python学习笔记_week22

note

知识点概要
    - Session
    - CSRF
    - Model操作
    - Form验证（ModelForm）
    - 中间件
    - 缓存
    - 信号
内容详细：
1. Session
    基于Cookie做用户验证时：敏感信息不适合放在cookie中
    a. Session原理
        Cookie是保存在用户浏览器端的键值对
        Session是保存在服务器端的键值对
    b. Cookie和Session对比
    c. Session配置(缺少cache)
    d. 示例：实现两周自动登陆
            - request.session.set_expiry(60*10)
            - SESSION_SAVE_EVERY_REQUEST = True
    PS: cookie中不设置超时时间，则表示关闭浏览器自动清除
    - session依赖于cookie
    - 服务器session
        request.session.get()
        request.session[x] = x
        request.session.clear()
    - 配置文件中设置默认操作（通用配置）：
        SESSION_COOKIE_NAME ＝ "sessionid"                       # Session的cookie保存在浏览器上时的key，即：sessionid＝随机字符串（默认）
        SESSION_COOKIE_PATH ＝ "/"                               # Session的cookie保存的路径（默认）
        SESSION_COOKIE_DOMAIN = None                             # Session的cookie保存的域名（默认）
        SESSION_COOKIE_SECURE = False                            # 是否Https传输cookie（默认）
        SESSION_COOKIE_HTTPONLY = True                           # 是否Session的cookie只支持http传输（默认）
        SESSION_COOKIE_AGE = 1209600                             # Session的cookie失效日期（2周）（默认）
        SESSION_EXPIRE_AT_BROWSER_CLOSE = False                  # 是否关闭浏览器使得Session过期（默认）
        # set_cookie('k',123)
        SESSION_SAVE_EVERY_REQUEST = False                       # 是否每次请求都保存Session，默认修改之后才保存（默认）
    - 引擎的配置
2. CSRF
    a. CSRF原理
    b. 无CSRF时存在隐患
    c. Form提交（CSRF）
    d. Ajax提交（CSRF）
       CSRF请求头 X-CSRFToken
6. 中间件
7. 缓存
    5种配置
    3种应用：
        全局  #a. 全站使用
        视图函数  #b. 单独视图缓存
        模板  #c、局部视图使用
8. 信号 http://www.cnblogs.com/wupeiqi/articles/5246483.html
    - 内置信号
    - 自定义
         - 定义信号
         - 触发信号
         - 信号中注册函数
3. Model操作
    a. 字段类型 + 参数
    b. 连表字段 + 参数
    c. Meta
    d. SQL操作：
        - 基本增删改查
        - 进阶操作
        - 正反查询
        - 其他操作
    e. 验证（弱）
4. Form操作 http://www.cnblogs.com/wupeiqi/articles/6144178.html
    完成：
        - 验证用户请求
        - 生成HTML
          （保留上一次提交的数据）
    自定义：
        - 类
        - 字段（校验）
        - 插件（生成HTML）
    初始化操作： bj = FM(initial=dic)
============= 作业:xxxoo管理 =============
用户验证：session
新URL：Form验证
中间件：IP过滤
信号：记录操作
CSRF：
    a. Form验证用户请求
    b. Form生成HTML
    c. Form字段详细（自定义字段，Model...） + 插件
    d. 自定义验证(钩子以及__all__)
    e. 注册示例：
         用户名、密码、邮箱、手机号（RegexValidator或RegexField）、性别、爱好、城市
    f. 初始化值
5. ModelForm
    a. Model+Form功能集合
    b. save
    c. save + save_m2m

session

    def index(request):
        # 获取、设置、删除Session中数据
        request.session['k1']
        request.session.get('k1',None)
        request.session['k1'] = 123
        request.session.setdefault('k1',123) # 存在则不设置
        del request.session['k1']
        request.session.clear()
            request.session.delete(request.session.session_key)
 
        # 所有 键、值、键值对
        request.session.keys()
        request.session.values()
        request.session.items()
        request.session.iterkeys()
        request.session.itervalues()
        request.session.iteritems()
 
        # 用户session的随机字符串
        request.session.session_key
 
        # 将所有Session失效日期小于当前日期的数据删除
        request.session.clear_expired()
 
        # 检查 用户session的随机字符串 在数据库中是否
        request.session.exists("session_key")
 
        # 删除当前用户的所有Session数据
        request.session.delete("session_key")
 
        request.session.set_expiry(value)
            * 如果value是个整数，session会在些秒数后失效。
            * 如果value是个datatime或timedelta，session就会在这个时间后失效。
            * 如果value是0,用户关闭浏览器session就会失效。
            * 如果value是None,session会依赖全局session失效策略
 
SESSION_ENGINE = 'django.contrib.sessions.backends.db'   # 引擎（默认）
 
    SESSION_COOKIE_NAME ＝ "sessionid"                       # Session的cookie保存在浏览器上时的key，即：sessionid＝随机字符串（默认）
    SESSION_COOKIE_PATH ＝ "/"                               # Session的cookie保存的路径（默认）
    SESSION_COOKIE_DOMAIN = None                             # Session的cookie保存的域名（默认）
    SESSION_COOKIE_SECURE = False                            # 是否Https传输cookie（默认）
    SESSION_COOKIE_HTTPONLY = True                           # 是否Session的cookie只支持http传输（默认）
    SESSION_COOKIE_AGE = 1209600                             # Session的cookie失效日期（2周）（默认）
    SESSION_EXPIRE_AT_BROWSER_CLOSE = False                  # 是否关闭浏览器使得Session过期（默认）
    SESSION_SAVE_EVERY_REQUEST = False                       # 是否每次请求都保存Session，默认修改之后才保存（默认）

mdoels

 from django.db import models
 # Create your models here.
 class UserInf(models.Model):
     user = models.CharField(max_length=32)

views

 from django.shortcuts import render,redirect,HttpResponse
 def login(request):
     # from django.conf import settings
     # print(settings.CSRF_HEADER_NAME)
     # HTTP_X_CSRFTOKEN
     # X-CSRFtoken
     if request.method == "GET":
         return render(request,'login.html')
     elif request.method == "POST":
         user = request.POST.get('user')
         pwd = request.POST.get('pwd')
         if user == 'root' and pwd == "":
             # session中设置值
             request.session['username'] = user #1.生成随机字符串 2.写到用户浏览器cookie 3.保存到session中 4.在随机字符串对应的字典中设置相关内容
             request.session['is_login'] = True
             if request.POST.get('rmb',None) == '':
                 # 超时时间
                 request.session.set_expiry(10)
             return redirect('/index/')
         else:
             return render(request,'login.html')
 from django.views.decorators.csrf import csrf_exempt,csrf_protect
 @csrf_protect
 def index(request):
     # session中获取值，获取当前用户的随机字符串，根据随机字符串获取对应信息
     if request.session.get('is_login',None):
         return render(request,'index.html',{'username': request.session['username']})
     else:
         return HttpResponse('gun')
 def logout(request):
     # del request.session['username']
     request.session.clear()
     return redirect('/login/')
 class Foo:
     def __init__(self,req,html,dic):
         self.req = req
         self.html = html
         self.dic = dic
     def render(self):
         # // 创建钩子
         return render(self.req,self.html,self.dic)
 def test(request,nid):
     print('小姨妈-->没带钱')
     # return render(request, 'index.html', {...})
     return Foo(request, 'index.html', {'k1': 'v1'})
 from django.views.decorators.cache import cache_page
 @cache_page(10) #10秒失效，优先级比300秒高
 def cache(request):
     import time
     ctime = time.time()
     return render(request, 'cache.html', {'ctime': ctime})
 def signal(reuqest):
     from app01 import models
     obj = models.UserInf(user='root')
     print('end')
     obj.save()
     obj = models.UserInf(user='root')
     obj.save()
     obj = models.UserInf(user='root')
     obj.save()
     from sg import pizza_done
     pizza_done.send(sender="asdfasdf",toppings=123, size=456)
     return HttpResponse('ok')
 ######################## Form #####################
 from django import forms
 from django.forms import widgets
 from django.forms import fields
 class FM(forms.Form):
     # 字段本身只做验证
     user = fields.CharField(
         error_messages={'required': '用户名不能为空.'},
         widget=widgets.Textarea(attrs={'class': 'c1'}),
         label="用户名",
         )
     pwd = fields.CharField(
         max_length=12,
         min_length=6,
         error_messages={'required': '密码不能为空.', 'min_length': '密码长度不能小于6', "max_length": '密码长度不能大于12'},
         widget=widgets.PasswordInput(attrs={'class': 'c2'})
     )
     email = fields.EmailField(error_messages={'required': '邮箱不能为空.','invalid':"邮箱格式错误"})
     f = fields.FileField()
     # p = fields.FilePathField(path='app01')
     city1 = fields.ChoiceField(
         choices=[(0,'上海'),(1,'广州'),(2,'东莞')]
     )
     city2 = fields.MultipleChoiceField(
         choices=[(0,'上海'),(1,'广州'),(2,'东莞')]
     )
 from app01 import models
 def fm(request):
     if request.method == "GET":
         # 从数据库中吧数据获取到
         dic = {
             "user": 'r1',
             'pwd': '',
             'email': 'sdfsd',
             'city1': 1,
             'city2': [1,2]
         }
         obj = FM(initial=dic)
         return render(request,'fm.html',{'obj': obj})
     elif request.method == "POST":
         # 获取用户所有数据
         # 每条数据请求的验证
         # 成功：获取所有的正确的信息
         # 失败：显示错误信息
         obj = FM(request.POST)
         r1 = obj.is_valid()
         if r1:
             # obj.cleaned_data
             models.UserInf.objects.create(**obj.cleaned_data)
         else:
             # ErrorDict
             # print(obj.errors.as_json())
             # print(obj.errors['user'][0])
             return render(request,'fm.html', {'obj': obj})
         return render(request,'fm.html')

m1

 from django.utils.deprecation import MiddlewareMixin
 class Row1(MiddlewareMixin):
     def process_request(self,request):
         print('王森')
     def process_view(self, request, view_func, view_func_args, view_func_kwargs):
         print('张欣彤')
     def process_response(self, request, response):
         print('扛把子')
         return response
 from django.shortcuts import HttpResponse
 class Row2(MiddlewareMixin):
     def process_request(self,request):
         print('程毅强')
         # return HttpResponse('走')
     def process_view(self, request, view_func, view_func_args, view_func_kwargs):
         print('张需要')
     def process_response(self, request, response):
         print('侯雅凡')
         return response
 class Row3(MiddlewareMixin):
     def process_request(self,request):
         print('刘东')
     def process_view(self, request, view_func, view_func_args, view_func_kwargs):
         print('邵林')
     def process_response(self, request, response):
         print('连之泪')
         return response
     def process_exception(self, request, exception):
         if isinstance(exception,ValueError):
             return HttpResponse('出现异常》。。')
     def process_template_response(self,request,response):
         # 如果Views中的函数返回的对象中，具有render方法
         print('-----------------------')
         return response

s14day22_init

 import pymysql
 pymysql.install_as_MySQLdb()
 import sg

settings

 import os
 
 # Build paths inside the project like this: os.path.join(BASE_DIR, ...)
 BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
 
 # Quick-start development settings - unsuitable for production
 # See https://docs.djangoproject.com/en/1.10/howto/deployment/checklist/
 
 # SECURITY WARNING: keep the secret key used in production secret!
 SECRET_KEY = 'm1ueaxz!w8cgj%mx&!ol#14i3fxbco&_!_6eg@k^$_f29%t4&^'
 
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = True
 
 ALLOWED_HOSTS = []
 
 # Application definition
 
 INSTALLED_APPS = [
     'django.contrib.admin',
     'django.contrib.auth',
     'django.contrib.contenttypes',
     'django.contrib.sessions',
     'django.contrib.messages',
     'django.contrib.staticfiles',
     'app01',
 ]
 from django.middleware.csrf import CsrfViewMiddleware
 from django.middleware.cache import FetchFromCacheMiddleware
 from django.middleware.cache import UpdateCacheMiddleware
 MIDDLEWARE = [
     # 'django.middleware.cache.UpdateCacheMiddleware',
     'django.middleware.security.SecurityMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',
     'django.middleware.common.CommonMiddleware',
     'django.middleware.csrf.CsrfViewMiddleware',
     'django.contrib.auth.middleware.AuthenticationMiddleware',
     'django.contrib.messages.middleware.MessageMiddleware',
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
     # 'Middle.m1.Row1',
     # 'Middle.m1.Row2',
     # 'Middle.m1.Row3',
     # 'django.middleware.cache.FetchFromCacheMiddleware',
 
 ]
 
 ROOT_URLCONF = 's14day22.urls'
 
 TEMPLATES = [
     {
         'BACKEND': 'django.template.backends.django.DjangoTemplates',
         'DIRS': [os.path.join(BASE_DIR, 'templates')]
         ,
         'APP_DIRS': True,
         'OPTIONS': {
             'context_processors': [
                 'django.template.context_processors.debug',
                 'django.template.context_processors.request',
                 'django.contrib.auth.context_processors.auth',
                 'django.contrib.messages.context_processors.messages',
             ],
         },
     },
 ]
 
 WSGI_APPLICATION = 's14day22.wsgi.application'
 
 # Database
 # https://docs.djangoproject.com/en/1.10/ref/settings/#databases
 
 DATABASES = {
     'default': {
         'ENGINE': 'django.db.backends.sqlite3',
         'NAME': os.path.join(BASE_DIR, 'db.sqlite3'),
     }
 }
 
 # Password validation
 # https://docs.djangoproject.com/en/1.10/ref/settings/#auth-password-validators
 
 AUTH_PASSWORD_VALIDATORS = [
     {
         'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
     },
     {
         'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
     },
     {
         'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
     },
     {
         'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
     },
 ]
 
 # Internationalization
 # https://docs.djangoproject.com/en/1.10/topics/i18n/
 
 LANGUAGE_CODE = 'en-us'
 
 TIME_ZONE = 'UTC'
 
 USE_I18N = True
 
 USE_L10N = True
 
 USE_TZ = True
 
 # Static files (CSS, JavaScript, Images)
 # https://docs.djangoproject.com/en/1.10/howto/static-files/
 
 STATIC_URL = '/static/'
 STATICFILES_DIRS = (
     os.path.join(BASE_DIR,'static'),
 )
 
 CACHES = {
     'default': {
         'BACKEND': 'django.core.cache.backends.filebased.FileBasedCache',
         'LOCATION': os.path.join(BASE_DIR,'cache')
     }
 }

urls

 from django.conf.urls import url
 from django.contrib import admin
 from app01 import views
 urlpatterns = [
     url(r'^admin/', admin.site.urls),
     url(r'^login/$', views.login),
     url(r'^index/$', views.index),
     url(r'^logout/$', views.logout),
     url(r'^test/(?P<nid>\d+)$', views.test),
     url(r'^cache/$', views.cache),
     url(r'^signal/$', views.signal),
     url(r'^fm/$', views.fm),
 ]

cache

 {% load cache %}
 <!DOCTYPE html>
 <html lang="en">
 <head>
     <meta charset="UTF-8">
     <title></title>
 </head>
 <body>
     <h1>{{ ctime }}</h1>
     <h1>{{ ctime }}</h1>
      {% cache 10 c1 %}
         <h1>{{ ctime }}</h1> {# 只缓存这一个 #}
      {% endcache %}
 </body>
 </html>

fm

 <!DOCTYPE html>
 <html lang="en">
 <head>
     <meta charset="UTF-8">
     <title></title>
 </head>
 <body>
     <form action="/fm/" method="POST">
         {% csrf_token %}
         <p>{{ obj.user.label }} {{ obj.user }} {{ obj.errors.user.0 }}</p>
         <p>{{ obj.pwd }} {{ obj.errors.pwd.0 }}</p>
         <p>{{ obj.email }}{{ obj.errors.email.0 }}</p>
         <p>{{ obj.f }}{{ obj.errors.f.0 }}</p>
         {{ obj.city1 }}
         {{ obj.city2 }}
         <input type="submit" value="提交" />
     </form>
 </body>
 </html>

index

 <!DOCTYPE html>
 <html lang="en">
 <head>
     <meta charset="UTF-8">
     <title></title>
 </head>
 <body>
     <h1>欢迎登录：{{ username }}, {{ request.session.username }}</h1>
     <a href="/logout/">注销</a>
 </body>
 </html>

login

 <!DOCTYPE html>
 <html lang="en">
 <head>
     <meta charset="UTF-8">
     <title></title>
 </head>
 <body>
     <form action="/login/" method="POST">
         {% csrf_token %}
         <input type="text" name="user" />
         <input type="text" name="pwd" />
         <input type="checkbox" name="rmb" value="1" /> 10秒免登录
         <input type="submit" value="提交" />
         <input id="btn1" type="button" value="按钮" />
         <input id="btn2" type="button" value="按钮" />
     </form>
     <script src="/static/jquery-1.12.4.js"></script>
     <script src="/static/jquery.cookie.js"></script>
     <script>
         $(function(){
             $.ajaxSetup({
                 beforeSend: function(xhr,settings){
                     xhr.setRequestHeader('X-CSRFtoken', $.cookie('csrftoken'));
                 }
             });
             $('#btn1').click(function () {
                 $.ajax({
                     url: '/login/',
                     type:"GET",
                     data: {'user': 'root', 'pwd': '123'},
                     // headers: {'X-CSRFtoken': $.cookie('csrftoken')},
                     success:function(arg){
                     }
                 })
             });
         })
     </script>
 </body>
 </html>

sg

 from django.core.signals import request_finished
 from django.core.signals import request_started
 from django.core.signals import got_request_exception
 
 from django.db.models.signals import class_prepared
 from django.db.models.signals import pre_init, post_init
 from django.db.models.signals import pre_save, post_save
 from django.db.models.signals import pre_delete, post_delete
 from django.db.models.signals import m2m_changed
 from django.db.models.signals import pre_migrate, post_migrate
 
 from django.test.signals import setting_changed
 from django.test.signals import template_rendered
 
 from django.db.backends.signals import connection_created
 def f1(sender, **kwargs):
         print("xxoo_callback")
         # print(sender,kwargs)
 pre_save.connect(f1)
 import django.dispatch
 pizza_done = django.dispatch.Signal(providing_args=["toppings", "size"])
 def callback(sender, **kwargs):
     print("callback")
     print(sender,kwargs)
 pizza_done.connect(callback)