系列文章目录
drf
第一章 django web开发模式、api接口、api接口测试工具、restful规范、序列化反序列化、drf安装使用
第二章 drf的使用、APIView源码分析、Request源码分析、Serializer的序列化
第三章 Serializer的反序列化、字段与参数、局部与全局钩子、ModelSerializer使用
第四章 drf认证、权限、频率源码分析、全局异常处理、自动生成接口文档、RBAC介绍
一、认证源码分析
所有视图都是基于APIView
class APIView(View):
# 获取认证配置
authentication_classes = api_settings.DEFAULT_AUTHENTICATION_CLASSES
#
settings = api_settings
然后APIView的as_view会运行dispatch方法
def dispatch(self, request, *args, **kwargs):
self.args = args
self.kwargs = kwargs
request = self.initialize_request(request, *args, **kwargs)
self.request = request
self.headers = self.default_response_headers # deprecate?
try:
# 在此处运行了initial来处理认证
self.initial(request, *args, **kwargs)
return self.response
initial方法运行perform_authentication
def initial(self, request, *args, **kwargs):
self.format_kwarg = self.get_format_suffix(**kwargs)
neg = self.perform_content_negotiation(request)
request.accepted_renderer, request.accepted_media_type = neg
version, scheme = self.determine_version(request, *args, **kwargs)
request.version, request.versioning_scheme = version, scheme
#此处运行认证相关方法
self.perform_authentication(request)
self.check_permissions(request)
self.check_throttles(request)
perform_authentication将传入的user进行验证
def perform_authentication(self, request):
request.user
request的user将会进行登录认证
def __init__(self, request, parsers=None, authenticators=None,
negotiator=None, parser_context=None):
assert isinstance(request, HttpRequest), (
'The `request` argument must be an instance of '
'`django.http.HttpRequest`, not `{}.{}`.'
.format(request.__class__.__module__, request.__class__.__name__)
)
self._request = request
self.parsers = parsers or ()
self.authenticators = authenticators or ()
self
最低0.47元/天 解锁文章
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
