authenticate(self, request):
    																					"""
    																					Returns a `User` if the request session currently has a logged in user.
    																					Otherwise returns `None`.
    																					"""
    
    																					# Get the session-based user from the underlying HttpRequest object
    																					user = getattr(request._request, 'user', None)
    
    																					# Unauthenticated, CSRF validation not required
    																					if not user or not user.is_active:
    																						return None
    
    																					self.enforce_csrf(request)
    
    																					# CSRF passed with authenticated user
    																					return (user, None)
    
    																					def enforce_csrf(self, request):
    																					"""
    																					Enforce CSRF validation for session based authentication.
    																					"""
    																					reason = CSRFCheck().process_view(request, None, (), {})
    																				if reason:
    																					# CSRF failed, bail with explicit error message
    																					raise exceptions.PermissionDenied('CSRF Failed: %s' % reason)
    															--------------BasicAuthentication
    																		  class BasicAuthentication(BaseAuthentication):
    																			"""
    																			HTTP Basic authentication against username/password.
    																			"""
    																			www_authenticate_realm = 'api'
    
    																			def authenticate(self, request):
    																				"""
    																				Returns a `User` if a correct username and password have been supplied
    																				using HTTP Basic authentication.  Otherwise returns `None`.
    																				"""
    																				auth = get_authorization_header(request).split()
    
    																				if not auth or auth[0].lower() != b'basic':
    																					return None
    
    																				if len(auth) == 1:
    																					msg = _('Invalid basic header. No credentials provided.')
    																					raise exceptions.AuthenticationFailed(msg)
    																				elif len(auth) > 2:
    																					msg = _('Invalid basic header. Credentials string should not contain spaces.')
    																					raise exceptions.AuthenticationFailed(msg)
    
    																				try:
    																					auth_parts = base64.b64decode(auth[1]).decode(HTTP_HEADER_ENCODING).partition(':')
    																				except (TypeError, UnicodeDecodeError, binascii.Error):
    																					msg = _('Invalid basic header. Credentials not correctly base64 encoded.')
    																					raise exceptions.AuthenticationFailed(msg)
    
    																				userid, password = auth_parts[0], auth_parts[2]
    																				return self.authenticate_credentials(userid, password, request)
    
    																			def authenticate_credentials(self, userid, password, request=None):
    																				"""
    																				Authenticate the userid and password against username and password
    																				with optional request for context.
    																				"""
    																				credentials = {
    																					get_user_model().USERNAME_FIELD: userid,
    																					'password': password
    																				}
    																				user = authenticate(request=request, **credentials)
    
    																				if user is None:
    																					raise exceptions.AuthenticationFailed(_('Invalid username/password.'))
    
    																				if not user.is_active:
    																					raise exceptions.AuthenticationFailed(_('User inactive or deleted.'))
    
    																				return (user, None)
    
    																			def authenticate_header(self, request):
    																				return 'Basic realm="%s"' % self.www_authenticate_realm		
    														    --------------可以看出他们都继承了一个BaseAuthentication的类并且都实现了authenticate方法。
    																		  class BaseAuthentication(object):
    																				"""
    																				All authentication classes should extend BaseAuthentication.
    																				"""
    
    																				def authenticate(self, request):
    																					"""
    																					Authenticate the request and return a two-tuple of (user, token).
    																					"""
    																					raise NotImplementedError(".authenticate() must be overridden.")
    
    																				def authenticate_header(self, request):
    																					"""
    																					Return a string to be used as the value of the `WWW-Authenticate`
    																					header in a `401 Unauthenticated` response, or `None` if the
    																					authentication scheme should return `403 Permission Denied` responses.
    																					"""
    																					pass
    															--------------进入authenticate,由此可以看出BaseAuthentication类其实是一个接口类,让继承它的类必须实现authenticate方法。
    																		  最后就是在request对象中的authenticatotes中封装了一些关于认证的对。
    																		def authenticate(self, request):
    																			"""
    																			Authenticate the request and return a two-tuple of (user, token).
    																			"""
    																			raise NotImplementedError(".authenticate() must be overridden.")		
    									 -----------自己添加配置文件-------settings:若将自己定义的认证类添加的返回的列表,就通过seettings的配置走自己的定义的认证类
    											EST_FRAMEWORK = {
    													'UNAUTHENTICATED_USER': None,
    													'UNAUTHENTICATED_TOKEN': None,
    													"DEFAULT_AUTHENTICATION_CLASSES": [
    														# "app01.utils.MyAuthentication",
    													],
    													'DEFAULT_PERMISSION_CLASSES':[
    
    													],
    													'DEFAULT_THROTTLE_RATES':{
    														'wdp_anon':'5/minute',
    														'wdp_user':'10/minute',
    
    													}
    												}
    					
    					5:---再来看看UsersView这个类中的get方法和post方法----------------------------------------------------------------UserView
    						可以看到get方法的参数中有一个request,通过前面可以知道这个request已经不是最开始时到达服务端的request了
    						这个request方法中已经被REST framework封装了解析,认证和选择等相关的方法
    							def get(self,request,*args,**kwargs):
    								pass
    							def post(self,request,*args,**kwargs):
    							pass
    					6:---efault_response_headers这个方法从它的注释可以看出已经被丢弃了.
    			
    			二:初始化--------------------------------------------------------------------获取版本-----认证-----权限-----分流	
    					7:---再来看initial这个方法
    									def initial(self, request, *args, **kwargs):
    										self.format_kwarg = self.get_format_suffix(**kwargs)
    										# Perform content negotiation and store the accepted info on the request
    										#执行内容协商并将接受的信息存储在请求上
    										neg = self.perform_content_negotiation(request)
    										request.accepted_renderer, request.accepted_media_type = neg
    										# Determine the API version, if versioning is in use.
    										#如果正在使用版本控制,请确定API版本。
    										version, scheme = self.determine_version(request, *args, **kwargs)
    										request.version, request.versioning_scheme = version, scheme
    										# Ensure that the incoming request is permitted
    										#确保传入的请求是允许的。
    										self.perform_authentication(request)
    										self.check_permissions(request)
    										self.check_throttles(request)
    								----先执行get_format_suffix-------------------------------------------------------------来获取客户端所发送的url的后缀
    
    								----然后执行perform_content_negotiation方法,--------------------------------------------这个方法的主要作用是执行内容选择,并把服务端接收到的信息保存在request中
    							
    								获取版本----然后再执行determine_version方法---------------------------------------------如果url中有版本信息,就获取发送到服务端的版本,返回一个元组
    									     -------version,schemas是执行determine_version获得的,versioning_scheme是设置类的对象也就是QueryParameterVersioning。
    												request.version就是QueryParameterVersioning执行etermine_version
    													 version, scheme = self.determine_version(request, *args, **kwargs)
    													 request.version, request.versioning_scheme = version, scheme
    												--------执行determine_version,如果versioning是空的,就返回两个空。,不为空走versioning设置值。
    															def determine_version(self, request, *args, **kwargs):
    																if self.versioning_class is None:
    																	return (None, None)
    																scheme = self.versioning_class()
    																return (scheme.determine_version(request, *args, **kwargs), scheme)
    														---------走versiong_class设置值,走api_settings配置找DEFAULT_VERSIONING_CLASS
    																 versioning_class = api_settings.DEFAULT_VERSIONING_CLASS
    																 ----------走api_settings寻找配置
    																		   api_settings = APISettings(None, DEFAULTS, IMPORT_STRINGS)
    																			---------api_settings = APISettings,走APISettings找DEFAULT_VERSIONING_CLASS。默认为空,需自己设置。
    																					 'DEFAULT_VERSIONING_CLASS': None,
    																			---------进入QueryParameterVersioning
    																					class QueryParameterVersioning(BaseVersioning):
    																						"""
    																						GET /something/?version=0.1 HTTP/1.1
    																						Host: example.com
    																						Accept: application/json
    																						"""
    																						invalid_version_message = _('Invalid version in query parameter.')
    
    																						def determine_version(self, request, *args, **kwargs):
    																							version = request.query_params.get(self.version_param, self.default_version)
    																							if not self.is_allowed_version(version):
    																								raise exceptions.NotFound(self.invalid_version_message)
    																							return version
    
    																						def reverse(self, viewname, args=None, kwargs=None, request=None, format=None, **extra):
    																							url = super(QueryParameterVersioning, self).reverse(
    																								viewname, args, kwargs, request, format, **extra
    																							)
    																							if request.version is not None:
    																								return replace_query_param(url, self.version_param, request.version)
    																							return url
    																			---------获取version,version_param就是配置
    																					def determine_version(self, request, *args, **kwargs):
    																						version = request.query_params.get(self.version_param, self.default_version)
    																						if not self.is_allowed_version(version):
    																							raise exceptions.NotFound(self.invalid_version_message)
    																						return version
    																					---------进入version_param,在配置中找VERSION_PARAM
    																							  version_param = api_settings.VERSION_PARAM
    																							  ---------由配置可知VERSION_PARAM等于version.
    																										'VERSION_PARAM': 'version',
    																			---------default_version=配置中的DEFAULT_VERSION
    																					default_version = api_settings.DEFAULT_VERSION
    																					 ---------进入配置找DEFAULT_VERSION,可以知道我们可以在setting中自己配置
    																			---------is_allowed_version是允许的版本,也可自己在seettings中配置。流程相似
    									     -------from rest_framework.versioning import QueryParameterVersioning,URLPathVersioning
    												---------QueryParameterVersioning
    														class QueryParameterVersioning(BaseVersioning):
    															"""
    															GET /something/?version=0.1 HTTP/1.1
    															Host: example.com
    															Accept: application/json
    															"""
    															invalid_version_message = _('Invalid version in query parameter.')
    
    															def determine_version(self, request, *args, **kwargs):
    																version = request.query_params.get(self.version_param, self.default_version)
    																if not self.is_allowed_version(version):
    																	raise exceptions.NotFound(self.invalid_version_message)
    																return version
    
    															def reverse(self, viewname, args=None, kwargs=None, request=None, format=None, **extra):
    																url = super(QueryParameterVersioning, self).reverse(
    																	viewname, args, kwargs, request, format, **extra
    																)
    																if request.version is not None:
    																	return replace_query_param(url, self.version_param, request.version)
    																return url
    														--------执行determine_version获取版本
    																def determine_version(self, request, *args, **kwargs):
    																	version = request.query_params.get(self.version_param, self.default_version)
    																	if not self.is_allowed_version(version):
    																		raise exceptions.NotFound(self.invalid_version_message)
    																	return version
    														--------执行reverse反向生成url
    																def reverse(self, viewname, args=None, kwargs=None, request=None, format=None, **extra):
    																	url = super(QueryParameterVersioning, self).reverse(
    																		viewname, args, kwargs, request, format, **extra
    																	)
    																	if request.version is not None:
    																		return replace_query_param(url, self.version_param, request.version)
    																	return url
    												---------URLPathVersioning
    														class URLPathVersioning(BaseVersioning):
    															"""
    															To the client this is the same style as `NamespaceVersioning`.
    															The difference is in the backend - this implementation uses
    															Django's URL keyword arguments to determine the version.
    
    															An example URL conf for two views that accept two different versions.
    
    															urlpatterns = [
    																url(r'^(?P<version>[v1|v2]+)/users/$', users_list, name='users-list'),
    																url(r'^(?P<version>[v1|v2]+)/users/(?P<pk>[0-9]+)/$', users_detail, name='users-detail')
    															]
    
    															GET /1.0/something/ HTTP/1.1
    															Host: example.com
    															Accept: application/json
    															"""
    															invalid_version_message = _('Invalid version in URL path.')
    
    															def determine_version(self, request, *args, **kwargs):
    																version = kwargs.get(self.version_param, self.default_version)
    																if not self.is_allowed_version(version):
    																	raise exceptions.NotFound(self.invalid_version_message)
    																return version
    
    															def reverse(self, viewname, args=None, kwargs=None, request=None, format=None, **extra):
    																if request.version is not None:
    																	kwargs = {} if (kwargs is None) else kwargs
    																	kwargs[self.version_param] = request.version
    
    																return super(URLPathVersioning, self).reverse(
    																	viewname, args, kwargs, request, format, **extra
    																)
    																 ---------自己在settings中配置
    																		REST_FRAMEWORK = {
    																			'VERSION_PARAM':'version',
    																			'DEFAULT_VERSION':'v1',
    																			'ALLOWED_VERSIONS':['v1','v2'],
    																			# 'DEFAULT_VERSIONING_CLASS':"rest_framework.versioning.HostNameVersioning"
    																			'DEFAULT_VERSIONING_CLASS':"rest_framework.versioning.URLPathVersioning"
    																		}
    														--------执行determine_version获取版本
    																def determine_version(self, request, *args, **kwargs):
    																version = kwargs.get(self.version_param, self.default_version)
    																if not self.is_allowed_version(version):
    																	raise exceptions.NotFound(self.invalid_version_message)
    																return version
    														---------执行reverse反向生成url
    																def reverse(self, viewname, args=None, kwargs=None, request=None, format=None, **extra):
    																if request.version is not None:
    																	kwargs = {} if (kwargs is None) else kwargs
    																	kwargs[self.version_param] = request.version
    
    																return super(URLPathVersioning, self).reverse(
    																	viewname, args, kwargs, request, format, **extra
    																)
    										 -------自定制settings
    												REST_FRAMEWORK = {
    												'VERSION_PARAM':'version',
    												'DEFAULT_VERSION':'v1',
    												'ALLOWED_VERSIONS':['v1','v2'],
    												# 'DEFAULT_VERSIONING_CLASS':"rest_framework.versioning.HostNameVersioning"
    												# 'DEFAULT_VERSIONING_CLASS':"rest_framework.versioning.URLPathVersioning"
    											}
    											
    								认证-----执行完上面的方法,再执行perform_authentication方法来进行认证操作----------------执行认证功能,确认进行后续操作的用户是被允许的,
    																												perform_authentication方法返回经过认证的用户对象,
    																												传入的request是重新封装过的。
    											def perform_authentication(self, request):
    												request.user
    										------然后就在request.user中执行authenticate这个方法进行认证
    											    def user(self):
    													"""
    													Returns the user associated with the current request, as authenticated
    													by the authentication classes provided to the request.
    													"""
    													if not hasattr(self, '_user'):
    														with wrap_attributeerrors():
    															self._authenticate()
    													return self._user
    													
    								检查权限-----执行check_permissions方法--------------------------------------------------如果用户通过认证,检查用户是否有权限访问url中所传的路径,
    																														如用用户访问的是没有没有权限的路径,则会抛出异常.			
    										 def check_permissions(self, request):
    											for permission in self.get_permissions():
    												if not permission.has_permission(request, self):
    													self.permission_denied(
    														request, message=getattr(permission, 'message', None)
    													)	
    										------循环,执行get_permissions返回一个列表对象。
    												    def get_permissions(self):
    														return [permission() for permission in self.permission_classes]
    												--------执行permission_classes,self是当前类,所以是去当前类中找,当前类中没有去父类(APIView)中找,所以可以自己定制。
    														permission_classes = api_settings.DEFAULT_PERMISSION_CLASSES
    														----------可以看出是从api_settings中找到,我们执行api_settings
    																api_settings = APISettings(None, DEFAULTS, IMPORT_STRINGS)
    																-------------进入APISettings,在DEFAULTS配置文件中找DEFAULT_PERMISSION_CLASSES,若自定制,自己在setting中配置。
    																			'DEFAULT_PERMISSION_CLASSES': (
    																			'rest_framework.permissions.AllowAny',
    																			-------------根据配置文件可知:我们走permissions的AllowAny类。
    																			from rest_framework.permissions import AllowAny进入
    																			-------------AllowAny执行了has_permission,返回True.
    																				class AllowAny(BasePermission):
    																					"""
    																					Allow any access.
    																					This isn't strictly required, since you could use an empty
    																					permission_classes list, but it's useful because it makes the intention
    																					more explicit.
    																					"""
    
    																					def has_permission(self, request, view):
    																						return True
    																					),
    																			-------------可以看出AllowAny继承了BasePermission,由此我们可以知道必须执行一个AllowAny
    																						自己有执行自己的,自己没有没有执行父类的,都返回True
    																						class BasePermission(object):
    																							"""
    																							A base class from which all permission classes should inherit.
    																							"""
    
    																							def has_permission(self, request, view):
    																								"""
    																								Return `True` if permission is granted, `False` otherwise.
    																								"""
    																								return True
    
    																							def has_object_permission(self, request, view, obj):
    																								"""
    																								Return `True` if permission is granted, `False` otherwise.
    																								"""
    																								return True
    	
    								检查限制访问(分流)-----就会执行check_throttles方法--------------------------------------作用是检查用户是否被限制了访问主机的次数
    										self.check_throttles(request)																		      如果用户访问服务器的次数超出设定值,则会抛出一个异常
    																		---------例如,如果想限制一个ip地址每秒钟只能访问几次,一个小时之内最多可以访问多少次,就可以在settings.py文件中进行配置
    									    def check_throttles(self, request):
    											for throttle in self.get_throttles():
    												if not throttle.allow_request(request, self):
    													self.throttled(request, throttle.wait())
    										----------循环执行,执行get_throttles,返回一个列表对象
    												        def get_throttles(self):
    															"""
    															Instantiates and returns the list of throttles that this view uses.
    															"""
    															return [throttle() for throttle in self.throttle_classes]
    													----------执行throttle_classes,self是当前类,请求过来首先在自己的类中找,没有去父类中找(APIView)
    														   throttle_classes = api_settings.DEFAULT_THROTTLE_CLASSES
    														----------可以看出是从api_settings中找到,我们执行api_settings
    															 api_settings = APISettings(None, DEFAULTS, IMPORT_STRINGS)
    															----------进入APISettings,在DEFAULTS配置文件中找DEFAULT_PERMISSION_CLASSES,若自定制,自己在setting中配置
    																	'DEFAULT_THROTTLE_CLASSES': (),
    																	'DEFAULT_CONTENT_NEGOTIATION_CLASS': 'rest_framework.negotiation.DefaultContentNegotiation',
    																	'DEFAULT_METADATA_CLASS': 'rest_framework.metadata.SimpleMetadata',
    																	'DEFAULT_VERSIONING_CLASS': None,
    																----------根据配置文件可知:
    																from rest_framework.permissions import AllowAny进入			
    	
    			三:执行对应的视图函数		
    					8:---initial这个方法执行完成后,request.method.lower把请求的方法转换成小写
    							 Get the appropriate handler method
    							if request.method.lower() in self.http_method_names:
    								handler = getattr(self, request.method.lower(),
    												  self.http_method_not_allowed)
    							else:
    								handler = self.http_method_not_allowed
    
    							response = handler(request, *args, **kwargs)
    					9:---再通过通过反射的方式来执行UsersView类中的get或post等自定义方法要注意的是,在执行initial方法之前,使用了try/except方法来进行异常处理
    						  如果执行initial方法的时候出现错误,就调用handle_exception来处理initial方法抛出的异常,返回正确的响应信息
    							def handle_exception(self, exc):
    								if isinstance(exc, (exceptions.NotAuthenticated,
    													exceptions.AuthenticationFailed)):
    									# WWW-Authenticate header for 401 responses, else coerce to 403
    									auth_header = self.get_authenticate_header(self.request)
    
    									if auth_header:
    										exc.auth_header = auth_header
    									else:
    										exc.status_code = status.HTTP_403_FORBIDDEN
    
    								exception_handler = self.get_exception_handler()
    
    								context = self.get_exception_handler_context()
    								response = exception_handler(exc, context)
    
    								if response is None:
    									self.raise_uncaught_exception(exc)
    
    								response.exception = True
    								return response
    				
    					10:---在前面,如果initial方法执行完成没有抛出异常,则根据反射执行自定义的请求方法,然后返回响应信息如果initial方法抛出异常则执行handle_exception
    						  方法处理抛出的异常,也返回响应信息等到上面的过程执行完成后,再执行finalize_response方法把最终的响应信息返回给客户端的浏览器
    						  def finalize_response(self, request, response, *args, **kwargs):
    							# Make the error obvious if a proper response is not returned
    							assert isinstance(response, HttpResponseBase), (
    								'Expected a `Response`, `HttpResponse` or `HttpStreamingResponse` '
    								'to be returned from the view, but received a `%s`'
    								% type(response)
    							)
    
    							if isinstance(response, Response):
    								if not getattr(request, 'accepted_renderer', None):
    									neg = self.perform_content_negotiation(request, force=True)
    									request.accepted_renderer, request.accepted_media_type = neg
    
    								response.accepted_renderer = request.accepted_renderer
    								response.accepted_media_type = request.accepted_media_type
    								response.renderer_context = self.get_renderer_context()
    
    							# Add new vary headers to the response instead of overwriting.
    							vary_headers = self.headers.pop('Vary', None)
    							if vary_headers is not None:
    								patch_vary_headers(response, cc_delim_re.split(vary_headers))
    
    							for key, value in self.headers.items():
    								response[key] = value
    
    							return response
    							
    	def dispatch(self, request, *args, **kwargs):
    		self.args = args
    		self.kwargs = kwargs
    		# ####################### 第一步 request二次封装 #######################
    		"""
    		return Request(
    			request,
    			parsers=self.get_parsers(),                 解析相关 对象列表
    			authenticators=self.get_authenticators(),   认证相关 对象列表
    			negotiator=self.get_content_negotiator(),   选择相关 选择对象
    			parser_context=parser_context               解析内容
    		)
    		"""
    		request = self.initialize_request(request, *args, **kwargs)
    		self.request = request
    		self.headers = self.default_response_headers  # deprecate?
    
    		# ####################### 第二步 初始化 #######################
    			"""
    		2.1 获取版本
    			返回(scheme.determine_version(request, *args, **kwargs), scheme)
    			request.version, request.versioning_scheme =版本号,检查版本的对象
    		2.2 认证    
    			self.perform_authentication(request)
    			调用request.user方法
    		2.3 检查权限
    			self.check_permissions(request)    
    				获取权限的对象列表   
    				执行对象.has_permission方法   返回True有权限,返回False没有权限,抛出异常,message定制错误信息。
    		2.4 检查限制访问
    			self.check_throttles(request)
    				获取限制类的对象列表
    				执行对象.allow_request(request, self)   返回True可以访问,返回False限制访问。
    
    		"""
    		try:
    			self.initial(request, *args, **kwargs)
    			# ####################### 第三步 执行对应的视图函数 #######################
    
    			# Get the appropriate handler method
    			if request.method.lower() in self.http_method_names:
    				handler = getattr(self, request.method.lower(),
    								  self.http_method_not_allowed)
    			else:
    				handler = self.http_method_not_allowed
    
    			response = handler(request, *args, **kwargs)
    
    		except Exception as exc:
    			response = self.handle_exception(exc)
    
    		self.response = self.finalize_response(request, response, *args, **kwargs)
    		return self.response
    
    基本流程
    	1:请求到来之后,都要执行dispatch方法,dispatch方法根据请求方式不同触发。
    	2:重要的功能是在APIView的dispatch中触发。
    	url.py
    		from django.conf.urls import url, include
    		from web.views.s1_api import TestView
    		urlpatterns = [
    			url(r'^test/', TestView.as_view()),
    		]
    	views.py
    		from rest_framework.views import APIView
    		from rest_framework.response import Response
    		class TestView(APIView):
    			def dispatch(self, request, *args, **kwargs):
    				"""
    					请求到来之后,都要执行dispatch方法,dispatch方法根据请求方式不同触发 get/post/put等方法
    					注意:APIView中的dispatch方法有好多好多的功能
    				"""
    						return super().dispatch(request, *args, **kwargs)
    		 
    			def get(self, request, *args, **kwargs):
    				return Response('GET请求,响应内容')
    		 
    			def post(self, request, *args, **kwargs):
    				return Response('POST请求,响应内容')
    		 
    			def put(self, request, *args, **kwargs):
    				return Response('PUT请求,响应内容')	
    	
    

      

    restful(表者征状态转移,面向资源编程)------------------------------------------->约定从资源的角度审视整个网络,将分布在网络中某个节点的资源通过url进行标识,客户端通过url获取资源的表征,获得这些表征使应用转变状态。-----------------------------------------------------------是一种软件架构风格。所有数据是通过网络获取的是操作的数据(增删改查),都是资源-------------------------------互联网上的一切东西都视为资源。restf规则:API与用户的通信协议,使用的是http协议1:域名尽量部署在专有域名之下,若API很简单,不会进一步扩展,可以考虑放在主域名下。2:应将api的版本号放入url,还可以将版本号放入Http请求头信息中,但不如放在url中方便。3:在RESTful架构中,每个网址代表一种资源(resource),所以网址中应该有动词,应该使用名词,   而且所用的名词往往与数据库的表格名对应。一般来说,数据库中的表都是同种记录的"集合"(collection),所以API中的名词也应该使用复数。4:用于区别url接口应将API加入到url.5: 如果记录数量很多,服务器不可能都将它们返回给用户。API应该提供参数,过滤返回结果。6: 服务器向用户返回的状态码和提示信息。8: 如果状态码是4xx,就应该向用户返回出错信息。一般来说,返回的信息中将error作为键名,出错信息作为键值即可。9: 请求方式的不同,进行不同的操作。post----get----put----patch----delete10:返回错误信息
    restful-api:API与用户的通行协议,总是使用HTTPs协议api:---------------------------------------------------------------------------------------接口用途:1:为别人提供服务----------发送短信2:前后端分离--------------前后端分离规范:1:url+apihttps://api.example.com------------------------------------------------------------尽量将API部署在专用域名(会存在跨域问题)https://example.org/api/-----------------------------------------------------------API很简单2:名词资源名必须是名词,不能是动词.......3:版本URL,-------------------------------------------------------------------------------如:https://api.example.com/v1/请求头------------------------------------------------------------------------------跨域时,引发发送多次请求4:提交方式------------------------------------------------------------methodGET:-------------------------------------------------------------------------------从服务器取出资源(一项或多项)POST:------------------------------------------------------------------------------在服务器新建一个资源PUT:-------------------------------------------------------------------------------在服务器更新资源(客户端提供改变后的完整资源)PATCH :----------------------------------------------------------------------------在服务器更新资源(客户端提供改变的属性)DELETE:----------------------------------------------------------------------------从服务器删除资源5:json数据------------------------------------------------------------返回json数据6:status--------------------------------------------------------------状态码200 OK - [GET]:服务器成功返回用户请求的数据,该操作是幂等的(Idempotent)。201 CREATED - [POST/PUT/PATCH]:用户新建或修改数据成功。202 Accepted - [*]:表示一个请求已经进入后台排队(异步任务)204 NO CONTENT - [DELETE]:用户删除数据成功。400 INVALID REQUEST - [POST/PUT/PATCH]:用户发出的请求有错误,服务器没有进行新建或修改数据的操作,该操作是幂等的。401 Unauthorized - [*]:表示用户没有权限(令牌、用户名、密码错误)。403 Forbidden - [*] 表示用户得到授权(与401错误相对),但是访问是被禁止的。404 NOT FOUND - [*]:用户发出的请求针对的是不存在的记录,服务器没有进行操作,该操作是幂等的。406 Not Acceptable - [GET]:用户请求的格式不可得(比如用户请求JSON格式,但是只有XML格式)。410 Gone -[GET]:用户请求的资源被永久删除,且不会再得到的。422 Unprocesable entity - [POST/PUT/PATCH] 当创建一个对象时,发生一个验证错误。500 INTERNAL SERVER ERROR - [*]:服务器发生错误,用户将无法判断发出的请求是否成功。更多看这里:http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html7:aypermedia link-----------------------------------------------------返回链接Hypermedia API,RESTful API最好做到Hypermedia,即返回结果中提供链接,连向其他API方法,使得用户不查文档,也知道下一步应该做什么。{"link": {  "rel":   "collection https://www.example.com/zoos",  "href":  "https://api.example.com/zoos",  "title": "List of zoos",  "type":  "application/vnd.yourformat+json"}}8:错误处理错误处理,状态码是4xx时,应返回错误信息,error当做key。{error: "Invalid API key"}为什么做前后端分离?数据的解耦,提高开发效率。
    安装:pip3 install djangorestframework              -i http://pypi.douban.com/simple/ --trusted-host=pypi.douban.com继承关系:class View(object):-------------------------------------------------viewclass APIView(View):------------------------------------------------APIviewclass GenericAPIView(views.APIView):--------------------------------GenericAPIViewclass GenericViewSet(ViewSetMixin, generics.GenericAPIView)---------GenericViewSetclass ModelViewSet(mixins.CreateModelMixin,-------------------------ModelViewSet(增删改查,genericViewset)   mixins.RetrieveModelMixin,   mixins.UpdateModelMixin,   mixins.DestroyModelMixin,   mixins.ListModelMixin,   GenericViewSet):Django Rest Framework 的的请求生命周期:hTTP请求 —> wsgi —> 中间件 —> 路由分发 —> 执行对应类的dispatch方法 —> 视图函数 —>返回 采用CBV的请求方式。
    源码剖析接收HTTP请求---->wsgi----->中间件------->路由分发---------->执行对应类的dispatch方法------->视图函数------>返回首先执行 as_view 我们可以知道,as_view调用了dispatch.执行:------------------------>执行对应类的dispatch方法:---------------------dispatch一:第一步对------------------------------------------------------------------request二次封装1:--查看initialize_request方法,可以知道这个方法接收客户端的request请求,再重新封装成新的request。def initialize_request(self, request, *args, **kwargs):parser_context = self.get_parser_context(request)
    return Request(request,parsers=self.get_parsers(),authenticators=self.get_authenticators(),negotiator=self.get_content_negotiator(),parser_context=parser_context)点击进入Request2:----再查看Request方法的源码,可以知道这个Request类是rest framework中定义的一个类----Rquest类,这来类是经过Request处理过的request已经不再是客户端发送过来的那个request了class Request(object):def __init__(self, request, parsers=None, authenticators=None, negotiator=None, parser_context=None):self._request = requestself.parsers = parsers or ()self.authenticators = authenticators or ()self.negotiator = negotiator or self._default_negotiator()self.parser_context = parser_contextself._data = Emptyself._files = Emptyself._full_data = Emptyself._content_type = Emptyself._stream = Empty
    if self.parser_context is None:self.parser_context = {}self.parser_context['request'] = selfself.parser_context['encoding'] = request.encoding or settings.DEFAULT_CHARSET
    force_user = getattr(request, '_force_auth_user', None)force_token = getattr(request, '_force_auth_token', None)if force_user is not None or force_token is not None:forced_auth = ForcedAuthentication(force_user, force_token)self.authenticators = (forced_auth,)3:----在initialize_request方法中,有一个方法处理过request,来看看get_parser_context方法的源码在这里,view的值是self,代指的是UsersView这个对象,所以get_parser_context方法把UsersView这个类封装进来然后返回所以get_parser_context方法最后返回的当前对象以及当前对象所传的参数,经过initialize_request函数处理之后的request,现在就变成了Request(request,parsers=self.get_parsers(),authenticators=self.get_authenticators(),negotiator=self.get_content_negotiator(),parser_context=parser_context)    def get_parser_context(self, http_request):return {'view': self,                          #代指的是UsersView这个对象'args': getattr(self, 'args', ()),'kwargs': getattr(self, 'kwargs', {})}    4:----现在再来看看Request的其他参数代指的是什么get_parsers------------------根据字面意思,是解析get请求的意思def get_parsers(self):return [parser() for parser in self.parser_classes]get_content_negotiator-------选择相关def get_content_negotiator(self):if not getattr(self, '_negotiator', None):self._negotiator = self.content_negotiation_class()return self._negotiatorparser_context---------------封闭self和self的参数 parser_context = self.get_parser_context(request)    *get_authenticators----------------------认证相关,在get_authenticators这个方法中循环了self.authentication_classes返回了一个列表对象,def get_authenticators(self):return [auth() for auth in self.authentication_classes]----------他是self.找的,所有它先去我们写的那个类中去找authentication_classes,我们写的类中没有才去父类中找,因此我们就可以自定义这个列表类了。  进入APIview类找------------------authentication_classesclass APIView(View):# The following policies may be set at either globally, or per-view.renderer_classes = api_settings.DEFAULT_RENDERER_CLASSESparser_classes = api_settings.DEFAULT_PARSER_CLASSESauthentication_classes = api_settings.DEFAULT_AUTHENTICATION_CLASSES #认证throttle_classes = api_settings.DEFAULT_THROTTLE_CLASSES             #权限permission_classes = api_settings.DEFAULT_PERMISSION_CLASSES #分流content_negotiation_class = api_settings.DEFAULT_CONTENT_NEGOTIATION_CLASSmetadata_class = api_settings.DEFAULT_METADATA_CLASSversioning_class = api_settings.DEFAULT_VERSIONING_CLASS..............------------authentication_classes = api_settings.DEFAULT_AUTHENTICATION_CLASSES由此可以看出:它默认的authentication_classes是从它的配置文件中读出来的。现在就可以去看看它配置文件中的类了。 -------------进入api_settings可以看到api_settings=APISettingsapi_settings = APISettings(None, DEFAULTS, IMPORT_STRINGS)-----------进入APISettings,默认的authentication_classes是从它的配置文件中读出来的。现在就可以去看看它配置文件中的类了DEFAULTS = {# Base API policies'DEFAULT_RENDERER_CLASSES': ('rest_framework.renderers.JSONRenderer','rest_framework.renderers.BrowsableAPIRenderer',),'DEFAULT_PARSER_CLASSES': ('rest_framework.parsers.JSONParser','rest_framework.parsers.FormParser','rest_framework.parsers.MultiPartParser'),'DEFAULT_AUTHENTICATION_CLASSES': ('rest_framework.authentication.SessionAuthentication','rest_framework.authentication.BasicAuthentication'),'DEFAULT_PERMISSION_CLASSES': ('rest_framework.permissions.AllowAny',),'DEFAULT_THROTTLE_CLASSES': (),'DEFAULT_CONTENT_NEGOTIATION_CLASS': 'rest_framework.negotiation.DefaultContentNegotiation','DEFAULT_METADATA_CLASS': 'rest_framework.metadata.SimpleMetadata','DEFAULT_VERSIONING_CLASS': None,
    # Generic view behavior'DEFAULT_PAGINATION_CLASS': None,'DEFAULT_FILTER_BACKENDS': (),
    # Schema'DEFAULT_SCHEMA_CLASS': 'rest_framework.schemas.AutoSchema',
    # Throttling'DEFAULT_THROTTLE_RATES': {'user': None,'anon': None,},'NUM_PROXIES': None,
    # Pagination'PAGE_SIZE': None,
    # Filtering'SEARCH_PARAM': 'search','ORDERING_PARAM': 'ordering',
    # Versioning'DEFAULT_VERSION': None,'ALLOWED_VERSIONS': None,'VERSION_PARAM': 'version',
    # Authentication'UNAUTHENTICATED_USER': 'django.contrib.auth.models.AnonymousUser','UNAUTHENTICATED_TOKEN': None,
    # View configuration'VIEW_NAME_FUNCTION': 'rest_framework.views.get_view_name','VIEW_DESCRIPTION_FUNCTION': 'rest_framework.views.get_view_description',
    # Exception handling'EXCEPTION_HANDLER': 'rest_framework.views.exception_handler','NON_FIELD_ERRORS_KEY': 'non_field_errors',
    # Testing'TEST_REQUEST_RENDERER_CLASSES': ('rest_framework.renderers.MultiPartRenderer','rest_framework.renderers.JSONRenderer'),'TEST_REQUEST_DEFAULT_FORMAT': 'multipart',
    # Hyperlink settings'URL_FORMAT_OVERRIDE': 'format','FORMAT_SUFFIX_KWARG': 'format','URL_FIELD_NAME': 'url',
    # Input and output formats'DATE_FORMAT': ISO_8601,'DATE_INPUT_FORMATS': (ISO_8601,),
    'DATETIME_FORMAT': ISO_8601,'DATETIME_INPUT_FORMATS': (ISO_8601,),
    'TIME_FORMAT': ISO_8601,'TIME_INPUT_FORMATS': (ISO_8601,),
    # Encoding'UNICODE_JSON': True,'COMPACT_JSON': True,'STRICT_JSON': True,'COERCE_DECIMAL_TO_STRING': True,'UPLOADED_FILES_USE_URL': True,
    # Browseable API'HTML_SELECT_CUTOFF': 1000,'HTML_SELECT_CUTOFF_TEXT': "More than {count} items...",
    # Schemas'SCHEMA_COERCE_PATH_PK': True,'SCHEMA_COERCE_METHOD_NAMES': {'retrieve': 'read','destroy': 'delete'},}-----------找到DEFAULT_AUTHENTICATION_CLASSES可以看出他有两个类是在authentication中:SessionAuthentication,BasicAuthentication,'DEFAULT_AUTHENTICATION_CLASSES': ('rest_framework.authentication.SessionAuthentication','rest_framework.authentication.BasicAuthentication'),--------------from rest_framework import authentication进入--------------SessionAuthentication  class SessionAuthentication(BaseAuthentication):"""Use Django's session framework for authentication."""
    def authenticate(self, request):"""Returns a `User` if the request session currently has a logged in user.Otherwise returns `None`."""
    # Get the session-based user from the underlying HttpRequest objectuser = getattr(request._request, 'user', None)
    # Unauthenticated, CSRF validation not requiredif not user or not user.is_active:return None
    self.enforce_csrf(request)
    # CSRF passed with authenticated userreturn (user, None)
    def enforce_csrf(self, request):"""Enforce CSRF validation for session based authentication."""reason = CSRFCheck().process_view(request, None, (), {})if reason:# CSRF failed, bail with explicit error messageraise exceptions.PermissionDenied('CSRF Failed: %s' % reason)--------------BasicAuthentication  class BasicAuthentication(BaseAuthentication):"""HTTP Basic authentication against username/password."""www_authenticate_realm = 'api'
    def authenticate(self, request):"""Returns a `User` if a correct username and password have been suppliedusing HTTP Basic authentication.  Otherwise returns `None`."""auth = get_authorization_header(request).split()
    if not auth or auth[0].lower() != b'basic':return None
    if len(auth) == 1:msg = _('Invalid basic header. No credentials provided.')raise exceptions.AuthenticationFailed(msg)elif len(auth) > 2:msg = _('Invalid basic header. Credentials string should not contain spaces.')raise exceptions.AuthenticationFailed(msg)
    try:auth_parts = base64.b64decode(auth[1]).decode(HTTP_HEADER_ENCODING).partition(':')except (TypeError, UnicodeDecodeError, binascii.Error):msg = _('Invalid basic header. Credentials not correctly base64 encoded.')raise exceptions.AuthenticationFailed(msg)
    userid, password = auth_parts[0], auth_parts[2]return self.authenticate_credentials(userid, password, request)
    def authenticate_credentials(self, userid, password, request=None):"""Authenticate the userid and password against username and passwordwith optional request for context."""credentials = {get_user_model().USERNAME_FIELD: userid,'password': password}user = authenticate(request=request, **credentials)
    if user is None:raise exceptions.AuthenticationFailed(_('Invalid username/password.'))
    if not user.is_active:raise exceptions.AuthenticationFailed(_('User inactive or deleted.'))
    return (user, None)
    def authenticate_header(self, request):return 'Basic realm="%s"' % self.www_authenticate_realm    --------------可以看出他们都继承了一个BaseAuthentication的类并且都实现了authenticate方法。  class BaseAuthentication(object):"""All authentication classes should extend BaseAuthentication."""
    def authenticate(self, request):"""Authenticate the request and return a two-tuple of (user, token)."""raise NotImplementedError(".authenticate() must be overridden.")
    def authenticate_header(self, request):"""Return a string to be used as the value of the `WWW-Authenticate`header in a `401 Unauthenticated` response, or `None` if theauthentication scheme should return `403 Permission Denied` responses."""pass--------------进入authenticate,由此可以看出BaseAuthentication类其实是一个接口类,让继承它的类必须实现authenticate方法。  最后就是在request对象中的authenticatotes中封装了一些关于认证的对。def authenticate(self, request):"""Authenticate the request and return a two-tuple of (user, token)."""raise NotImplementedError(".authenticate() must be overridden.") -----------自己添加配置文件-------settings:若将自己定义的认证类添加的返回的列表,就通过seettings的配置走自己的定义的认证类EST_FRAMEWORK = {'UNAUTHENTICATED_USER': None,'UNAUTHENTICATED_TOKEN': None,"DEFAULT_AUTHENTICATION_CLASSES": [# "app01.utils.MyAuthentication",],'DEFAULT_PERMISSION_CLASSES':[
    ],'DEFAULT_THROTTLE_RATES':{'wdp_anon':'5/minute','wdp_user':'10/minute',
    }}5:---再来看看UsersView这个类中的get方法和post方法----------------------------------------------------------------UserView可以看到get方法的参数中有一个request,通过前面可以知道这个request已经不是最开始时到达服务端的request了这个request方法中已经被REST framework封装了解析,认证和选择等相关的方法def get(self,request,*args,**kwargs):passdef post(self,request,*args,**kwargs):pass6:---efault_response_headers这个方法从它的注释可以看出已经被丢弃了.二:初始化--------------------------------------------------------------------获取版本-----认证-----权限-----分流7:---再来看initial这个方法def initial(self, request, *args, **kwargs):self.format_kwarg = self.get_format_suffix(**kwargs)# Perform content negotiation and store the accepted info on the request#执行内容协商并将接受的信息存储在请求上neg = self.perform_content_negotiation(request)request.accepted_renderer, request.accepted_media_type = neg# Determine the API version, if versioning is in use.#如果正在使用版本控制,请确定API版本。version, scheme = self.determine_version(request, *args, **kwargs)request.version, request.versioning_scheme = version, scheme# Ensure that the incoming request is permitted#确保传入的请求是允许的。self.perform_authentication(request)self.check_permissions(request)self.check_throttles(request)----先执行get_format_suffix-------------------------------------------------------------来获取客户端所发送的url的后缀
    ----然后执行perform_content_negotiation方法,--------------------------------------------这个方法的主要作用是执行内容选择,并把服务端接收到的信息保存在request中获取版本----然后再执行determine_version方法---------------------------------------------如果url中有版本信息,就获取发送到服务端的版本,返回一个元组     -------version,schemas是执行determine_version获得的,versioning_scheme是设置类的对象也就是QueryParameterVersioning。request.version就是QueryParameterVersioning执行etermine_version version, scheme = self.determine_version(request, *args, **kwargs) request.version, request.versioning_scheme = version, scheme--------执行determine_version,如果versioning是空的,就返回两个空。,不为空走versioning设置值。def determine_version(self, request, *args, **kwargs):if self.versioning_class is None:return (None, None)scheme = self.versioning_class()return (scheme.determine_version(request, *args, **kwargs), scheme)---------走versiong_class设置值,走api_settings配置找DEFAULT_VERSIONING_CLASS versioning_class = api_settings.DEFAULT_VERSIONING_CLASS ----------走api_settings寻找配置   api_settings = APISettings(None, DEFAULTS, IMPORT_STRINGS)---------api_settings = APISettings,走APISettings找DEFAULT_VERSIONING_CLASS。默认为空,需自己设置。 'DEFAULT_VERSIONING_CLASS': None,---------进入QueryParameterVersioningclass QueryParameterVersioning(BaseVersioning):"""GET /something/?version=0.1 HTTP/1.1Host: example.comAccept: application/json"""invalid_version_message = _('Invalid version in query parameter.')
    def determine_version(self, request, *args, **kwargs):version = request.query_params.get(self.version_param, self.default_version)if not self.is_allowed_version(version):raise exceptions.NotFound(self.invalid_version_message)return version
    def reverse(self, viewname, args=None, kwargs=None, request=None, format=None, **extra):url = super(QueryParameterVersioning, self).reverse(viewname, args, kwargs, request, format, **extra)if request.version is not None:return replace_query_param(url, self.version_param, request.version)return url---------获取version,version_param就是配置def determine_version(self, request, *args, **kwargs):version = request.query_params.get(self.version_param, self.default_version)if not self.is_allowed_version(version):raise exceptions.NotFound(self.invalid_version_message)return version---------进入version_param,在配置中找VERSION_PARAM  version_param = api_settings.VERSION_PARAM  ---------由配置可知VERSION_PARAM等于version.'VERSION_PARAM': 'version',---------default_version=配置中的DEFAULT_VERSIONdefault_version = api_settings.DEFAULT_VERSION ---------进入配置找DEFAULT_VERSION,可以知道我们可以在setting中自己配置---------is_allowed_version是允许的版本,也可自己在seettings中配置。流程相似     -------from rest_framework.versioning import QueryParameterVersioning,URLPathVersioning---------QueryParameterVersioningclass QueryParameterVersioning(BaseVersioning):"""GET /something/?version=0.1 HTTP/1.1Host: example.comAccept: application/json"""invalid_version_message = _('Invalid version in query parameter.')
    def determine_version(self, request, *args, **kwargs):version = request.query_params.get(self.version_param, self.default_version)if not self.is_allowed_version(version):raise exceptions.NotFound(self.invalid_version_message)return version
    def reverse(self, viewname, args=None, kwargs=None, request=None, format=None, **extra):url = super(QueryParameterVersioning, self).reverse(viewname, args, kwargs, request, format, **extra)if request.version is not None:return replace_query_param(url, self.version_param, request.version)return url--------执行determine_version获取版本def determine_version(self, request, *args, **kwargs):version = request.query_params.get(self.version_param, self.default_version)if not self.is_allowed_version(version):raise exceptions.NotFound(self.invalid_version_message)return version--------执行reverse反向生成urldef reverse(self, viewname, args=None, kwargs=None, request=None, format=None, **extra):url = super(QueryParameterVersioning, self).reverse(viewname, args, kwargs, request, format, **extra)if request.version is not None:return replace_query_param(url, self.version_param, request.version)return url---------URLPathVersioningclass URLPathVersioning(BaseVersioning):"""To the client this is the same style as `NamespaceVersioning`.The difference is in the backend - this implementation usesDjango's URL keyword arguments to determine the version.
    An example URL conf for two views that accept two different versions.
    urlpatterns = [url(r'^(?P<version>[v1|v2]+)/users/$', users_list, name='users-list'),url(r'^(?P<version>[v1|v2]+)/users/(?P<pk>[0-9]+)/$', users_detail, name='users-detail')]
    GET /1.0/something/ HTTP/1.1Host: example.comAccept: application/json"""invalid_version_message = _('Invalid version in URL path.')
    def determine_version(self, request, *args, **kwargs):version = kwargs.get(self.version_param, self.default_version)if not self.is_allowed_version(version):raise exceptions.NotFound(self.invalid_version_message)return version
    def reverse(self, viewname, args=None, kwargs=None, request=None, format=None, **extra):if request.version is not None:kwargs = {} if (kwargs is None) else kwargskwargs[self.version_param] = request.version
    return super(URLPathVersioning, self).reverse(viewname, args, kwargs, request, format, **extra) ---------自己在settings中配置REST_FRAMEWORK = {'VERSION_PARAM':'version','DEFAULT_VERSION':'v1','ALLOWED_VERSIONS':['v1','v2'],# 'DEFAULT_VERSIONING_CLASS':"rest_framework.versioning.HostNameVersioning"'DEFAULT_VERSIONING_CLASS':"rest_framework.versioning.URLPathVersioning"}--------执行determine_version获取版本def determine_version(self, request, *args, **kwargs):version = kwargs.get(self.version_param, self.default_version)if not self.is_allowed_version(version):raise exceptions.NotFound(self.invalid_version_message)return version---------执行reverse反向生成urldef reverse(self, viewname, args=None, kwargs=None, request=None, format=None, **extra):if request.version is not None:kwargs = {} if (kwargs is None) else kwargskwargs[self.version_param] = request.version
    return super(URLPathVersioning, self).reverse(viewname, args, kwargs, request, format, **extra) -------自定制settingsREST_FRAMEWORK = {'VERSION_PARAM':'version','DEFAULT_VERSION':'v1','ALLOWED_VERSIONS':['v1','v2'],# 'DEFAULT_VERSIONING_CLASS':"rest_framework.versioning.HostNameVersioning"# 'DEFAULT_VERSIONING_CLASS':"rest_framework.versioning.URLPathVersioning"}认证-----执行完上面的方法,再执行perform_authentication方法来进行认证操作----------------执行认证功能,确认进行后续操作的用户是被允许的,perform_authentication方法返回经过认证的用户对象,传入的request是重新封装过的。def perform_authentication(self, request):request.user------然后就在request.user中执行authenticate这个方法进行认证    def user(self):"""Returns the user associated with the current request, as authenticatedby the authentication classes provided to the request."""if not hasattr(self, '_user'):with wrap_attributeerrors():self._authenticate()return self._user检查权限-----执行check_permissions方法--------------------------------------------------如果用户通过认证,检查用户是否有权限访问url中所传的路径,如用用户访问的是没有没有权限的路径,则会抛出异常. def check_permissions(self, request):for permission in self.get_permissions():if not permission.has_permission(request, self):self.permission_denied(request, message=getattr(permission, 'message', None))------循环,执行get_permissions返回一个列表对象。    def get_permissions(self):return [permission() for permission in self.permission_classes]--------执行permission_classes,self是当前类,所以是去当前类中找,当前类中没有去父类(APIView)中找,所以可以自己定制。permission_classes = api_settings.DEFAULT_PERMISSION_CLASSES----------可以看出是从api_settings中找到,我们执行api_settingsapi_settings = APISettings(None, DEFAULTS, IMPORT_STRINGS)-------------进入APISettings,在DEFAULTS配置文件中找DEFAULT_PERMISSION_CLASSES,若自定制,自己在setting中配置。'DEFAULT_PERMISSION_CLASSES': ('rest_framework.permissions.AllowAny',-------------根据配置文件可知:我们走permissions的AllowAny类。from rest_framework.permissions import AllowAny进入-------------AllowAny执行了has_permission,返回True.class AllowAny(BasePermission):"""Allow any access.This isn't strictly required, since you could use an emptypermission_classes list, but it's useful because it makes the intentionmore explicit."""
    def has_permission(self, request, view):return True),-------------可以看出AllowAny继承了BasePermission,由此我们可以知道必须执行一个AllowAny自己有执行自己的,自己没有没有执行父类的,都返回Trueclass BasePermission(object):"""A base class from which all permission classes should inherit."""
    def has_permission(self, request, view):"""Return `True` if permission is granted, `False` otherwise."""return True
    def has_object_permission(self, request, view, obj):"""Return `True` if permission is granted, `False` otherwise."""return True检查限制访问(分流)-----就会执行check_throttles方法--------------------------------------作用是检查用户是否被限制了访问主机的次数self.check_throttles(request)      如果用户访问服务器的次数超出设定值,则会抛出一个异常---------例如,如果想限制一个ip地址每秒钟只能访问几次,一个小时之内最多可以访问多少次,就可以在settings.py文件中进行配置    def check_throttles(self, request):for throttle in self.get_throttles():if not throttle.allow_request(request, self):self.throttled(request, throttle.wait())----------循环执行,执行get_throttles,返回一个列表对象        def get_throttles(self):"""Instantiates and returns the list of throttles that this view uses."""return [throttle() for throttle in self.throttle_classes]----------执行throttle_classes,self是当前类,请求过来首先在自己的类中找,没有去父类中找(APIView)   throttle_classes = api_settings.DEFAULT_THROTTLE_CLASSES----------可以看出是从api_settings中找到,我们执行api_settings api_settings = APISettings(None, DEFAULTS, IMPORT_STRINGS)----------进入APISettings,在DEFAULTS配置文件中找DEFAULT_PERMISSION_CLASSES,若自定制,自己在setting中配置'DEFAULT_THROTTLE_CLASSES': (),'DEFAULT_CONTENT_NEGOTIATION_CLASS': 'rest_framework.negotiation.DefaultContentNegotiation','DEFAULT_METADATA_CLASS': 'rest_framework.metadata.SimpleMetadata','DEFAULT_VERSIONING_CLASS': None,----------根据配置文件可知:from rest_framework.permissions import AllowAny进入三:执行对应的视图函数8:---initial这个方法执行完成后,request.method.lower把请求的方法转换成小写 Get the appropriate handler methodif request.method.lower() in self.http_method_names:handler = getattr(self, request.method.lower(),  self.http_method_not_allowed)else:handler = self.http_method_not_allowed
    response = handler(request, *args, **kwargs)9:---再通过通过反射的方式来执行UsersView类中的get或post等自定义方法要注意的是,在执行initial方法之前,使用了try/except方法来进行异常处理  如果执行initial方法的时候出现错误,就调用handle_exception来处理initial方法抛出的异常,返回正确的响应信息def handle_exception(self, exc):if isinstance(exc, (exceptions.NotAuthenticated,exceptions.AuthenticationFailed)):# WWW-Authenticate header for 401 responses, else coerce to 403auth_header = self.get_authenticate_header(self.request)
    if auth_header:exc.auth_header = auth_headerelse:exc.status_code = status.HTTP_403_FORBIDDEN
    exception_handler = self.get_exception_handler()
    context = self.get_exception_handler_context()response = exception_handler(exc, context)
    if response is None:self.raise_uncaught_exception(exc)
    response.exception = Truereturn response10:---在前面,如果initial方法执行完成没有抛出异常,则根据反射执行自定义的请求方法,然后返回响应信息如果initial方法抛出异常则执行handle_exception  方法处理抛出的异常,也返回响应信息等到上面的过程执行完成后,再执行finalize_response方法把最终的响应信息返回给客户端的浏览器  def finalize_response(self, request, response, *args, **kwargs):# Make the error obvious if a proper response is not returnedassert isinstance(response, HttpResponseBase), ('Expected a `Response`, `HttpResponse` or `HttpStreamingResponse` ''to be returned from the view, but received a `%s`'% type(response))
    if isinstance(response, Response):if not getattr(request, 'accepted_renderer', None):neg = self.perform_content_negotiation(request, force=True)request.accepted_renderer, request.accepted_media_type = neg
    response.accepted_renderer = request.accepted_rendererresponse.accepted_media_type = request.accepted_media_typeresponse.renderer_context = self.get_renderer_context()
    # Add new vary headers to the response instead of overwriting.vary_headers = self.headers.pop('Vary', None)if vary_headers is not None:patch_vary_headers(response, cc_delim_re.split(vary_headers))
    for key, value in self.headers.items():response[key] = value
    return responsedef dispatch(self, request, *args, **kwargs):self.args = argsself.kwargs = kwargs# ####################### 第一步 request二次封装 #######################"""return Request(request,parsers=self.get_parsers(),                 解析相关 对象列表authenticators=self.get_authenticators(),   认证相关 对象列表negotiator=self.get_content_negotiator(),   选择相关 选择对象parser_context=parser_context               解析内容)"""request = self.initialize_request(request, *args, **kwargs)self.request = requestself.headers = self.default_response_headers  # deprecate?
    # ####################### 第二步 初始化 #######################"""2.1 获取版本返回(scheme.determine_version(request, *args, **kwargs), scheme)request.version, request.versioning_scheme =版本号,检查版本的对象2.2 认证    self.perform_authentication(request)调用request.user方法2.3 检查权限self.check_permissions(request)    获取权限的对象列表   执行对象.has_permission方法   返回True有权限,返回False没有权限,抛出异常,message定制错误信息。2.4 检查限制访问self.check_throttles(request)获取限制类的对象列表执行对象.allow_request(request, self)   返回True可以访问,返回False限制访问。
    """try:self.initial(request, *args, **kwargs)# ####################### 第三步 执行对应的视图函数 #######################
    # Get the appropriate handler methodif request.method.lower() in self.http_method_names:handler = getattr(self, request.method.lower(),  self.http_method_not_allowed)else:handler = self.http_method_not_allowed
    response = handler(request, *args, **kwargs)
    except Exception as exc:response = self.handle_exception(exc)
    self.response = self.finalize_response(request, response, *args, **kwargs)return self.response
    基本流程1:请求到来之后,都要执行dispatch方法,dispatch方法根据请求方式不同触发。2:重要的功能是在APIView的dispatch中触发。url.pyfrom django.conf.urls import url, includefrom web.views.s1_api import TestViewurlpatterns = [url(r'^test/', TestView.as_view()),]views.pyfrom rest_framework.views import APIViewfrom rest_framework.response import Responseclass TestView(APIView):def dispatch(self, request, *args, **kwargs):"""请求到来之后,都要执行dispatch方法,dispatch方法根据请求方式不同触发 get/post/put等方法注意:APIView中的dispatch方法有好多好多的功能"""return super().dispatch(request, *args, **kwargs) def get(self, request, *args, **kwargs):return Response('GET请求,响应内容') def post(self, request, *args, **kwargs):return Response('POST请求,响应内容') def put(self, request, *args, **kwargs):return Response('PUT请求,响应内容')

  • 相关阅读:
    python chr()、unichr()和ord()
    串的重复
    HDOJ 1465 不容易系列之一
    HDOJ 2050 折线分割平面
    最小距离
    HDOJ 2013 蟠桃记
    三进制转十进制
    数组转置
    蔬菜价格
    扑克牌移动
  • 原文地址:https://www.cnblogs.com/w-s-l123/p/9460317.html
Copyright © 2020-2023  润新知