django 用户未登录限制

原理：使用中间件对访问的url进行过滤，未通过的url跳转到登录页面

1、在模块中，新建中间件文件  my_middleware.py（自定义）

 

from django.http import HttpResponseRedirect
from django.utils.deprecation import MiddlewareMixin

from webShop99 import settings
import re
# 未登录可访问的页面或正则
EXEMPT_URLS = [settings.LOGIN_URL.lstrip('/'), ]

if hasattr(settings, 'LOGIN_EXEMPT_URLS'):
    EXEMPT_URLS.extend([expr.lstrip('/') for expr in settings.LOGIN_EXEMPT_URLS])


class userVaild(MiddlewareMixin):
    def process_request(self, request):
        if 'user' not in request.session or not request.session['user']:
            path = request.path_info.lstrip('/')
            if not any(re.search(m, path) for m in EXEMPT_URLS):
                return HttpResponseRedirect(settings.LOGIN_URL)

    def process_view(self, request, view_func, view_func_args, view_func_kwargs):
        print('process_view')

    def process_response(self, request, response):
        print('process_response')
        return response

2、项目settings中 配置参数

# 登录页
LOGIN_URL = '/user/login/'
# 除开登录，其他未登录可访问的页面 或正则
LOGIN_EXEMPT_URLS = ['/user/register', '/user/vcode', '/user/checkcode']

3、把自定义中间件添加到settings的MIDDLEWARE中

MIDDLEWARE = [
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
    'users.my_middleware.userVaild',
]