当前位置: 首页 > news >正文

django安装、跨域、缓存、令牌、路由、中间件等配置

news 2025/7/18 8:25:37

注意:如果是使用 PyCharm 编程工具就不用创建虚拟化,直接打开 PyCharm 选择新建的目录

直接调过下面的步骤1

1. 项目初始化

如果不是用 PyCharm 编辑器就需要手动创建虚拟环境

在项目目录cmd,自定义名称的虚拟环境

# 激活虚拟环境
python -m venv django_env
# 激活虚拟环境
django_env\Scripts\activate.bat  # Windows
# source django_env/bin/activate  # Linux/Mac

# 验证虚拟环境是否激活(提示符前应显示 (django_env))
(django_env) F:\git\project\serverAdmin\Django>

2. 安装依赖

# 安装 Django 及必要组件
pip install django django-cors-headers djangorestframework django-redis redis djangorestframework-simplejwt mysqlclient

如果提示升级pip,是新项目建议更新 

# 验证安装版本
python -m django --version  # 应显示 Django 版本号

3. 创建项目与多应用结构

# 创建 Django 项目
django-admin startproject backend
# 进入项目目录
cd backend
# 创建多个应用,自行创建
python manage.py startapp accounts  # 用户认证
python manage.py startapp products  # 商品管理
python manage.py startapp orders    # 订单系统
python manage.py startapp utils     # 工具类

4. 核心配置(backend/settings.py

"""
Django settings for backend project.Generated by 'django-admin startproject' using Django 5.2.4.For more information on this file, see
https://docs.djangoproject.com/en/5.2/topics/settings/For the full list of settings and their values, see
https://docs.djangoproject.com/en/5.2/ref/settings/
"""
import os
from pathlib import Path# Build paths inside the project like this: BASE_DIR / 'subdir'.
BASE_DIR = Path(__file__).resolve().parent.parent# Quick-start development settings - unsuitable for production
# See https://docs.djangoproject.com/en/5.2/howto/deployment/checklist/# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = "django-insecure-e6)+pcowg#7$$t=mfje93!%186-qa6=8f5$i86l8gjpyl&yukx"# SECURITY WARNING: don't run with debug turned on in production! 生产环境中禁用调试模式
DEBUG = True # 开发环境
# DEBUG = False  # 生产环境ALLOWED_HOSTS = ['*'] # 开发环境
# ALLOWED_HOSTS = ['api.your-domain.com']  # 生产环境# Application definition  应用注册
INSTALLED_APPS = ["django.contrib.admin","django.contrib.auth","django.contrib.contenttypes","django.contrib.sessions","django.contrib.messages","django.contrib.staticfiles",'corsheaders',  # 跨域支持'rest_framework',  # REST API'django_redis',  # Redis缓存'accounts',  # 权限'utils',  # 工具应用
]# 中间件
MIDDLEWARE = ['corsheaders.middleware.CorsMiddleware',  # 跨域必须在CommonMiddleware之前"django.middleware.security.SecurityMiddleware","django.contrib.sessions.middleware.SessionMiddleware","django.middleware.common.CommonMiddleware","django.middleware.csrf.CsrfViewMiddleware","django.contrib.auth.middleware.AuthenticationMiddleware","django.contrib.messages.middleware.MessageMiddleware","django.middleware.clickjacking.XFrameOptionsMiddleware",
]# 跨域配置(开发环境)
CORS_ALLOW_ALL_ORIGINS = True  # 允许所有域名跨域(开发环境)
# 生产环境使用白名单:
# CORS_ALLOWED_ORIGINS = [
#     "http://localhost:3000",  # 前端开发服务器
#     "https://your-frontend.com",  # 生产环境域名
# ]# 允许携带凭证(如cookies、HTTP认证)
CORS_ALLOW_CREDENTIALS = True  # 允许跨域请求携带凭证
# 允许的请求方法
CORS_ALLOW_METHODS = ['DELETE','GET','OPTIONS','PATCH','POST','PUT',
]
# 允许的请求头
CORS_ALLOW_HEADERS = ['accept','accept-encoding','authorization',  # 用于JWT认证'content-type','dnt','origin','user-agent','x-csrftoken','x-requested-with','token',  # 自定义token头'openid',  # 自定义openid头'sessionkey',  # 自定义session头
]# DRF 配置
REST_FRAMEWORK = {# ... 已有配置 ...'DEFAULT_AUTHENTICATION_CLASSES': ['rest_framework_simplejwt.authentication.JWTAuthentication',  # 示例:JWT认证'rest_framework.authentication.SessionAuthentication',  # 会话认证],'DEFAULT_PERMISSION_CLASSES': ['rest_framework.permissions.IsAuthenticated',  # 默认需要登录]
}# Redis 配置
CACHES = {"default": {"BACKEND": "django_redis.cache.RedisCache","LOCATION": "redis://127.0.0.1:6379/0",  # Redis 服务器地址和数据库编号"OPTIONS": {"CLIENT_CLASS": "django_redis.client.DefaultClient","CONNECTION_POOL_KWARGS": {"max_connections": 100}, # 连接池最大连接数"PASSWORD": "",  # 如果 Redis 有密码,添加到这里}}
}
# Session 存储(可选:使用 Redis 存储会话)
SESSION_ENGINE = "django.contrib.sessions.backends.cache"
ROOT_URLCONF = "backend.urls"# 数据库配置(示例:MySQL)
DATABASES = {'default': {'ENGINE': 'django.db.backends.mysql','NAME': 'your_database','USER': 'root','PASSWORD': 'your_password','HOST': 'localhost','PORT': '3306',}
}TEMPLATES = [{"BACKEND": "django.template.backends.django.DjangoTemplates","DIRS": [],"APP_DIRS": True,"OPTIONS": {"context_processors": ["django.template.context_processors.request","django.contrib.auth.context_processors.auth","django.contrib.messages.context_processors.messages",],},},
]WSGI_APPLICATION = "backend.wsgi.application"# Database
# https://docs.djangoproject.com/en/5.2/ref/settings/#databases# DATABASES = {
#     "default": {
#         "ENGINE": "django.db.backends.sqlite3",
#         "NAME": BASE_DIR / "db.sqlite3",
#     }
# }# Password validation
# https://docs.djangoproject.com/en/5.2/ref/settings/#auth-password-validatorsAUTH_PASSWORD_VALIDATORS = [{"NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator",},{"NAME": "django.contrib.auth.password_validation.MinimumLengthValidator",},{"NAME": "django.contrib.auth.password_validation.CommonPasswordValidator",},{"NAME": "django.contrib.auth.password_validation.NumericPasswordValidator",},
]# Internationalization
# https://docs.djangoproject.com/en/5.2/topics/i18n/
# 改中国
LANGUAGE_CODE = "zh-hans"
TIME_ZONE = 'Asia/Shanghai'
# 确保默认字符编码是 UTF-8
DEFAULT_CHARSET = 'utf-8'USE_I18N = True
USE_L10N = True
USE_TZ = True# Static files (CSS, JavaScript, Images)
# https://docs.djangoproject.com/en/5.2/howto/static-files/# 生产 静态文件配置
STATIC_URL = '/static/'
STATIC_ROOT = os.path.join(BASE_DIR, 'staticfiles')# STATICFILES_DIRS = [BASE_DIR / 'static']  # 开发 时静态文件存放路径# 媒体文件配置
MEDIA_URL = '/media/'
MEDIA_ROOT = os.path.join(BASE_DIR, 'media')# Default primary key field type
# https://docs.djangoproject.com/en/5.2/ref/settings/#default-auto-fieldDEFAULT_AUTO_FIELD = "django.db.models.BigAutoField"
5.项目级路由(backend/urls.py
"""
URL configuration for backend project.The `urlpatterns` list routes URLs to views. For more information please see:https://docs.djangoproject.com/en/5.2/topics/http/urls/
Examples:
Function views1. Add an import:  from my_app import views2. Add a URL to urlpatterns:  path('', views.home, name='home')
Class-based views1. Add an import:  from other_app.views import Home2. Add a URL to urlpatterns:  path('', Home.as_view(), name='home')
Including another URLconf1. Import the include() function: from django.urls import include, path2. Add a URL to urlpatterns:  path('blog/', include('blog.urls'))
"""from django.contrib import admin
from django.urls import path, include
from .Index import loginurlpatterns = [path("admin/", admin.site.urls),# 公共路由path('index/login/', Index.login), # 用户登录# 所有API路由统一入口path('api/utils/', include('utils.urls')),  # 工具类应用
]

在公共目录,创建需要登录API的 Index 文件 login方法

比如 path('index/login/', Index.login), # 用户登录

import json
from django.http import JsonResponse
from django.views.decorators.http import require_http_methods# 登录后台
@require_http_methods(["GET", "POST"])
def login(request):print(666)data = {"code": 2000,"date": [],"message": "登录验证"}return JsonResponse(data)

其它子应用路由 分发

比如  path('api/utils/', include('utils.urls')),  # 工具类应用

在utils创建路由文件

from django.urls import path
from .index import Indexurlpatterns = [path('index/', Index.index)
]

创建子应用的文件和方法  path('index/', Index.index) 

import json
from django.http import JsonResponse
from django.views.decorators.http import require_http_methods@require_http_methods(["GET", "POST"])
def index(request):print(666)data = {"code": 2000,"date": [],"message": "我是子应用"}return JsonResponse(data)

 这样就是多应用的前后分离了,也可以在nginx那做负载均衡

6.运行项目

# 迁移数据库
python manage.py makemigrations
python manage.py migrate# 创建超级用户
python manage.py createsuperuser# 启动开发服务器
python manage.py runserver
# 指定端口
python manage.py runserver 8100

访问地址:

公告API接口
http://127.0.0.1:8100/index/login/  子应用
http://127.0.0.1:8100/api/utils/index/

如果像要psot请求要携带 CSRF 令牌

import json
from django.http import JsonResponse
from django.views.decorators.http import require_http_methods
# 生成CSRF 令牌
from django.middleware.csrf import get_token# 登录后台
@require_http_methods(["GET", "POST"])
def login(request):print(6666)token = get_token(request)data = {"code": 2000,"date": [],'csrf_token': token,"message": "查询成功"}return JsonResponse(data)

 前端必须带  X-CSRFToken 头,必须是这个名X-CSRFToken

// 1. 获取 CSRF 令牌
axios.get('/api/csrf/').then(response => {const csrfToken = response.data.csrf_token;// 2. 发送 POST 请求时,在请求头中携带令牌axios.post('/api/utils/index/', {}, {headers: {'X-CSRFToken': csrfToken  // 关键:必须用 X-CSRFToken 头}}).then(res => console.log(res.data)).catch(err => console.error(err));});

或者settings.py文件注释django.middleware.csrf.CsrfViewMiddleware,关闭CSRF防护

# 中间件
MIDDLEWARE = ['corsheaders.middleware.CorsMiddleware',  # 跨域必须在CommonMiddleware之前"django.middleware.security.SecurityMiddleware","django.contrib.sessions.middleware.SessionMiddleware","django.middleware.common.CommonMiddleware",# "django.middleware.csrf.CsrfViewMiddleware", # 关闭 CSRF 防护 前端不用携带 CSRF 令牌 可以post访问"django.contrib.auth.middleware.AuthenticationMiddleware","django.contrib.messages.middleware.MessageMiddleware","django.middleware.clickjacking.XFrameOptionsMiddleware",
]

http://www.dtcms.com/a/281884.html

相关文章:

  • Jenkins全方位CI/CD实战指南
  • LabVIEW Occurrence功能
  • 嵌入式Linux(RV1126)系统定制中的编译与引导问题调试报告
  • 【RTSP从零实践】12、TCP传输H264格式RTP包(RTP_over_TCP)的RTSP服务器(附带源码)
  • 基于WebRTC技术实现一个在线课堂系统
  • el-input 回显怎么用符号¥和变量拼接展示?
  • Spring Boot 解决跨域问题
  • Spring Boot - Spring Boot 集成 MyBatis 分页实现 手写 SQL 分页
  • 日语学习-日语知识点小记-构建基础-JLPT-N3阶段(5):语法+单词
  • Buffer Pool
  • css 如何实现大屏4个占位 中屏2个 小屏幕1个
  • Samba服务器
  • Git版本控制完全指南:从入门到精通
  • 网络编程/Java面试/TCPUDP区别
  • 基于spring boot养老院老人健康监护平台设计与实现
  • SFT:大型语言模型专业化定制的核心技术体系——原理、创新与应用全景
  • docker run elasticsearch 报错
  • JAVA面试宝典 -《分布式ID生成器:Snowflake优化变种》
  • 详解SPFA算法-单源最短路径求解
  • C++ - 仿 RabbitMQ 实现消息队列--sqlite与gtest快速上手
  • 基于springboot+vue的酒店管理系统设计与实现
  • 一叶障目不见森林
  • 身份证号码姓名认证解决方案-身份证三要素API接口
  • Apache IoTDB(1):时序数据库介绍与单机版安装部署指南
  • 更灵活方便的初始化、清除方法——fixture【pytest】
  • QT跨平台应用程序开发框架(9)—— 容器类控件
  • 城市守护者的蓝色印记
  • Qt小组件 - 5 图片懒加载样例
  • 【MAC】nacos 2.5.1容器docker安装
  • Python面向对象编程(OOP)详解:通俗易懂的全面指南