没有“授权”标头，如何访问授权标头？姜戈

Question

我需要检查每个传入请求的授权 HTTP 标头。

首先我实现了中间件。现在在 devtools 的网站上（当我发布一些东西时）我看到带有令牌的授权标头。

class MyMiddleware:

    def __init__(self, get_response):
        self.get_response = get_response

    def __call__(self, request):
        user_id = request.POST.get('created_by', False)
        try:
            api_token = CustomUser.objects.get(user=user_id).api_token

        except MyUser.DoesNotExist:
            api_token = ''
        response = self.get_response(request)
        response['Authorization'] = "Bearer " + api_token

        return response



class MyApiView(mixins.ListModelMixin, viewsets.GenericViewSet):
    queryset = Event.objects.all()
    serializer_class = EventSerializer
    @action(methods=['POST'], detail=False)
    def post(self, request):
        print(request.META['HTTP_AUTHORIZATION']) **#keyerror**
        print(request.META['Authorization']) **#keyerror**
        print(request.headers.items()) **#no authorization header**
        tutorial_serializer = MyApiSerializer(data=request.data)
        if tutorial_serializer.is_valid():
            tutorial_serializer.save()
            return Response(tut`enter code here`orial_serializer.data, status=status.HTTP_201_CREATED)
        return Response(tutorial_serializer.errors, status=status.HTTP_400_BAD_REQUEST)

Answer 1

您将标题分配给错误的实体。无需将标头添加到响应（Django 将返回给客户端的内容），您需要将其添加到请求标头中：

from django.utils.deprecation import MiddlewareMixin


class CustomHeaderMiddleware(MiddlewareMixin):

    def process_request(self, request):
        user_id = request.POST.get('created_by', False)
        try:
            api_token = CustomUser.objects.get(user=user_id).api_token
        except CustomUser.DoesNotExist:
            api_token = ''
        request.META['HTTP_Authorization'] = "Bearer " + api_token
        response = self.get_response(request)
        return response