当用户未通过身份验证时,我正在尝试使用自定义中间件来限制页面访问。我在“settings.py”中定义了一个应该不受此限制的 URL 列表。但是当我尝试访问任何页面时,我会收到“ERR_TOO_MANY_REDIRECTS”错误。如果需要,请随时要求更多说明和代码参考。
设置.py
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'accounts.middleware.LoginRequiredMiddleware',
]
LOGIN_URL = 'home'
LOGIN_REDIRECT_URL = '/'
LOGIN_EXEMPT_URLS = [
r'^accounts/login/$',
r'^accounts/register/$',
r'^accounts/logout/$',
]
中间件.py
import re
from django.conf import settings
from django.shortcuts import redirect
EXEMPT_URLS = []
if hasattr(settings, 'LOGIN_EXEMPT_URLS'):
EXEMPT_URLS += [re.compile(url) for url in settings.LOGIN_EXEMPT_URLS]
class LoginRequiredMiddleware:
def __init__(self, get_response):
print('inside init')
self.get_response = get_response
def __call__(self, request):
print('inside call')
response = self.get_response(request)
return response
def process_view(self, request, view_func, view_args, view_kwargs):
print('inside view_process')
path = request.path_info.lstrip('/')
print(path)
#assert hasattr(request, 'user')
if not request.user.is_authenticated:
print('user not authenticated')
if not any(url.match(path) for url in EXEMPT_URLS):
print('redirecting to login url')
return redirect(settings.LOGIN_URL)
网址.py
from django.contrib import admin
from django.urls import path
from . import views
urlpatterns = [
path('', views.home, name = 'home'),
path('product', views.product, name = 'product'),
path('createOrder', views.createOrder, name = 'createOrder'),
path('updateOrder/<str:pk>', views.updateOrder, name = 'updateOrder'),
path('deleteOrder/<str:pk>', views.deleteOrder, name = 'deleteOrder'),
path('register', views.register, name = 'register'),
path('login', views.login, name = 'login'),
path('logout', views.logout, name = 'logout')
]