1、一些准备工作
安装django
1
|
pip install django |
创建django项目
进入项目代码存放目录执行命令:
1
|
django - admin.py startproject blog_demo |
进入blog_demo,运行命令:
1
|
python3. 6 manage.py runserver 9000 |
在浏览器地址栏打开:http://127.0.0.1:9000/ 如果出现以下画面,则说明服务器正在运行
创建博客应用(app)
django中每一个app可以看作是一个模块,以app为单位,结构清晰,方便管理。
1
|
python3. 6 manage.py startapp blog_api |
使用开发工具打开项目blog_demo,其结构如下:
2、models.py
编写模型层代码,以下语句相当于创建了两张表:user,article
1
2
3
4
5
6
7
8
9
10
11
12
13
|
class user(models.model): id = models.autofield(primary_key = true) uname = models.charfield(max_length = 50 ) upwd = models.charfield(max_length = 100 ) #active inactive status = models.charfield(max_length = 10 ) class article(models.model): id = models.autofield(primary_key = true) title = models.charfield(max_length = 50 ) content = models.textfield() #deleted alive status = models.charfield(max_length = 10 ) |
创建表结构:
1
|
python3. 6 manage.py migrate |
settings.py文件installed_apps处新增app:blog_api
1
2
3
4
5
6
7
8
9
|
installed_apps = [ 'django.contrib.admin' , 'django.contrib.auth' , 'django.contrib.contenttypes' , 'django.contrib.sessions' , 'django.contrib.messages' , 'django.contrib.staticfiles' , 'blog_api' ] |
让django知道模型有了变化:
1
|
python3. 6 manage.py makemigrations blog_api |
再次创建表结构:
1
|
python3. 6 manage.py migrate |
3、django admin
登录
在浏览器控制台输入:http://127.0.0.1:9000/admin/login/?next=/admin/
创建超级用户
1
2
3
4
5
6
7
8
|
stephen@stephen - k55vd:~ / ideaprojects / blog_demo$ python3. 6 manage.py createsuperuser username (leave blank to use 'stephen' ): admin email address: password: password (again): this password is too common. bypass password validation and create user anyway? [y / n]: y superuser created successfully. |
邮件地址可以不填,注册成功后即可登录。使用admin后台来管理模型需要先注册,修改blog_api/admin.py代码
1
2
3
4
5
|
#导入模型user,article from blog_api.models import user,article admin.site.register(user) admin.site.register(article) |
刷新admin后台,就可以看到刚刚注册的模型了。
4、修改urls.py
1
2
3
4
5
6
|
from blog_api.views import add_article,modify_article urlpatterns = [ path( 'admin/' , admin.site.urls), path( 'articles/' ,add_article), path( 'articles/<int:art_id>' ,modify_article) ] |
5、新增文章接口
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
from django.http import httpresponse,jsonresponse from blog_api.models import user,article import json #新增文章 def add_article(request): if request.method = = "post" : req = json.loads(request.body) print (req) key_flag = req.get( "title" ) and req.get( "content" ) and len (req) = = 2 #判断请求体是否正确 if key_flag: title = req[ "title" ] content = req[ "content" ] #title返回的是一个list title_exist = article.objects. filter (title = title) #判断是否存在同名title if len (title_exist) ! = 0 : return jsonresponse({ "status" : "bs.400" , "msg" : "title aleady exist,fail to publish." }) '''插入数据''' add_art = article(title = title,content = content,status = "alive" ) add_art.save() return jsonresponse({ "status" : "bs.200" , "msg" : "publish article sucess." }) else : return jsonresponse({ "status" : "bs.400" , "message" : "please check param." }) |
使用postman工具调用接口,运行结果:
6、查询文章接口
1
2
3
4
5
6
7
|
#查询所有文章和状态 if request.method = = "get" : articles = {} query_art = article.objects. all () for title in query_art: articles[title.title] = title.status return jsonresponse({ "status" : "bs.200" , "all_titles" :articles, "msg" : "query articles sucess." }) |
运行结果:
7、修改文章接口
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
#修改文章 def modify_article(request,art_id): if request.method = = "post" : req = json.loads(request.body) try : art = article.objects.get( id = art_id) key_flag = req.get( "title" ) and req.get( "content" ) and len (req) = = 2 if key_flag: title = req[ "title" ] content = req[ "content" ] title_exist = article.objects. filter (title = title) if len (title_exist) > 1 : return jsonresponse({ "status" : "bs.400" , "msg" : "title aleady exist." }) '''更新数据''' old_art = article.objects.get( id = art_id) old_art.title = title old_art.content = content old_art.save() return jsonresponse({ "status" : "bs.200" , "msg" : "modify article sucess." }) except article.doesnotexist: return jsonresponse({ "status" : "bs.300" , "msg" : "article is not exists,fail to modify." }) |
运行结果:
8、删除文章接口
1
2
3
4
5
6
7
8
9
|
#删除文章 if request.method = = "delete" : try : art = article.objects.get( id = art_id) art_id = art. id art.delete() return jsonresponse({ "status" : "bs.200" , "msg" : "delete article sucess." }) except article.doesnotexist: return jsonresponse({ "status" : "bs.300" , "msg" : "article is not exists,fail to delete." }) |
运行结果:
9、鉴权
四个简单的接口已经可以运行了,但是在发请求之前没有进行鉴权,毫无安全性可言。下面来实现简单的认证机制。需要用到内建模块hashlib,hashlib提供了常见的摘要算法,如md5,sha1等。
鉴权接口
新增一个专门用于鉴权的接口。在urls.py中添加
1
|
path( "auth/" ,get_token) |
在views.py前面新增函数get_token(request)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
import hashlib #获取token def get_token(request): req = json.loads(request.body) uname = req[ "username" ] upwd = req[ "password" ] if request.method = = "post" : try : tmppwd = user.objects.get(uname = uname).upwd if upwd = = tmppwd: md5 = hashlib.md5() #把密码变成一个长度固定的字符串 md5.update(upwd.encode( "utf-8" )) return jsonresponse({ "status" : "bs.201" , "x-token" :md5.hexdigest()}) else : return jsonresponse({ "status" : "bs.401" , "msg" : "username or password may wrong." }) except user.doesnotexist: return jsonresponse({ "status" : "bs.500" , "msg" : "username is not exist." }) |
登录django admin在blog_api下的user表新增一条记录。运行结果:
用户认证
request.meta.get(“header key”) 用于获取header的信息。注意的是header key必须增加前缀http,同时大写,中划先会转成下划线,例如你的key为x-token,那么应该写成request.meta.get("http_x_token"),修改views.py在get_token后面加上如下代码:
1
2
3
4
5
6
7
8
9
10
11
12
13
|
#认证动作 def user_auth(request): token = request.meta.get( "http_x_token" ,b'') print (token) if token: #暂时先写上auth接口返回的数据 if token = = "0a6db4e59c7fff2b2b94a297e2e5632e" : return "auth_sucess" else : return "auth_fail" else : return "auth_fail" |
在接口中调用user_auth函数,以发布文章接口为例:
1
2
3
4
5
6
7
8
9
10
|
#新增文章 def add_article(request): auth_res = user_auth(request) if auth_res = = "auth_fail" : return jsonresponse({ "status" : "bs.401" , "msg" : "user auth failed." }) else : if request.method = = "post" : req = json.loads(request.body) print (req) ....... |
再次使用postman工具调用新增文章接口,header中没有x-token或x-token错误时的运行结果:
以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持服务器之家。
原文链接:http://www.cnblogs.com/webDepOfQWS/p/10693152.html