处理跨域请求
主要的思路:
设置一个基于CORS的中间件来处理,关于跨域的产生与处理手段
settings.py:
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'api.cors.CORSMiddleware',
]
cors.py:
class CORSMiddleware(MiddlewareMixin):
def process_response(self,request,response):
# 添加响应头
# 允许你的域名来获取我的数据
# response['Access-Control-Allow-Origin'] = "*"
# 允许你携带Content-Type请求头
# response['Access-Control-Allow-Headers'] = "Content-Type"
# 允许你发送DELETE,PUT
# response['Access-Control-Allow-Methods'] = "DELETE,PUT"
response['Access-Control-Allow-Origin'] = "*"
if request.method == "OPTIONS":
response['Access-Control-Allow-Headers'] = "Content-Type"
response['Access-Control-Allow-Methods'] = "PUT,DELETE"
return response
urls.py:
urlpatterns = [
url(r'^admin/', admin.site.urls),
url(r'^api/(?P<version>\w+)/', include('api.urls')),
]
1.API汇总
查询所有的课程
http://127.0.0.1:8000/api/v1/course/
-
查询课程详细
-
登陆认证
-
微学位
1.1 课程接口
序列化课程表:
from api import models
from rest_framework import serializers
class CourseSerializer(serializers.ModelSerializer):
"""
课程序列化
"""
level = serializers.CharField(source='get_level_display')
class Meta:
model = models.Course
fields = ['id', 'title', 'course_img', 'level']
class CourseDetailSerializer(serializers.ModelSerializer):
"""
课程详细序列化
"""
# one2one/fk/choice
title = serializers.CharField(source='course.title')
img = serializers.CharField(source='course.course_img')
level = serializers.CharField(source='course.get_level_display')
# m2m
recommends = serializers.SerializerMethodField()
chapter = serializers.SerializerMethodField()
class Meta:
model = models.CourseDetail
fields = ['course', 'title', 'img', 'level',
'slogon', 'why', 'recommends', 'chapter']
def get_recommends(self, obj):
# 获取推荐的所有课程
queryset = obj.recommend_courses.all()
return [{'id': row.id, 'title': row.title} for row in queryset]
def get_chapter(self, obj):
# 获取推荐的所有课程
queryset = obj.course.chapter_set.all()
return [{'id': row.id, 'name': row.name} for row in queryset]
course.py:
from api import models
from rest_framework import serializers
class CourseSerializer(serializers.ModelSerializer):
"""
课程序列化
"""
level = serializers.CharField(source='get_level_display')
class Meta:
model = models.Course
fields = ['id', 'title', 'course_img', 'level']
class CourseDetailSerializer(serializers.ModelSerializer):
"""
课程详细序列化
"""
# one2one/fk/choice
title = serializers.CharField(source='course.title')
img = serializers.CharField(source='course.course_img')
level = serializers.CharField(source='course.get_level_display')
# m2m
recommends = serializers.SerializerMethodField()
chapter = serializers.SerializerMethodField()
class Meta:
model = models.CourseDetail
fields = ['course', 'title', 'img', 'level',
'slogon', 'why', 'recommends', 'chapter']
def get_recommends(self, obj):
# 获取推荐的所有课程
queryset = obj.recommend_courses.all()
return [{'id': row.id, 'title': row.title} for row in queryset]
def get_chapter(self, obj):
# 获取推荐的所有课程
queryset = obj.course.chapter_set.all()
return [{'id': row.id, 'name': row.name} for row in queryset]
urls.py:
url(r'^course/$', course.CourseView.as_view({'get':'list'})),
url(r'^course/(?P<pk>\d+)/$', course.CourseView.as_view({'get':'retrieve'})),
1.2 登陆认证接口:
要点:
为了保证接口的安全,即使Vue部分已经完成了用户的认证,接口还是需要对Vue的token进行认证。
uuid可以用来生成随机字符串,且基于mac地址与时间的组合,安全性较高。此字符串可以用来作为我们的token
account.py
import uuid
class AuthView(APIView):
def post(self,request,*args,**kwargs):
"""
用户登录认证
:param request:
:param args:
:param kwargs:
:return:
"""
ret = {'code':1000}
user = request.data.get('user')
pwd = request.data.get('pwd')
user = models.UserInfo.objects.filter(user=user,pwd=pwd).first()
if not user:
ret['code'] = 1001
ret['error'] = '用户名或密码错误'
else:
# 这里就是利用uuid模块来生成安全性较高的字符串
uid = str(uuid.uuid4())
models.UserToken.objects.update_or_create(user=user,defaults={'token':uid})
ret['token'] = uid
return Response(ret)
1.3 微职位接口
views.py:
class MicroView(APIView):
authentication_classes = [LuffyAuth,]
def get(self,request,*args,**kwargs):
ret = {'code':1000,'title':'微职位'}
return Response(ret)
urls.py:
url(r'^micro/$', course.MicroView.as_view())