安装restframework

pip install djangorestframework
pip install markdown       # Markdown support for the browsable API.
pip install django-filter  # Filtering support

安装其他模块

pip install pillow

pip install django-cors-headers

建模和迁移数据

drf包含四个部分，models，views，urls，和serializers，其中serializers是比django多出的内容。
serializers实现了数据的序列化和反序列化，即数据orm转json，和json转orm。
user数据已经建好。
models还是原来的models

serializers.py

class UserSerializer(serializers.HyperlinkedModelSerializer):class Meta:model = Userfields = ('id', 'url', 'username', 'email', )

urls指定访问api的路径

urls

from django.conf.urls import url, include
from django.contrib import adminfrom rest_framework import routers
from quickstartapp import viewsrouter = routers.DefaultRouter()router.register(r'users', views.UserViewSet)
# router.register(r'groups', views.GroupViewSet)urlpatterns = [url(r'^admin/', admin.site.urls),url(r'^', include(router.urls)),]

views指定展示的形式，可以在这里定制

views

from django.contrib.auth.models import Userfrom rest_framework import viewsetsfrom quickstartapp.serializers import UserSerializerclass UserViewSet(viewsets.ModelViewSet):"""查看、编辑用户数据的API接口。"""queryset = User.objects.all().order_by('-date_joined')     # 排序方法serializer_class = UserSerializer

Filtering against query parameters（根据查询参数进行过滤）

过滤初始查询集的最后一个示例是基于url中的查询参数确定初始查询集。

我们可以通过重写.get_queryset()方法来处理像http://example.com/api/purchases?username=denvercoder9这样的网址，并且只有在URL中包含username参数时，才过滤queryset：
比如下例子：
访问链接如下。

http://localhost:8000/blogapp/BlogPageCate/?cxcategory=3

数据库表如下

views中需要这样设置

class BlogPageCatetView(generics.ListAPIView):'''分类导航图标列表'''serializer_class = BlogPageSerializerpermissin_classes = (permissions.AllowAny,)pagination_class = LimitOffsetPagination  # 分页 请求加 ?limit = xxdef get_queryset(self):# user = self.request.userqueryset = BlogPage.objects.all()# queryset = BlogPage.objects.all()cxcategory = self.request.query_params.get('cxcategory', None)if cxcategory is not None:queryset = queryset.filter(cxcategory_id=cxcategory)return queryset

setting

增加分组功能

serializers

views

urls

增加分页功能

setting

增加登陆功能

urls

限制权限

DRF示例-snippets

snippets\settings.py

"""
Django settings for snippets project.Generated by 'django-admin startproject' using Django 3.1.7.For more information on this file, see
https://docs.djangoproject.com/en/3.1/topics/settings/For the full list of settings and their values, see
https://docs.djangoproject.com/en/3.1/ref/settings/
"""from pathlib import Path# Build paths inside the project like this: BASE_DIR / 'subdir'.
BASE_DIR = Path(__file__).resolve().parent.parent# Quick-start development settings - unsuitable for production
# See https://docs.djangoproject.com/en/3.1/howto/deployment/checklist/# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = 'q3s1m3_sg6$p8yf9hmz%#tu)&tv(r@%mqbbfezkd1#993vysrw'# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = TrueALLOWED_HOSTS = []# Application definitionINSTALLED_APPS = ['django.contrib.admin','django.contrib.auth','django.contrib.contenttypes','django.contrib.sessions','django.contrib.messages','django.contrib.staticfiles','rest_framework','snippetsapp.apps.SnippetsappConfig',]MIDDLEWARE = ['django.middleware.security.SecurityMiddleware','django.contrib.sessions.middleware.SessionMiddleware','django.middleware.common.CommonMiddleware','django.middleware.csrf.CsrfViewMiddleware','django.contrib.auth.middleware.AuthenticationMiddleware','django.contrib.messages.middleware.MessageMiddleware','django.middleware.clickjacking.XFrameOptionsMiddleware',
]ROOT_URLCONF = 'snippets.urls'TEMPLATES = [{'BACKEND': 'django.template.backends.django.DjangoTemplates','DIRS': [],'APP_DIRS': True,'OPTIONS': {'context_processors': ['django.template.context_processors.debug','django.template.context_processors.request','django.contrib.auth.context_processors.auth','django.contrib.messages.context_processors.messages',],},},
]WSGI_APPLICATION = 'snippets.wsgi.application'# Database
# https://docs.djangoproject.com/en/3.1/ref/settings/#databasesDATABASES = {'default': {'ENGINE': 'django.db.backends.mysql','NAME': 'snippets','HOST': '127.0.0.1','PORT': 3306,'USER': 'root','PASSWORD': '123',}
}# Password validation
# https://docs.djangoproject.com/en/3.1/ref/settings/#auth-password-validatorsAUTH_PASSWORD_VALIDATORS = [{'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',},{'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',},{'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',},{'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',},
]# Internationalization
# https://docs.djangoproject.com/en/3.1/topics/i18n/LANGUAGE_CODE = 'en-us'TIME_ZONE = 'UTC'USE_I18N = TrueUSE_L10N = TrueUSE_TZ = True# Static files (CSS, JavaScript, Images)
# https://docs.djangoproject.com/en/3.1/howto/static-files/STATIC_URL = '/static/'

snippetsapp\models.py

from django.db import models
from pygments import highlight
from pygments.formatters.html import HtmlFormatterfrom pygments.lexers import get_all_lexers, get_lexer_by_name
from pygments.styles import get_all_stylesLEXERS = [item for item in get_all_lexers() if item[1]]
LANGUAGE_CHOICES = sorted([(item[1][0], item[0]) for item in LEXERS])
STYLE_CHOICES = sorted((item, item) for item in get_all_styles())class Snippet(models.Model):created = models.DateTimeField(auto_now_add=True)title = models.CharField(max_length=100, blank=True, default='')code = models.TextField()linenos = models.BooleanField(default=False)language = models.CharField(choices=LANGUAGE_CHOICES, default='python', max_length=100)style = models.CharField(choices=STYLE_CHOICES, default='friendly', max_length=100)owner = models.ForeignKey('auth.User', related_name='snippets', on_delete=models.CASCADE, null= True , blank= True)highlighted = models.TextField( null=True,blank=True)class Meta:ordering = ('created',)def save(self, *args, **kwargs):"""Use the `pygments` library to create a highlighted HTMLrepresentation of the code snippet.高亮显示相关"""lexer = get_lexer_by_name(self.language)linenos = 'table' if self.linenos else Falseoptions = {'title': self.title} if self.title else {}formatter = HtmlFormatter(style=self.style, linenos=linenos,full=True, **options)self.highlighted = highlight(self.code, lexer, formatter)super(Snippet, self).save(*args, **kwargs)

snippetsapp\serializers.py

from rest_framework import serializers
from snippetsapp.models import Snippet, LANGUAGE_CHOICES, STYLE_CHOICESclass SnippetSerializer(serializers.ModelSerializer):class Meta:model = Snippetfields = ('id', 'title', 'code', 'linenos', 'language', 'style','owner')#
# class SnippetSerializer(serializers.Serializer):
#     id = serializers.IntegerField(read_only=True)
#     title = serializers.CharField(required=False, allow_blank=True, max_length=100)
#     code = serializers.CharField(style={'base_template': 'textarea.html'})
#     linenos = serializers.BooleanField(required=False)
#     language = serializers.ChoiceField(choices=LANGUAGE_CHOICES, default='python')
#     style = serializers.ChoiceField(choices=STYLE_CHOICES, default='friendly')
#
#     def create(self, validated_data):
#         """
#         Create and return a new `Snippet` instance, given the validated data.
#         """
#         return Snippet.objects.create(**validated_data)
#
#     def update(self, instance, validated_data):
#         """
#         Update and return an existing `Snippet` instance, given the validated data.
#         """
#         instance.title = validated_data.get('title', instance.title)
#         instance.code = validated_data.get('code', instance.code)
#         instance.linenos = validated_data.get('linenos', instance.linenos)
#         instance.language = validated_data.get('language', instance.language)
#         instance.style = validated_data.get('style', instance.style)
#         instance.save()
#         return instance

snippetsapp\views.py

from snippetsapp.models import Snippet
from snippetsapp.serializers import SnippetSerializer
from rest_framework import generics
from rest_framework import permissionsclass SnippetList(generics.ListCreateAPIView):queryset = Snippet.objects.all()serializer_class = SnippetSerializerpermission_classes = (permissions.IsAuthenticatedOrReadOnly,)class SnippetDetail(generics.RetrieveUpdateDestroyAPIView):queryset = Snippet.objects.all()serializer_class = SnippetSerializer# #######################################
# from snippetsapp.models import Snippet
# from snippetsapp.serializers import SnippetSerializer
# from rest_framework import mixins
# from rest_framework import generics
#
# class SnippetList(mixins.ListModelMixin,
#                   mixins.CreateModelMixin,
#                   generics.GenericAPIView):
#     queryset = Snippet.objects.all()
#     serializer_class = SnippetSerializer
#
#     def get(self, request, *args, **kwargs):
#         return self.list(request, *args, **kwargs)
#
#     def post(self, request, *args, **kwargs):
#         return self.create(request, *args, **kwargs)
#
#
# class SnippetDetail(mixins.RetrieveModelMixin,
#                     mixins.UpdateModelMixin,
#                     mixins.DestroyModelMixin,
#                     generics.GenericAPIView):
#     queryset = Snippet.objects.all()
#     serializer_class = SnippetSerializer
#
#     def get(self, request, *args, **kwargs):
#         return self.retrieve(request, *args, **kwargs)
#
#     def put(self, request, *args, **kwargs):
#         return self.update(request, *args, **kwargs)
#
#     def delete(self, request, *args, **kwargs):
#         return self.destroy(request, *args, **kwargs)####################################3# from snippetsapp.models import Snippet
# from snippetsapp.serializers import SnippetSerializer
# from django.http import Http404
# from rest_framework.views import APIView
# from rest_framework.response import Response
# from rest_framework import status
#
# class SnippetList(APIView):
#     """
#     List all snippets, or create a new snippet.
#     """
#     def get(self, request, format=None):
#         snippets = Snippet.objects.all()
#         serializer = SnippetSerializer(snippets, many=True)
#         return Response(serializer.data)
#
#     def post(self, request, format=None):
#         serializer = SnippetSerializer(data=request.data)
#         if serializer.is_valid():
#             serializer.save()
#             return Response(serializer.data, status=status.HTTP_201_CREATED)
#         return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
#
#
# class SnippetDetail(APIView):
#     """
#     Retrieve, update or delete a snippet instance.
#     """
#     def get_object(self, pk):
#         try:
#             return Snippet.objects.get(pk=pk)
#         except Snippet.DoesNotExist:
#             raise Http404
#
#     def get(self, request, pk, format=None):
#         snippet = self.get_object(pk)
#         serializer = SnippetSerializer(snippet)
#         return Response(serializer.data)
#
#     def put(self, request, pk, format=None):
#         snippet = self.get_object(pk)
#         serializer = SnippetSerializer(snippet, data=request.data)
#         if serializer.is_valid():
#             serializer.save()
#             return Response(serializer.data)
#         return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
#
#     def delete(self, request, pk, format=None):
#         snippet = self.get_object(pk)
#         snippet.delete()
#         return Response(status=status.HTTP_204_NO_CONTENT)################################################ from rest_framework import status
# from rest_framework.decorators import api_view
# from rest_framework.response import Response
# from snippetsapp.models import Snippet
# from snippetsapp.serializers import SnippetSerializer
#
#
# @api_view(['GET', 'POST'])
# def snippet_list(request,format=None):
#     """
#     List all code snippets, or create a new snippet.
#     """
#     if request.method == 'GET':
#         snippets = Snippet.objects.all()
#         serializer = SnippetSerializer(snippets, many=True)
#         return Response(serializer.data)
#
#     elif request.method == 'POST':
#         serializer = SnippetSerializer(data=request.data)
#         if serializer.is_valid():
#             serializer.save()
#             return Response(serializer.data, status=status.HTTP_201_CREATED)
#         return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
#
# @api_view(['GET', 'PUT', 'DELETE'])
# def snippet_detail(request, pk):
#     """
#     Retrieve, update or delete a code snippet.
#     """
#     try:
#         snippet = Snippet.objects.get(pk=pk)
#     except Snippet.DoesNotExist:
#         return Response(status=status.HTTP_404_NOT_FOUND)
#
#     if request.method == 'GET':
#         serializer = SnippetSerializer(snippet)
#         return Response(serializer.data)
#
#     elif request.method == 'PUT':
#         serializer = SnippetSerializer(snippet, data=request.data)
#         if serializer.is_valid():
#             serializer.save()
#             return Response(serializer.data)
#         return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
#
#     elif request.method == 'DELETE':
#         snippet.delete()
#         return Response(status=status.HTTP_204_NO_CONTENT)###########################################################
#
#
# from django.http import HttpResponse, JsonResponse
# from django.views.decorators.csrf import csrf_exempt
# from rest_framework.renderers import JSONRenderer
# from rest_framework.parsers import JSONParser
# from snippetsapp.models import Snippet
# from snippetsapp.serializers import SnippetSerializer
#
#
# @csrf_exempt
# def snippet_list(request):
#     """
#     List all code snippets, or create a new snippet.
#     """
#     if request.method == 'GET':
#         snippets = Snippet.objects.all()
#         serializer = SnippetSerializer(snippets, many=True)
#         return JsonResponse(serializer.data, safe=False)
#
#     elif request.method == 'POST':
#         data = JSONParser().parse(request)
#         serializer = SnippetSerializer(data=data)
#         if serializer.is_valid():
#             serializer.save()
#             return JsonResponse(serializer.data, status=201)
#         return JsonResponse(serializer.errors, status=400)
#
#
# @csrf_exempt
# def snippet_detail(request, pk):
#     """
#     Retrieve, update or delete a code snippet.
#     """
#     try:
#         snippet = Snippet.objects.get(pk=pk)
#     except Snippet.DoesNotExist:
#         return HttpResponse(status=404)
#
#     if request.method == 'GET':
#         serializer = SnippetSerializer(snippet)
#         return JsonResponse(serializer.data)
#
#     elif request.method == 'PUT':
#         data = JSONParser().parse(request)
#         serializer = SnippetSerializer(snippet, data=data)
#         if serializer.is_valid():
#             serializer.save()
#             return JsonResponse(serializer.data)
#         return JsonResponse(serializer.errors, status=400)
#
#     elif request.method == 'DELETE':
#         snippet.delete()
#         return HttpResponse(status=204)

重新迁移数据库

When that’s all done we’ll need to update our database tables. Normally we’d create a database migration in order to do that, but for the purposes of this tutorial, let’s just delete the database and start again.
当修改过models后，需要更新数据库表。通常是建立一个数据库迁移，在这个课程中，我们只是删除这个数据库并且重新开始。

rm -f db.sqlite3
rm -r snippetsapp/migrations
python manage.py makemigrations snippetsapp
python manage.py migrate

实际中的操作

C:\djproject\snippets>python manage.py makemigrations
Migrations for 'snippetsapp':snippetsapp\migrations\0002_auto_20210402_0756.py- Add field highlighted to snippet- Add field owner to snippetC:\djproject\snippets>python manage.py migrate
Operations to perform:Apply all migrations: admin, auth, contenttypes, sessions, snippetsapp
Running migrations:Applying snippetsapp.0002_auto_20210402_0756... OK

DRF接口增加流程

setting配置

时区设置

项目setting文件

LANGUAGE_CODE = 'zh-hans'TIME_ZONE = 'Asia/Shanghai'USE_I18N = TrueUSE_L10N = TrueUSE_TZ = True

资源文件路径

STATIC_URL = '/static/'MEDIA_URL='/media/'
MEDIA_ROOT=os.path.join(os.path.dirname(BASE_DIR), 'eshop/media')

restframework设置

REST_FRAMEWORK = {'DEFAULT_PAGINATION_CLASS': 'rest_framework.pagination.PageNumberPagination','PAGE_SIZE': 6,   # 分页设置'DEFAULT_AUTHENTICATION_CLASSES': (    # 认证设置'rest_framework.authentication.BasicAuthentication','rest_framework.authentication.SessionAuthentication','rest_framework.authentication.TokenAuthentication',),
}

数据库设定

# DATABASES = {
#     'default': {
#         'ENGINE': 'django.db.backends.mysql',
#         'NAME': 'eshop',
#         'HOST': '127.0.0.1',
#         'PORT': 3306,
#         'USER': 'root',
#         'PASSWORD': '123',
#     }
# }DATABASES = {'default': {'ENGINE': 'django.db.backends.sqlite3','NAME': BASE_DIR / 'db.sqlite3',}
}

项目初始化文件mysql支持设定

项目根_init_.py

import pymysql
pymysql.install_as_MySQLdb()

中间件设定

MIDDLEWARE = ['corsheaders.middleware.CorsMiddleware','django.middleware.security.SecurityMiddleware','django.contrib.sessions.middleware.SessionMiddleware','django.middleware.common.CommonMiddleware','django.middleware.csrf.CsrfViewMiddleware','django.contrib.auth.middleware.AuthenticationMiddleware','django.contrib.messages.middleware.MessageMiddleware','django.middleware.clickjacking.XFrameOptionsMiddleware',]

应用设定

# Application definitionINSTALLED_APPS = ['django.contrib.admin','django.contrib.auth','django.contrib.contenttypes','django.contrib.sessions','django.contrib.messages','django.contrib.staticfiles','rest_framework',    # restframework支持'rest_framework.authtoken',   # 增加身份认证# 'django_filters','computerapp.apps.ComputerappConfig',   # 你的应用'corsheaders',   跨站支持]

创建数据模型

数据模型是整个应用的基础，应事先规划好，避免后期有大的改动

models.py

from django.db import models# Create your models here.
from django.db import models
# from django.utils.six import python_2_unicode_compatiblefrom django.conf import settings# @python_2_unicode_compatible
class Category(models.Model):"""商品类别：笔记本、平板电脑、一体机、台式机、服务器"""name = models.CharField(max_length=200, verbose_name='名称')created = models.DateTimeField(auto_now_add=True)updated = models.DateTimeField(auto_now=True)class Meta:verbose_name = '商品类别'verbose_name_plural = verbose_namedef __str__(self):return self.name# @python_2_unicode_compatible
class Manufacturer(models.Model):"""生产厂商"""name = models.CharField(max_length=200)description = models.TextField()logo = models.ImageField(blank=True, null=True, max_length=200, upload_to='manufacturer/uploads/%Y/%m/%d/')created = models.DateTimeField(auto_now_add=True)updated = models.DateTimeField(auto_now=True)def __str__(self):return self.name# @python_2_unicode_compatible
class Product(models.Model):"""产品"""model = models.CharField(max_length=200,verbose_name='型号')description = models.TextField()image = models.ImageField(max_length=200, upload_to='product/uploads/%Y/%m/%d/')price = models.DecimalField(max_digits=12, decimal_places=2, verbose_name='价格')sold = models.PositiveIntegerField(default=0)category = models.ForeignKey(Category, related_name='product_in', on_delete=models.CASCADE, verbose_name='类别')manufacturer = models.ForeignKey(Manufacturer, related_name='product_of', on_delete=models.CASCADE)created = models.DateTimeField(auto_now_add=True)updated = models.DateTimeField(auto_now=True)class Meta:verbose_name = '产品'verbose_name_plural = verbose_namedef __str__(self):return self.model# @python_2_unicode_compatible
class DeliveryAddress(models.Model):"""收货地址"""user = models.ForeignKey(settings.AUTH_USER_MODEL, on_delete=models.CASCADE, related_name='delivery_address_of', )contact_person = models.CharField(max_length=200)contact_mobile_phone = models.CharField(max_length=200)delivery_address = models.TextField()created = models.DateTimeField(auto_now_add=True)updated = models.DateTimeField(auto_now=True)def __str__(self):return self.delivery_address# @python_2_unicode_compatible
class UserProfile(models.Model):"""用户档案"""user = models.OneToOneField(settings.AUTH_USER_MODEL, on_delete=models.CASCADE, related_name='profile_of', )mobile_phone = models.CharField(blank=True, null=True, max_length=200)nickname = models.CharField(blank=True, null=True, max_length=200)description = models.TextField(blank=True, null=True)icon = models.ImageField(blank=True, null=True, max_length=200, upload_to='user/uploads/%Y/%m/%d/')created = models.DateTimeField(auto_now_add=True)updated = models.DateTimeField(auto_now=True)delivery_address = models.ForeignKey(DeliveryAddress, related_name='user_delivery_address',on_delete=models.CASCADE, blank=True, null=True, )# @python_2_unicode_compatible
class Order(models.Model):"""订单"""STATUS_CHOICES = (('0', 'new'),('1', 'not paid'),('2', 'paid'),('3', 'transport'),('4', 'closed'),)status = models.CharField(choices=STATUS_CHOICES, default='0', max_length=2)user = models.ForeignKey(settings.AUTH_USER_MODEL, on_delete=models.CASCADE, related_name='order_of', )remark = models.TextField(blank=True, null=True)product = models.ForeignKey(Product, related_name='order_product', on_delete=models.CASCADE)price = models.DecimalField(max_digits=12, decimal_places=2)quantity = models.PositiveIntegerField(default=1)address = models.ForeignKey(DeliveryAddress, related_name='order_address', on_delete=models.CASCADE)created = models.DateTimeField(auto_now_add=True)updated = models.DateTimeField(auto_now=True)def __str__(self):return 'order of %d' % (self.user.id)

创建序列化器

用Django开发RESTful风格的API存在着很多重复的步骤。过程往往都是，
(1)把到前端请求的过来的json字符串，然后通过json.loads转换为字典，字典在转换为对象，保存在数据库。
(2)返回的时候呢，都是先把对象查询出来，然后转换为字典，再通过JsonResponse转换为json字符串并且返回给前端。
接口的开发，基本就是在重复这两个动作，而且这两个动作语句特别多，序列化就是来解决这个问题。

1. 序列化,序列化器会把模型对象转换成字典,经过response以后变成json字符串
2. 反序列化,把客户端发送过来的数据,经过request以后变成字典,序列化器可以把字典转成模型
3. 反序列化,完成数据校验功能

serializers.py

from django.contrib.auth.models import User
from rest_framework import serializersfrom computerapp.models import Product, Manufacturer, UserProfile, DeliveryAddress, Orderclass ProductListSerializer(serializers.ModelSerializer):class Meta:model = Productfields = ('id', 'model', 'image', 'price', 'sold', 'category', 'manufacturer',)class ManufacturerSerializer(serializers.ModelSerializer):class Meta:model = Manufacturerfields = ('id', 'name',)class CategorySerializer(serializers.ModelSerializer):class Meta:model = Manufacturerfields = ('id', 'name',)class ProductRetrieveSerializer(serializers.ModelSerializer):manufacturer = ManufacturerSerializer()  # 获取厂商对象，替换下面的字段category = CategorySerializer()  # 获取类别对象，替换下面的字段class Meta:model = Productfields = ('id', 'model', 'image', 'price', 'sold', 'category', 'manufacturer', 'description', 'created', 'updated',)class UserProfileSerializer(serializers.ModelSerializer):class Meta:model = UserProfilefields = ('id', 'user', 'mobile_phone', 'nickname', 'description', 'icon', 'created', 'updated',)read_only_fields = ('user',)class UserInfoSerializer(serializers.ModelSerializer):profile_of = UserProfileSerializer()class Meta:model = Userfields = ('id', 'username', 'email', 'first_name', 'last_name', 'date_joined', 'profile_of',)class UserSerializer(serializers.ModelSerializer):class Meta:model = Userfields = ('id', 'username', 'password', 'email', 'first_name', 'last_name',)extra_kwargs = {'password': {'write_only': True}}def create(self, validated_data):user = User(**validated_data)  # 接受前端传过来的用户名和密码,关键字参数user.set_password(validated_data['password'])  # 通过字典方式调用user.save()  # 保存到内存中user_profile = UserProfile(user=user)user_profile.save()return userclass DeliveryAddressSerilizer(serializers.ModelSerializer):'''收货地址'''class Meta:model = DeliveryAddressfields = ('id', 'user', 'contact_person', 'contact_mobile_phone', 'delivery_address', 'created', 'updated',)read_only_fields = ('user',)  # 设置为只读类型，不能在前端修改class OrderListSerializer(serializers.ModelSerializer):product = ProductListSerializer()address = DeliveryAddressSerilizer()class Meta:model = Orderfields = ('id', 'status', 'user', 'product', 'price', 'quantity', 'remark', 'address', 'created', 'updated',)class OrderCreateSerializer(serializers.ModelSerializer):class Meta:model = Orderfields = ('id', 'status', 'user', 'product', 'price', 'quantity', 'remark', 'address', 'created', 'updated',)read_only_fields = ('user', 'price', 'address', 'status',)class OrderRUDSerializer(serializers.ModelSerializer):class Meta:model = Orderfields = ('id',)

创建视图类

views.py

from rest_framework import generics
from rest_framework import permissions
from rest_framework.exceptions import NotFound
from rest_framework.filters import OrderingFilter, SearchFilter
from rest_framework.pagination import LimitOffsetPaginationfrom rest_framework.response import Response
from rest_framework.views import APIViewfrom computerapp.models import Product, DeliveryAddress, UserProfile, Order
from computerapp.serializers import ProductListSerializer, ProductRetrieveSerializer, UserInfoSerializer, \UserSerializer, DeliveryAddressSerilizer, UserProfileSerializer, OrderListSerializer, OrderCreateSerializer, \OrderRUDSerializerimport logging
import datetime
import jsonLOG_FILENAME = 'shop.log'# logging.basicConfig(filename=LOG_FILENAME,level = logging.DEBUG)
logging.basicConfig(filename=LOG_FILENAME, level=logging.INFO)# Create your views here.
class ProductListView(generics.ListAPIView):'''产品列表'''queryset = Product.objects.all()serializer_class = ProductListSerializerpermissin_classes = (permissions.AllowAny,)filter_backends = (OrderingFilter, SearchFilter)  # 过滤选项ordering_fields = ('category', 'manufacturer', 'created', 'sold',)  # 排序字段search_fields = ('description', 'model')  # 搜索字段ordering = ('id',)pagination_class = LimitOffsetPagination  # 分页 请求加 ?limit = xxclass ProductListByCategoryView(generics.ListAPIView):'''产品类别列表'''serializer_class = ProductListSerializerpermissin_classes = (permissions.AllowAny,)filter_backends = (OrderingFilter, SearchFilter)ordering_fields = ('category', 'manufacturer', 'created', 'sold', 'stock', 'price',)search_fields = ('description',)ordering = ('id',)'''查询集根据条件获取'''def get_queryset(self):category = self.request.query_params.get('category', None)if category is not None:queryset = Product.objects.filter(category=category)else:queryset = Product.objects.all()return querysetclass ProductListByCategoryManufacturerView(generics.ListAPIView):'''产品按类别品牌列表'''serializer_class = ProductListSerializerpermissin_classes = (permissions.AllowAny,)filter_backends = (OrderingFilter, SearchFilter)ordering_fields = ('category', 'manufacturer', 'created', 'sold', 'stock', 'price',)search_fields = ('description',)ordering = ('id',)def get_queryset(self):category = self.request.query_params.get('category', None)manufacturer = self.request.query_params.get('manufacturer', None)if category is not None:queryset = Product.objects.filter(category=category, manufacturer=manufacturer)else:queryset = Product.objects.all()return querysetclass ProductRetrieveView(generics.RetrieveAPIView):queryset = Product.objects.all()serializer_class = ProductRetrieveSerializerpermission_classes = (permissions.AllowAny,)class UserInfoView(APIView):'''用户基本信息'''permission_classes = (permissions.IsAuthenticated,)def get(self, request, format=None):user = self.request.userserializer = UserInfoSerializer(user)return Response(serializer.data)class UserProfileRUView(generics.RetrieveUpdateAPIView):'''用户其他信息'''serializer_class = UserProfileSerializerpermission_classes = (permissions.IsAuthenticated,)def get_object(self):user = self.request.userobj = UserProfile.objects.get(user=user)return objclass UserCreateView(generics.CreateAPIView):'''用户创建'''serializer_class = UserSerializerclass DeliveryAddressLCView(generics.ListCreateAPIView):'''收货地址LC'''serializer_class = DeliveryAddressSerilizer  # 没有加LC，因为较简单permission_classes = (permissions.IsAuthenticated,)  # 需要登陆认证def get_queryset(self):user = self.request.userqueryset = DeliveryAddress.objects.filter(user=user)  # 模型来的对象return querysetdef perform_create(self, serializer):user = self.request.users = serializer.save(user=user)profile = user.profile_of  # profile_of 反向关系，从models来profile.delivery_address = s  # 把新创建的收货地址设为默认地址存入用户扩展信息中profile.save()class DeliveryAddressRUDView(generics.RetrieveUpdateDestroyAPIView):'''收货地址RUD'''serializer_class = DeliveryAddressSerilizerpermission_classes = (permissions.IsAuthenticated,)def get_object(self):user = self.request.user# obj =DeliveryAddress.objects.get(user=user)try:obj = DeliveryAddress.objects.get(id=self.kwargs['pk'], user=user)  # id由前端传来，一个用户有多个idexcept Exception as e:raise NotFound('no found')return objclass CartListView(generics.ListAPIView):'''购物车列表'''serializer_class = OrderListSerializer  # 可以和订单公用一个序列器permissin_classes = (permissions.IsAuthenticated,)def get_queryset(self):user = self.request.userqueryset = Order.objects.filter(user=user, status='0')  # 我的状态为零的，表示在购物车return querysetclass OrderListView(generics.ListAPIView):'''订单列表'''serializer_class = OrderListSerializer  # 和cart公用一个序列器permissin_classes = (permissions.IsAuthenticated,)def get_queryset(self):user = self.request.userqueryset = Order.objects.filter(user=user, status__in=['1', '2', '3', '4'])  # status__in 是django用法，表示值在。。范围return querysetclass OrderCreateView(generics.CreateAPIView):'''创建订单'''queryset = Order.objects.all()serializer_class = OrderCreateSerializerpermission_classes = (permissions.IsAuthenticated,)def perform_create(self, serializer):user = self.request.userproduct = serializer.validated_data.get('product')serializer.save(user=user, price=product.price, address=user.profile_of.delivery_address, )logging.info('user %d cart changed,product %d related.Time is %s.', user.id, product.id,str(datetime.datetime.now()))class OrderRUDView(generics.RetrieveUpdateDestroyAPIView):'''OrderRUD'''serializer_class = OrderRUDSerializerpermission_classes = (permissions.IsAuthenticated,)def get_object(self):user = self.request.userobj = Order.objects.get(user=user, id=self.kwargs['pk'])return objdef perform_update(self, serializer):user = self.request.userserializer.save(user=user, status='1')

过滤组件与分页组件的使用简介

# views.py# drf提供两种过滤组件类：全文搜索、排序
from rest_framework.filters import SearchFilter, OrderingFilter
from django_filters.rest_framework import DjangoFilterBackend# 通过安装第三方库django-filter，即可使用第三种过滤组件：分类
from django_filters.rest_framework import DjangoFilterBackend# drf提供三种分页类
from rest_framework.pagination import PageNumberPagination, LimitOffsetPagination, CursorPaginationclass CourseViewSet(GenericViewSet, ListModelMixin):# 过滤组件filter_backends = [SearchFilter, OrderingFilter, DjangoFilterBackend]# 过滤：全文搜索search_fields = ['name']  # 按数据库非外键字段，包含了目标参数即可匹配# 过滤：分类搜索fields = []  # 按数据库字段，包括外键字段，完全相等才匹配到结果filter_class = CourseFilterSet  # 按设置的分类规则进行分类，优先级大于按字段分类# 过滤：排序ordering_fields = []  # 按数据库字段，包括外键字段# 分页组件pagination_class = PageNumberPagination# pagination_class = LimitOffsetPagination# 分页参数配置：PageNumberPaginationpage_size = 100  # 每页显示最多的数目page_query_param = 'page'  # 前端发送的分页的页数参数的关键字名，默认位"page"page_size_query_param = 'page_size'  # 前端发送的每页数目参数的关键字名，默认位Nonemax_page_size = None  # 前端最多能设置的每页数量# 分页参数配置：LimitOffsetPagination'''default_limit = 100  # 每页显示最多的数目，默认配置与page_size相同，api_settings.PAGE_SIZElimit_query_param = 'limit'offset_query_param = 'offset'  # 偏移多少数目的参数的关键字名max_limit = None'''

过滤组件和分页组件的入口函数

过滤与分页均只对群查接口有意义，因此只在群查中使用，即list()方法中调用组件的入口函数

但是组件的入口函数，是定义在GenericAPIView中的

class GenericAPIView(views.APIView):def filter_queryset(self, queryset):passdef paginate_queryset(self, queryset):pass

过滤组件：分类filter_class

from . import models
from django_filters.filterset import FilterSet
from django_filters import filters
class CourseFilterSet(FilterSet):# 通过NumberFilter类自定义分类字段# 如下定义两个区间分类字段：teacher_id大于min_price和teacher_id小于max_pricemin_price = filters.NumberFilter(field_name='teacher_id', lookup_expr='gte')max_price = filters.NumberFilter(field_name='teacher_id', lookup_expr='lte')class Meta:model = models.Coursefields = ['参与分类的数据库字段']  # 自定义的min_price、max_price字段不需要写在fields里面

创建路由

urls.py

"""eshop URL Configuration
项目urls
"""
from django.conf import settings
from django.conf.urls.static import static
from django.contrib import admin
from django.urls import path, include
from rest_framework.authtoken import viewsurlpatterns = [path('admin/', admin.site.urls),path('computer/', include('computerapp.urls')),path('api-auth/', include('rest_framework.urls', namespace='rest_framework')),   # 增加api认证path('api-token-auth/', views.obtain_auth_token),    # 获得token，利用rest框架自身功能实现]# 如果开启debug模式，使用media文件需要加入以下设置
if settings.DEBUG:urlpatterns += static(settings.MEDIA_URL,document_root=settings.MEDIA_ROOT)

应用urls

from django.urls import path
from rest_framework.urlpatterns import format_suffix_patterns
from computerapp import viewsurlpatterns = [path('user_info/', views.UserInfoView.as_view()),path('user_profile_ru/<int:pk>/', views.UserProfileRUView.as_view()),path('product_list/', views.ProductListView.as_view()),path('product_list_by_category/', views.ProductListByCategoryView.as_view()),path('product_list_by_category_manufacturer/', views.ProductListByCategoryManufacturerView.as_view()),path('product_retrieve/<int:pk>/', views.ProductRetrieveView.as_view()),path('user_create/', views.UserCreateView.as_view()),path('delivery_address_lc/', views.DeliveryAddressLCView.as_view()),path('delivery_address_rud/<int:pk>/', views.DeliveryAddressRUDView.as_view()),path('cart_list/', views.CartListView.as_view()),path('order_list/', views.OrderListView.as_view()),path('order_create/', views.OrderCreateView.as_view()),path('order_rud/<int:pk>/', views.OrderRUDView.as_view()),]urlpatterns = format_suffix_patterns(urlpatterns)

增加用户信息

model使用时系统自带的用户user

views增加用户基本信息

serializers增加

urls增加

models增加用户扩展信息

增加认证功能

认证方法

流程
前端通过用户名密码访问token获取接口，获取token，存储在本地，以后再访问需要认证的资源，可以带着这个token访问接口，后端即认为是此用户名密码用户访问。
目前常用的为客户端webstorage，服务端token；cookie和session方法不再常用

使用token方法

要使用 TokenAuthentication 方案 ，需要在setting包含rest_framework.authtoken应用项；并且配置认证类包含TokenAuthentication。

INSTALLED_APPS = [...'rest_framework.authtoken'
]

增加认证类

当使用 TokenAuthentication, 你可能需要通过提供用户名和密码而获得token这样一个机制。REST framework提供了一个内置的 view 来实现这个功能。只需要添加 obtain_auth_token view 到你的 URLconf就可以使用它。

from rest_framework.authtoken import views
urlpatterns += [path('api-token-auth/', views.obtain_auth_token)
]

用户前端访问这个接口，只需要这一行代码即完成token的生成并返回。
Note that the URL part of the pattern can be whatever you want to use.

The obtain_auth_token view will return a JSON response when valid username and password fields are POSTed to the view using form data or JSON:

{ 'token' : '9944b09199c62bcf9418ad846dd0e4bbdfc6ee4b' }

配置完成后的数据库迁移

manage.py makemigrations 
manage.py migrate

及
rest_framework.authtoken
应用提供了数据库迁移。

C:\djproject\eshop>python manage.py makemigrations
Migrations for 'computerapp':computerapp\migrations\0002_auto_20210404_1048.py- Change Meta options on category- Change Meta options on product- Alter field name on category- Alter field category on product- Alter field model on product- Alter field price on product

C:\djproject\eshop>python manage.py migrate
Operations to perform:Apply all migrations: admin, auth, authtoken, computerapp, contenttypes, sessions
Running migrations:Applying computerapp.0002_auto_20210404_1048... OK

以上第一条记录auth, authtoken，数据迁移。
以下是先做，报了错误，修改后然后做的上面步骤。

C:\djproject\eshop>python manage.py migrate
System check identified some issues:WARNINGS:
?: (rest_framework.W001) You have specified a default PAGE_SIZE pagination rest_framework setting, without specifying also a DEFAULT_PAGINATION_CLASS.HINT: The default for DEFAULT_PAGINATION_CLASS is None. In previous versions this was PageNumberPagination. If you wish to define PAGE_SIZE globally whilst defining pagination_
class on a per-view basis you may silence this check.
Operations to perform:Apply all migrations: admin, auth, authtoken, computerapp, contenttypes, sessions
Running migrations:Applying admin.0003_logentry_add_action_flag_choices... OKApplying auth.0009_alter_user_last_name_max_length... OKApplying auth.0010_alter_group_name_max_length... OKApplying auth.0011_update_proxy_permissions... OKApplying auth.0012_alter_user_first_name_max_length... OKApplying authtoken.0003_tokenproxy... OK

在根urls增加

第一行为引入views
第二行为增加认证功能
第三行为获得token功能，利用了rest自带功能