01项目环境搭建_哔哩哔哩_bilibili 本博客借鉴至大佬的视频学习笔记
# 创建项目
django-admin startproject MyShop
# 创建app
E:\desktop\my_drf\MyShop>django-admin startapp goods
E:\desktop\my_drf\MyShop>django-admin startapp order
E:\desktop\my_drf\MyShop>django-admin startapp cart
E:\desktop\my_drf\MyShop>django-admin startapp users
创建apps文件夹放入的上面应用
# 注册应用
'rest_framework',
'corsheaders',
'apps.users',
'apps.goods',
'apps.cart',
'apps.order'
# 配置mysql
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.mysql',
'NAME': 'shop',
'USER': 'root',
'PASSWORD': 'pass',
'HOST': 'localhost',
'PORT': 3306
}
}
# 允许所有的用户跨域请求
CORS_ORIGIN_ALLOW_ALL = True
# 中文及时区调整
LANGUAGE_CODE = 'zh-hans'
TIME_ZONE = 'Asia/Shanghai'
创建shop数据库
mysql> create database shop charset=utf8;
Query OK, 1 row affected, 1 warning (0.01 sec)
公共表设计:
# 定义继承时,需要setting自定义用户类模型
AUTH_USER_MODEL = 'users.User'
# 创建 common目录下db.py文件
from django.db import models
class BaseModel(models.Model):
""" 抽象的模型基类,定义公共模型字段 """
create_time = models.DateTimeField(auto_now_add=True,verbose_name='创建时间')
update_time = models.DateTimeField(auto_now=True,verbose_name='更新时间')
is_delete = models.BooleanField(default=False,verbose_name='删除标记')
class Meta:
# 声明这个是抽象模型,生成迁移文件时,不会在数据库生成表
abstract = True
verbose_name_plural = '公共字段表'
db_table = 'BaseTabel'
用户表结构设计
from django.db import models
from django.contrib.auth.models import AbstractUser # django自带的用户认证模型
from common.db import BaseModel
# Create your models here.
class User(AbstractUser,BaseModel):
"""用户表"""
mobile = models.CharField(verbose_name='手机号',help_text='手机号',max_length=11,default='',blank=True)
avatar = models.ImageField(verbose_name='用户头像',help_text='用户头像',max_length=30,null=True,blank=True)
class Meta:
db_table = 'users'
verbose_name = '用户表'
class Addr(models.Model):
"""收货地址模型"""
user = models.ForeignKey('User',verbose_name='所属用户',on_delete=models.CASCADE)
phone = models.CharField(verbose_name='手机号',help_text='手机号',max_length=11,null=True,blank=True)
name = models.CharField(verbose_name='联系人',help_text='联系人',max_length=20,null=True,blank=True)
province = models.CharField(verbose_name='省份',help_text='省份',max_length=20,null=True,blank=True)
city = models.CharField(verbose_name='城市',help_text='城市',max_length=20,null=True,blank=True)
country = models.CharField(verbose_name='区县',help_text='区县',max_length=20,null=True,blank=True)
is_default = models.BooleanField(verbose_name='是否为默认地址',help_text='省份',max_length=30,default=False)
class Meta:
db_table = 'addr'
verbose_name = '收货地址表'
class Area(models.Model):
"""省市区县地址模型"""
pid = models.ImageField(verbose_name='上级ID',help_text='上级ID',max_length=20,null=True,blank=True)
name = models.CharField(verbose_name='地区名',help_text='地区名',max_length=20,null=True,blank=True)
level = models.CharField(verbose_name='区域等级',help_text='区域等级',max_length=20,null=True,blank=True)
class Meta:
db_table = 'area'
verbose_name = '地区表'
class VerifyCode(models.Model):
"""验证码模型"""
mobile = models.CharField(verbose_name='手机号码',help_text='手机号码',max_length=11,null=True,blank=True)
code = models.CharField(verbose_name='验证码',help_text='验证码',max_length=6,null=True,blank=True)
create_time = models.DateTimeField(auto_now_add=True,verbose_name='生成时间',help_text='生成时间')
class Meta:
db_table = 'verifycode'
verbose_name = '手机验证码表'
执行迁移文件,生成表结构
E:\desktop\my_drf\MyShop>python manage.py makemigrations
Migrations for 'users':
apps\users\migrations\0001_initial.py
Create model User
Create model Area
Create model VerifyCode
Create model Addr
E:\desktop\my_drf\MyShop>python manage.py migrate
结果展示:
用户鉴权:使用JWT认证
创建超级管理员用户
E:\desktop\my_drf\MyShop>python manage.py createsuperuser
用户名: pass
电子邮件地址: pass@qq.com
Password:
Password (again):
JWT权限认证配置
# 注册jwt
'rest_framework_simplejwt',
# 配置setting
REST_FRAMEWORK = {
# DRF配置鉴权方式
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework_simplejwt.authentication.JWTAuthentication',
'rest_framework.authentication.BasicAuthentication', # Basic 认证
'rest_framework.authentication.SessionAuthentication', # Session 认证
),
}
# 配置总路由urls
path('api/users/',include('apps.users.urls'))
# user url 配置
from rest_framework_simplejwt.views import TokenVerifyView, TokenRefreshView, TokenObtainPairView
urlpatterns = [
path('login/', TokenObtainPairView.as_view(), name='login'), # 登录
path('token/refresh/', TokenRefreshView.as_view(), name='token_refresh'), # token 刷新
path('token/verify/', TokenVerifyView.as_view(), name='token_verify'), # token 效验
]
配置Postman环境变量
Postman运行示图:
自定义用户登录功能的实现
from rest_framework_simplejwt.views import TokenObtainPairView
# Create your views here.
class LoginView(TokenObtainPairView):
def post(self, request, *args, **kwargs):
serializer = self.get_serializer(data=request.data)
try:
serializer.is_valid(raise_exception=True)
except TokenError as e:
raise InvalidToken(e.args[0])
# 自定义登录成功后返回的数据信息
result = serializer.validated_data
result['id'] = serializer.user.id
result['email'] = serializer.user.email
result['mobile'] = serializer.user.mobile
result['username'] = serializer.user.username
result['token'] = result.pop('access')
return Response(serializer.validated_data, status=status.HTTP_200_OK)
运行结果:
用户注册功能的实现
import re
from rest_framework import status
from rest_framework.response import Response
from rest_framework_simplejwt.exceptions import TokenError, InvalidToken
from rest_framework_simplejwt.views import TokenObtainPairView
from rest_framework.views import APIView
from .models import User
# Create your views here.
class RegisterView(APIView):
def post(self,request):
"""注册:接收参数并校验、创建用户 """
username = request.data.get('username')
password = request.data.get('password')
email = request.data.get('email')
password_confirmation = request.data.get('password_confirmation')
# 检验
print(all([username,password,email,password_confirmation]))
print([username,password,email,password_confirmation])
if not all([username,password,email,password_confirmation]):
return Response({'error':'所有参数不能为空'},status=status.HTTP_422_UNPROCESSABLE_ENTITY)
# 检验用户是否已存在
if User.objects.filter(username=username).exists():
return Response({'error':'用户名已存在'},status=status.HTTP_422_UNPROCESSABLE_ENTITY)
# check password
if password !=password_confirmation:
return Response({'error':'两次输入的密码不一致'},status=status.HTTP_422_UNPROCESSABLE_ENTITY)
if not (6<len(password)<18):
return Response({'error':'密码长度需要在6-18位之间'},status=status.HTTP_422_UNPROCESSABLE_ENTITY)
# check email
if User.objects.filter(email=email).exists():
return Response({'error':'该邮箱已被他人注册'},status=status.HTTP_422_UNPROCESSABLE_ENTITY)
if not re.match(r'^[a-z0-9][\w.\-]*@[a-z0-9\-]+(\.[a-z]{2,5}){1,2}$',email):
return Response({'error':'邮箱格式有误'},status=status.HTTP_422_UNPROCESSABLE_ENTITY)
# 创建用户
obj = User.objects.create_user(username=username,email=email,password=password)
res = {
'username':username,
'id':obj.id,
'email':obj.email
}
return Response(res,status=status.HTTP_201_CREATED)
# url 配置
path('register/', RegisterView.as_view(), name='register'), # 注册
多字段用户登录功能支持
# 规范化格式,创建authentication.py放于common目录下
from django.contrib.auth.backends import ModelBackend
from apps.users.models import User
from django.db.models import Q
from rest_framework import serializers
class Authentication(ModelBackend):
"""自定义用户登录的认证类,实现多字段登录"""
def authenticate(self, request, username=None, password=None, **kwargs):
"""支持使用手机号/邮箱/用户名登录"""
try:
user = User.objects.get(Q(username=username) | Q(mobile=username) | Q(email=username))
except:
raise serializers.ValidationError({'error':'未找到该用户!'})
# check password
if user.check_password(password):
return user
raise serializers.ValidationError({'error':'密码错误'})
# 配置setting 使用
# 使用自定义的认证类进行身份登录,登录时验证信息
AUTHENTICATION_BACKENDS =[
'common.authentication.Authentication',
]
注意上述代码使用 User 的导包方式
from apps.users.models import User √
from django.contrib.auth.models import User ×
因当前在setting设置的规范 AUTH_USER_MODEL = 'users.User'
第二行代码可能会导致找不到用户而抛出异常,此时的解决方法
from django.contrib.auth.models import User from django.contrib.auth import get_user_model User= get_user_model() # 重写获取注册的app模型类
运行结果展示:
刷新 jwt token: 当上述token失效时可以通过刷新refresh得到新的token
要求:检查参数不为空、检验密码账号正确、登录成功返回token,支持多字段登录
# 配置urls文件
from rest_framework_simplejwt.views import TokenRefreshView,TokenVerifyView
urlpatterns = [
path('token/refresh/', TokenRefreshView.as_view(), name='token_refresh'), # 刷新token
path('token/verify/', TokenVerifyView.as_view(), name='token_verify'), # 检验token
]
获取用户信息,要求如下
-
获取用户信息时进行权限检验,需要在请求中添加认证字段
-
防止越权篡改数据
定义序列化器
from rest_framework import serializers
from apps.users.models import Userclass UserSerializer(serializers.ModelSerializer):
"""用户的模型序列化器"""
class Meta:
model = User
fields = ['id','username','email','mobile','avatar','last_name']定义视图
from .models import User
from .serializers import UserSerializer
from rest_framework.viewsets import GenericViewSet,mixinsCreate your views here.
class UserView(GenericViewSet,mixins.RetrieveModelMixin):
"""用户相关的操作视图集"""
queryset = User.objects.all()
serializer_class = UserSerializer配置urls
path('users/int:pk/',UserView.as_view({'get':'retrieve'}), name='user_get'), # 检验token
运行结果展示:
增加权限管理,防止当前用户访问其他用户
from rest_framework import permissions
class UserPermissions(permissions.BasePermission):
"""
Custom permission to only allow owners of an object to edit it.
"""
def has_object_permission(self, request, view, obj):
# 判断是否是管理员
if request.user.is_superuser:
return True
# 判断当前的用户对象和登录的用户对象是否是同一个,防止越权
return obj == request.user
# 更新配置视图文件
permission_classes = [IsAuthenticated,UserPermissions] # 设置权限认证
更多详细权限配置:4 - Authentication and permissions - Django REST framework
上传用户头像-
要求:检验参数avatar、文件大小不超过300kb、返回的url可以访问图片,防止用户越权
# 头像文件上传视图
class UserView(GenericViewSet,mixins.RetrieveModelMixin):
"""用户相关的操作视图集"""
queryset = User.objects.all()
serializer_class = UserSerializer
permission_classes = [IsAuthenticated,UserPermissions] # 设置权限认证
def upload_avatar(self,request,*args,**kwargs):
"""上传头像"""
obj= self.get_object()
avatar = request.data.get('avatar')
if not avatar:
return Response({'error':'上传文件不可为空!'},status=status.HTTP_400_BAD_REQUEST)
size = avatar.size
if size >1024*300:
return Response({'error': '上传文件大小不可超过300kb!'}, status=status.HTTP_400_BAD_REQUEST)
# partial 只对部分字段(上传的字段)进行校验
serializer = self.get_serializer(obj,data={'avatar':avatar},partial=True)
serializer.is_valid(raise_exception=True)
serializer.save()
return Response({'url':serializer.data['avatar']})
# setting配置
# 文件上传的路径
MEDIA_ROOT = BASE_DIR / 'file/image'
# 文件的url路径
MEDIA_URL = 'file/image/'
# 配置url
path('<int:pk>/avatar/upload/',UserView.as_view({'post':'upload_avatar'}), name='avatar_post')
头像文件获取
# 头像文件获取
class FileView(APIView):
def get(self,request,name):
path = MEDIA_ROOT / name
if os.path.isfile(path):
return FileResponse(open(path,'rb'))
return Response({"error":'没有找到该文件!'},status=status.HTTP_400_BAD_REQUEST)
# 配置总路由url
re_path(r'file/image/(.+?)/', FileView.as_view()),
文件上传更多知识:文件上传 | Django 文档 | Django