如何将公共 API 添加到类似 Intranet 的站点?
我出于协作目的运营了一个 Pinax 网站。我将“account.middleware.AuthenticatedMiddleware”添加到“MIDDLEWARE_CLASSES”中,以便不允许匿名访问网站上的任何内容。
但现在我需要启用公共 API。除了在所有仍需要私有的视图中添加“login_required”装饰器之外,还有其他解决方案吗?
编辑 Gregor Müllegger 的答案不起作用。 settings.AUTHENTICATED_EXEMPT_URLS 似乎在代码中的某处被覆盖,
class AuthenticatedMiddleware(object):
def __init__(self, login_url=None, redirect_field_name=REDIRECT_FIELD_NAME):
if login_url is None:
login_url = settings.LOGIN_URL
self.redirect_field_name = redirect_field_name
self.login_url = login_url
self.exemptions = [
r"^%s" % settings.MEDIA_URL,
r"^%s" % settings.STATIC_URL,
r"^%s$" % login_url,
]
print "settings.AUTHENTICATED_EXEMPT_URLS ",settings.AUTHENTICATED_EXEMPT_URLS
if ( settings.AUTHENTICATED_EXEMPT_URLS):
self.exemptions += settings.AUTHENTICATED_EXEMPT_URLS
print "settings.AUTHENTICATED_EXEMPT_URLS ",settings.AUTHENTICATED_EXEMPT_URLS
不会打印我的设置,但是:
settings.AUTHENTICATED_EXEMPT_URLS ['^/account/signup/$', '^/account/password_reset', '^/account/confirm_email', '^/openid']
我会尝试修复它。
I run a Pinax-site for collaborative purposes. I added 'account.middleware.AuthenticatedMiddleware' to 'MIDDLEWARE_CLASSES' in order to not allow anonymous access to anything on the site.
But now I need public APIs to be enabled. Is there any solutions besides adding 'login_required'-decorator at all the views that still need to be private?
edit
Gregor Müllegger answer doesn't work. settings.AUTHENTICATED_EXEMPT_URLS seems to get overwritten somewhere in the code
class AuthenticatedMiddleware(object):
def __init__(self, login_url=None, redirect_field_name=REDIRECT_FIELD_NAME):
if login_url is None:
login_url = settings.LOGIN_URL
self.redirect_field_name = redirect_field_name
self.login_url = login_url
self.exemptions = [
r"^%s" % settings.MEDIA_URL,
r"^%s" % settings.STATIC_URL,
r"^%s$" % login_url,
]
print "settings.AUTHENTICATED_EXEMPT_URLS ",settings.AUTHENTICATED_EXEMPT_URLS
if ( settings.AUTHENTICATED_EXEMPT_URLS):
self.exemptions += settings.AUTHENTICATED_EXEMPT_URLS
print "settings.AUTHENTICATED_EXEMPT_URLS ",settings.AUTHENTICATED_EXEMPT_URLS
doesn't print my settings but this:
settings.AUTHENTICATED_EXEMPT_URLS ['^/account/signup/
I will try to fix it.
, '^/account/password_reset', '^/account/confirm_email', '^/openid']
I will try to fix it.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
查看 AuthenticatedMiddleware 的源代码。
它显示有一个名为
AUTHENTICATED_EXEMPT_URLS的设置。它可以包含公开的正则表达式。在settings.py中将其设置为类似以下内容:这将使
/api/下面的任何 URL 无需登录即可使用。Have a look at the source code of
AuthenticatedMiddleware.It reveals that there is a setting called
AUTHENTICATED_EXEMPT_URLS. It can contain regular expressions that are left public. Set it to something like this in yoursettings.py:This will make any URLs below
/api/available without being logged in.t