0

当用户未通过身份验证时,我正在尝试使用自定义中间件来限制页面访问。我在“settings.py”中定义了一个应该不受此限制的 URL 列表。但是当我尝试访问任何页面时,我会收到“ERR_TOO_MANY_REDIRECTS”错误。如果需要,请随时要求更多说明和代码参考。

设置.py

MIDDLEWARE = [
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
    'accounts.middleware.LoginRequiredMiddleware',
]

LOGIN_URL = 'home'
LOGIN_REDIRECT_URL = '/'

LOGIN_EXEMPT_URLS = [
    r'^accounts/login/$',
    r'^accounts/register/$',
    r'^accounts/logout/$',
]

中间件.py

import re
from django.conf import settings
from django.shortcuts import redirect

EXEMPT_URLS = []

if hasattr(settings, 'LOGIN_EXEMPT_URLS'):
    EXEMPT_URLS += [re.compile(url) for url in settings.LOGIN_EXEMPT_URLS]

class LoginRequiredMiddleware:
    def __init__(self, get_response):
        print('inside init')
        self.get_response = get_response

    def __call__(self, request):
        print('inside call')
        response = self.get_response(request)
        return response

    def process_view(self, request, view_func, view_args, view_kwargs):
        print('inside view_process')
        path = request.path_info.lstrip('/')
        print(path)

        #assert hasattr(request, 'user')

        if not request.user.is_authenticated:
            print('user not authenticated')
            if not any(url.match(path) for url in EXEMPT_URLS):
                print('redirecting to login url')
                return redirect(settings.LOGIN_URL)

网址.py

from django.contrib import admin
from django.urls import path
from . import views

urlpatterns = [
    path('', views.home, name = 'home'),
    path('product', views.product, name = 'product'),
    path('createOrder', views.createOrder, name = 'createOrder'),
    path('updateOrder/<str:pk>', views.updateOrder, name = 'updateOrder'),
    path('deleteOrder/<str:pk>', views.deleteOrder, name = 'deleteOrder'),
    path('register', views.register, name = 'register'),
    path('login', views.login, name = 'login'),
    path('logout', views.logout, name = 'logout')
]
4

1 回答 1

0

只需用以下内容替换您的中间件:

class LoginRequiredMiddleware:
    def process_request(self, request):
        if not request.user.is_authenticated:
            if not any(url.match(request.path_info.lstrip('/')) for url in EXEMPT_URLS):
                return redirect(settings.LOGIN_URL)
于 2020-05-16T15:03:53.817 回答