DRF请求的生命周期:三年程序员的实战感悟

前言:作为工作一个3年左右的码农,在各种框架的摸爬滚打中,我也接触了不少前端后端的技术栈,其中 Django REST Framework(DRF)算是我后端日常工作中的用得最多的框架。今天就简单聊聊DRF请求的生命周期。从请求的发起,到数据的处理,再到最终的响应返回,每一步都有着很多的细节和挑战,由于篇幅原因,我在此篇文章中只是稍作解析,点到为止。


drf中请求的生命周期:

1、django接收请求后,先进行中间件的process_request方法,进行路由匹配后再进行中间件的process_view方法;
class MiddlewareMixin:
	# 中间件源码,当有请求进来时,会自动执行中间件的call方法;
	# 一般我们自定义中间件都是重写process_request和process_view方法
	# 从源码中可看出执行顺序:
    def __call__(self, request):
        # Exit out to async mode, if needed
        if asyncio.iscoroutinefunction(self.get_response):
            return self.__acall__(request)
        response = None
        if hasattr(self, 'process_request'):
            response = self.process_request(request)   
        response = response or self.get_response(request)
        if hasattr(self, 'process_response'):
            response = self.process_response(request, response)
        return response
2、再执行APIView类中的as_view方法获取view函数,并同时免除了csrf认证(闭包原理)
class APIView(View):
    # 简略版源码:
    @classmethod
    def as_view(cls, **initkwargs):
        view = super().as_view(**initkwargs) # 调用原Django框架的as_view方法获取view函数
        view.cls = cls
        view.initkwargs = initkwargs
        return csrf_exempt(view)

# 原Django框架的as_view方法:
class View:
    @classonlymethod
    def as_view(cls, **initkwargs):
        def view(request, *args, **kwargs):
            self = cls(**initkwargs)
            self.setup(request, *args, **kwargs)
            return self.dispatch(request, *args, **kwargs) # 调用dispatch函数
        view.view_class = cls
        view.view_initkwargs = initkwargs
        return view

3、通过路由匹配执行view函数,并在view中调用dispatch函数。
class APIView(View):
    def dispatch(self, request, *args, **kwargs):
        self.args = args
        self.kwargs = kwargs
	# request封装
        request = self.initialize_request(request, *args, **kwargs)
        self.request = request
        self.headers = self.default_response_headers  # deprecate?

        try:  # 捕获异常
            self.initial(request, *args, **kwargs)  # 版本管理、认证。权限、限流组件执行

            if request.method.lower() in self.http_method_names:  # 执行视图函数
                handler = getattr(self, request.method.lower(),
                                  self.http_method_not_allowed)
            else:
                handler = self.http_method_not_allowed

            response = handler(request, *args, **kwargs)

        except Exception as exc:
            response = self.handle_exception(exc)

        self.response = self.finalize_response(request, response, *args, **kwargs)
        return self.response
4、在dispatch中进行版本管理、request封装、认证、权限、限流处理
# 版本管理
    def initial(self, request, *args, **kwargs):

        self.format_kwarg = self.get_format_suffix(**kwargs)

        version, scheme = self.determine_version(request, *args, **kwargs)  # 执行versioning_class中的determine_version方法,获取version和scheme
        request.version, request.versioning_scheme = version, scheme  # 封装参数到request中

        # Ensure that the incoming request is permitted
        self.perform_authentication(request)
        self.check_permissions(request)
        self.check_throttles(request)


# request封装
    def initialize_request(self, request, *args, **kwargs):
        parser_context = self.get_parser_context(request)
        return Request(
            request,
            parsers=self.get_parsers(),
            authenticators=self.get_authenticators(),
            negotiator=self.get_content_negotiator(),
            parser_context=parser_context
        )

#认证
    def _authenticate(self):
        for authenticator in self.authenticators:
            try:
                user_auth_tuple = authenticator.authenticate(self) # 执行authenticate方法进行具体的认证流程
            except exceptions.APIException:
                self._not_authenticated()
                raise

            if user_auth_tuple is not None:
                self._authenticator = authenticator
                self.user, self.auth = user_auth_tuple  # 将返回值进行封装
                return

        self._not_authenticated()


# 权限
    def check_permissions(self, request):
        for permission in self.get_permissions():
            if not permission.has_permission(request, self):  # 多个权限类中有一个方法为False则报错并抛出异常
                self.permission_denied(
                    request,
                    message=getattr(permission, 'message', None),
                    code=getattr(permission, 'code', None)
                )


# 限流
    def check_throttles(self, request):
        throttle_durations = []
        for throttle in self.get_throttles(): # 循环执行各限流类中的方法
            if not throttle.allow_request(request, self):
                throttle_durations.append(throttle.wait()) # 限流方法返回False则将等待时间加到列表中

        if throttle_durations:
            durations = [
                duration for duration in throttle_durations
                if duration is not None
            ]

            duration = max(durations, default=None) # 取列表中的最大等待时间
            self.throttled(request, duration)  # 抛出异常

5、执行具体的视图函数并返回数据
6、执行中间件的process_response方法并返回数据到客户端

以上只是简单分析了一下执行流程,涉及到的源码都是为了方便理解而经过简化的,只供参考。每个组件源码的设计思路和执行流程其实都有一定的复杂度,对于各个组件的源码,我在接下来的日子中也会逐一进行详细剖析。