揭開DRF序列化技術的神祕面紗
阿新 • • 發佈:2020-12-17
在RESTful API中,介面返回的是JSON,JSON的內容對應的是資料庫中的資料,DRF是通過序列化(Serialization)的技術,把資料模型轉換為JSON的,反之,叫做反序列化(deserialization)。本文就來揭開DRF序列化技術的神祕面紗。
# 建立虛擬環境
虛擬環境是獨立的Python環境,可以和系統環境分離,只安裝需要的包即可,使用以下命令建立並激活:
```shell
# 建立Python虛擬環境
python -m venv env
# 啟用虛擬環境
env\Scripts\activate.bat
# Mac中使用`source env/bin/activate`
```
> 退出虛擬環境用deactivate。
接著在虛擬環境中安裝本文用到的包:
```python
pip install django
pip install djangorestframework
pip install pygments # 程式碼高亮
```
# 建立專案
建立project:
```shell
django-admin startproject tutorial
```
建立app:
```shell
cd tutorial
python manage.py startapp snippets
```
在`tutorial/settings.py`中的`INSTALLED_APPS`新增`snippets`和`rest_framework`:
```python
INSTALLED_APPS = [
...
'rest_framework',
'snippets.apps.SnippetsConfig',
]
```
> 只有新增後,app才會生效哦。
# 建立model
編輯`snippets/models.py`,建立Snippet模型:
```python
from django.db import models
from pygments.lexers import get_all_lexers
from pygments.styles import get_all_styles
LEXERS = [item for item in get_all_lexers() if item[1]]
LANGUAGE_CHOICES = sorted([(item[1][0], item[0]) for item in LEXERS])
STYLE_CHOICES = sorted([(item, item) for item in get_all_styles()])
class Snippet(models.Model):
created = models.DateTimeField(auto_now_add=True)
title = models.CharField(max_length=100, blank=True, default='')
code = models.TextField()
linenos = models.BooleanField(default=False)
language = models.CharField(choices=LANGUAGE_CHOICES, default='python', max_length=100)
style = models.CharField(choices=STYLE_CHOICES, default='friendly', max_length=100)
class Meta:
ordering = ['created']
```
Snippet有6個欄位,created、title、code、linenos、language、style。
接著同步資料庫:
```python
python manage.py makemigrations snippets
python manage.py migrate
```
# 建立Serializer
rest_framework.serializers的結構如下:
> 檢視Python模組中的成員,需要勾選:
>
>
之前我們用過HyperlinkedModelSerializer,是封裝後的符合RESTful良好設計的序列化器,這裡直接使用更底層的Serializer。在`snippets`目錄下建立`serializers.py`,新增以下程式碼:
```python
from rest_framework import serializers
from snippets.models import Snippet, LANGUAGE_CHOICES, STYLE_CHOICES
class SnippetSerializer(serializers.Serializer):
id = serializers.IntegerField(read_only=True)
title = serializers.CharField(required=False, allow_blank=True, max_length=100)
code = serializers.CharField(style={'base_template': 'textarea.html'})
linenos = serializers.BooleanField(required=False)
language = serializers.ChoiceField(choices=LANGUAGE_CHOICES, default='python')
style = serializers.ChoiceField(choices=STYLE_CHOICES, default='friendly')
def create(self, validated_data):
"""
Create and return a new `Snippet` instance, given the validated data.
"""
return Snippet.objects.create(**validated_data)
def update(self, instance, validated_data):
"""
Update and return an existing `Snippet` instance, given the validated data.
"""
instance.title = validated_data.get('title', instance.title)
instance.code = validated_data.get('code', instance.code)
instance.linenos = validated_data.get('linenos', instance.linenos)
instance.language = validated_data.get('language', instance.language)
instance.style = validated_data.get('style', instance.style)
instance.save()
return instance
```
程式碼第一部分定義了序列化/反序列化的欄位,欄位定義方式類似於Form。第二部分的`create()`和`update()`方法定義了呼叫`serializer.save()`時,建立和更新例項的處理方式。
# 玩玩Serializer
既然已經建立好了Serializer,何不玩玩它?只有玩了才知道序列化的技術細節。這裡用到了Django shell,可以在命令列實時看到輸出結果:
```shell
python manage.py shell
```
首先通過模型新增2條測試資料:
```python
from snippets.models import Snippet
from snippets.serializers import SnippetSerializer
from rest_framework.renderers import JSONRenderer
from rest_framework.parsers import JSONParser
snippet = Snippet(code='foo = "bar"\n')
snippet.save()
snippet = Snippet(code='print("hello, world")\n')
snippet.save()
```
接著把它序列化看看:
```python
serializer = SnippetSerializer(snippet)
serializer.data
# {'id': 2, 'title': '', 'code': 'print("hello, world")\n', 'linenos': False, 'language': 'python', 'style': 'friendly'}
```
> 因為`snippet`變數最後引用的是第2個數據模型的例項,所以這裡只顯示第2條資料。
serializer.data返回的是個字典,最後把字典轉換為JSON:
```python
content = JSONRenderer().render(serializer.data)
content
# b'{"id": 2, "title": "", "code": "print(\\"hello, world\\")\\n", "linenos": false, "language": "python", "style": "friendly"}'
```
這就是序列化的過程,模型例項→Python字典→JSON。
反序列化的過程是類似的,先把JSON轉換為Python字典:
```python
import io
stream = io.BytesIO(content)
data = JSONParser().parse(stream)
```
再把字典轉換為模型例項:
```python
serializer = SnippetSerializer(data=data)
serializer.is_valid()
# True
serializer.validated_data
# OrderedDict([('title', ''), ('code', 'print("hello, world")\n'), ('linenos', False), ('language', 'python'), ('style', 'friendly')])
serializer.save()
#
```
> 因為SnippetSerializer的create()方法程式碼是`return Snippet.objects.create(**validated_data)`,所以`serializer.save()`會在資料庫中新增1條資料,並返回Snippet模型例項。
>
另外,序列化物件不只有模型例項,也可以是資料集:
```python
serializer = SnippetSerializer(Snippet.objects.all(), many=True)
serializer.data
# [OrderedDict([('id', 1), ('title', ''), ('code', 'foo = "bar"\n'), ('linenos', False), ('language', 'python'), ('style', 'friendly')]), OrderedDict([('id', 2), ('title', ''), ('code', 'print("hello, world")\n'), ('linenos', False), ('language', 'python'), ('style', 'friendly')]), OrderedDict([('id', 3), ('title', ''), ('code', 'print("hello, world")'), ('linenos', False), ('language', 'python'), ('style', 'friendly')])]
```
# 使用ModelSerializers
rest_framework.serializers.Serializers比較底層,需要重複定義model中的欄位,DRF的作者當然也想到了這個問題,並且給出瞭解決辦法:把Serializers封裝成ModelSerializers。在`snippets/serializers.py`中替換`SnippetSerializer`為:
```python
class SnippetSerializer(serializers.ModelSerializer):
class Meta:
model = Snippet
fields = ['id', 'title', 'code', 'linenos', 'language', 'style']
```
寫法果然簡潔了很多。使用Django shell打印出來看看:
```python
from snippets.serializers import SnippetSerializer
serializer = SnippetSerializer()
print(repr(serializer))
# SnippetSerializer():
# id = IntegerField(label='ID', read_only=True)
# title = CharField(allow_blank=True, max_length=100, required=False)
# code = CharField(style={'base_template': 'textarea.html'})
# linenos = BooleanField(required=False)
# language = ChoiceField(choices=[('Clipper', 'FoxPro'), ('Cucumber', 'Gherkin'), ('RobotFramework', 'RobotFramework'), ('abap', 'ABAP'), ('ada', 'Ada')...
# style = ChoiceField(choices=[('autumn', 'autumn'), ('borland', 'borland'), ('bw', 'bw'), ('colorful', 'colorful')...
```
和手動定義的欄位一模一樣。其實ModelSerializer並沒有做額外的處理,我們可以從它的部分程式碼片段看到:
```python
serializer_field_mapping = {
models.AutoField: IntegerField,
models.BigIntegerField: IntegerField,
models.BooleanField: BooleanField,
# Default `create` and `update` behavior...
def create(self, validated_data):
def update(self, instance, validated_data):
raise_errors_on_nested_writes('update', self, validated_data)
```
建立欄位對映,定義`create()`和`update()`等方法,只做了最簡單的封裝。
# 編寫views
我們之前用的是已經封裝好的rest_framework.viewsets,這裡直接用Django原生的view。在`snippets/views.py`中新增程式碼:
```python
from django.http import HttpResponse, JsonResponse
from django.views.decorators.csrf import csrf_exempt
from rest_framework.parsers import JSONParser
from snippets.models import Snippet
from snippets.serializers import SnippetSerializer
```
先建立snippet_list檢視,返回snippets列表或者新建1個snippet:
```python
@csrf_exempt
def snippet_list(request):
"""
List all code snippets, or create a new snippet.
"""
if request.method == 'GET':
snippets = Snippet.objects.all()
serializer = SnippetSerializer(snippets, many=True)
return JsonResponse(serializer.data, safe=False)
elif request.method == 'POST':
data = JSONParser().parse(request)
serializer = SnippetSerializer(data=data)
if serializer.is_valid():
serializer.save()
return JsonResponse(serializer.data, status=201)
return JsonResponse(serializer.errors, status=400)
```
本文示例中,客戶端發起POST請求是不帶CSRF token的,所以需要新增csrf_exempt(exempt翻譯為免除)裝飾器,允許跨域訪問。這裡只是演示,實際會使用`django-cors-headers`來解決跨域問題,而不是給每個view都加上`@csrf_exempt`。
> CSRF是指跨站請求偽造,攻擊者盜用你的身份,以你的名義傳送惡意請求。CSRF token是指伺服器通過token來認證,如果請求中沒有token或者token不匹配,那麼就認為可能是CSRF而拒絕該請求。
接著新增一個view,對單個snippet進行刪(delete)、改(update)、查(retrieve):
```python
@csrf_exempt
def snippet_detail(request, pk):
"""
Retrieve, update or delete a code snippet.
"""
try:
snippet = Snippet.objects.get(pk=pk)
except Snippet.DoesNotExist:
return HttpResponse(status=404)
if request.method == 'GET':
serializer = SnippetSerializer(snippet)
return JsonResponse(serializer.data)
elif request.method == 'PUT':
data = JSONParser().parse(request)
serializer = SnippetSerializer(snippet, data=data)
if serializer.is_valid():
serializer.save()
return JsonResponse(serializer.data)
return JsonResponse(serializer.errors, status=400)
elif request.method == 'DELETE':
snippet.delete()
return HttpResponse(status=204)
```
> 注意,前面create返回的status為201,這裡retrieve返回的預設的200,附上幾個常見狀態碼:
>
> - 200 OK - GET/PUT/PATCH:伺服器成功返回使用者請求的資料,該操作是冪等的(Idempotent)
> - 201 CREATED - POST:使用者新建資料成功
> - 204 NO content - DELETE:使用者刪除資料成功
> - 400 Invalid request - POST/PUT/PATCH:使用者發出的請求有錯誤,伺服器沒有進行新建或修改資料的操作,該操作是冪等的
> - 401 Unauthorized - *:表示使用者沒有許可權(令牌、使用者名稱、密碼錯誤)
> - 403 Forbidden - *:表示使用者得到授權(與401錯誤相對),但是訪問是被禁止的
最後,新增路由,新建檔案`snippets/urls.py`:
```python
from django.urls import path
from snippets import views
urlpatterns = [
path('snippets/', views.snippet_list),
path('snippets//', views.snippet_detail),
]
```
再配置到`tutorial/urls.py`:
```python
from django.urls import path, include
urlpatterns = [
path('', include('snippets.urls')),
]
```
# 測試API
啟動專案:
```shell
python manage.py runserver
```
新開一個Terminal,安裝HTTP命令列工具:
```shell
pip install httpie
```
請求snippets列表:
```shell
http http://127.0.0.1:8000/snippets/
HTTP/1.1 200 OK
...
[
{
"id": 1,
"title": "",
"code": "foo = \"bar\"\n",
"linenos": false,
"language": "python",
"style": "friendly"
},
{
"id": 2,
"title": "",
"code": "print(\"hello, world\")\n",
"linenos": false,
"language": "python",
"style": "friendly"
}
]
```
請求id為2的snippet:
```shell
http http://127.0.0.1:8000/snippets/2/
HTTP/1.1 200 OK
...
{
"id": 2,
"title": "",
"code": "print(\"hello, world\")\n",
"linenos": false,
"language": "python",
"style": "friendly"
}
```
# 東方說
不得不說DRF的Tutorial實踐性很強,基本上照著做都能敲出來,體驗比較好。序列化的過程,就是模型例項→Python字典→JSON的過程。通過本文也理解了在app中`models.py`→`serializers.py`→`views.py`→`urls.py`的程式碼編寫順序。
> 參考資料:
>
> https://www.django-rest-framework.org/tutorial/1-serialization/
>
> https://blog.csdn.net/yexudengzhidao/article/details/