How to create a Rest Api in Django
Introduction
Now that you've learned how to create a REST API in Django, to get a deeper understanding Further flesh out and output. __ I will omit the explanation of environment construction this time. __ __ I am using the environment built in the following article, so please be sure to refer to it. __ Create a virtual environment with Anaconda and link it with PyCharm. Also, please note that all arbitrary names are based on the ones used in the above article.
Advance preparation & environment
・ Chrome Mod Header ・ Postman ・ Anaconda Navigator ・ PyCharm CE ・ MacOS
table of contents
- Creating a model
- Creating a serializer
- Create view
- Operation check
- Bonus: Set API to be available from front end
1. Creating a model
A model is a Python that allows you to design, create, and operate a database (so-called ORM). The table name is defined using the fields provided by class and column models. You can get each value by specifying auto_now_add = True for the data creation time and auto_now = True for the update time.
models.py
from django.db import models
# Create your models here.
#Database design
class Todo(models.Model):
title = models.CharField(max_length=50)
content = models.CharField(max_length=400)
created_at = models.DateTimeField(auto_now_add=True)
updated_at = models.DateTimeField(auto_now=True)
Make migrations and migrate the created model. Of course, I will explain it properly. -Makemigrations: Create migration files for database version control. -Migrate: Change the database configuration or undo the change.
$ python manage.py makemigrations
$ python manage.py migrate
This completes model creation and migrate.
2. Creating a serializer
A serializer is to input / output data to / from the model by changing the data into an appropriate form such as validation and password hashing. It acts as a bridge from the input form to the model that handles the database. Create a new serializers.py directly under the api. Tokens in this chapter are authentication tokens. You can imagine the authentication token as information (character string) for uniquely recognizing the user.
serializers.py
from rest_framework import serializers
from .models import Todo
#Import the User model provided by default in django
from django.contrib.auth.models import User
#Import tokens for users
from rest_framework.authtoken.models import Token
class UserSerializer(serializers.ModelSerializer):
#Class for basic settings
class Meta:
model = User
fields = ('id', 'username', 'password')
#password cannot be accessed by GET and must be entered
extra_kwargs = {'password': {'write_only':True, 'required': True}}
#Override the create method used to create the user.
def create(self,validated_data):
#Hash password
user = User.objects.create_user(**validated_data)
#Generate token
Token.objects.create(user=user)
return user
class TodoSerializer(serializers.ModelSerializer):
#Changed django's Datetimefield notation
created_at = serializers.DateTimeField(format="%Y-%m-%d %H:%M", read_only=True)
updated_at = serializers.DateTimeField(format="%Y-%m-%d %H:%M", read_only=True)
class Meta:
model = Todo
fields = ['id','title','content','created_at','updated_at']
You have now created a serializer.
3. Create view
Views control data access rights and authentication. It is responsible for allowing CRUD to be handled only by properly authenticated users. Create a permission file before creating views. This is to prevent PUT and DELETE in the User model. Create own permissions directly under api and specify to accept only GET and POST.
ownpermissions
from rest_framework import permissions
class OwnPermission(permissions.BasePermission):
def has_object_permission(self, request, view, obj):
#SAFE_GET with METHOD,Only POST allowed
if request.method in permissions.SAFE_METHODS:
return True
return False
Then create the view.
views.py
from django.shortcuts import render
#Library required for token authentication
from rest_framework.authentication import TokenAuthentication
from rest_framework.permissions import IsAuthenticated
#Library required to create a view
from rest_framework import generics
from rest_framework import viewsets
#Import the created model and serializer
from django.contrib.auth.models import User
from .models import Todo
from .serializers import UserSerializer,TodoSerializer
#Import the created permission
from .ownpermissions import OwnPermission
class UserViewSet(viewsets.ModelViewSet):
#Get all user objects
queryset = User.objects.all()
#Specify the serializer to use
serializer_class = UserSerializer
#Specify so that anyone can see it
permission_classes = (OwnPermission,)
class ManageUserView(generics.RetrieveUpdateAPIView):
serializer_class = UserSerializer
#Specify that only authenticated users can access
authentication_classes = (TokenAuthentication,)
#Specify to allow only logged-in users
permission_classes = (IsAuthenticated,)
#A function that returns logged-in user information
def get_object(self):
return self.request.user
class TodoViewSet(viewsets.ModelViewSet):
queryset = Todo.objects.all()
serializer_class = TodoSerializer
authentication_classes = (TokenAuthentication,)
permission_classes = (IsAuthenticated,)
The view is now complete.
Let's also create urls. urls are responsible for linking views and paths. Make the following edits to both your project and your app. (Create a new app)
drfapi/urls
from django.contrib import admin
from django.urls import path
from django.conf.urls import include
from rest_framework.authtoken.views import obtain_auth_token
urlpatterns = [
path('admin/', admin.site.urls),
#Go see the api urls
path('api/',include('api.urls')),
#POSTing a username and password returns a token.
path('auth/',obtain_auth_token ),
]
Models inherited from generics use as_view () to associate the view with the path.
api/urls
from django.urls import path
from django.conf.urls import include
from rest_framework import routers
from api.views import UserViewSet, ManageUserView, TodoViewSet
router = routers.DefaultRouter()
router.register('users',UserViewSet)
router.register('todolist',TodoViewSet)
urlpatterns = [
path('myself/',ManageUserView.as_view( ), name='myself'),
#POSTing a username and password returns a token.
path('',include(router.urls)),
]
6. Operation check
First, check the admin dashboard to see if the model works properly. Write a function that returns the title name to models.py, and code that makes Todo recognized by admin in admin.py.
models.py
def __str__(self):
return self.title
admin.py
from django.contrib import admin
from .models import Todo
#Register Todo as admin
admin.site.register(Todo)
You need a super user (authorized user) to log in to the admin dashboard. The super user (authorized user) is created from the terminal.
When you enter the following command, a response will be returned, so enter name, email, password. You can leave the email blank. If it is a simple password, you will be warned, but if there is no problem, enter y.
$ python magange.py createsuperuser
Username (leave blank to use host name): admin
Email address:
Password:
Password (again):
The password is too similar to the username.
This password is too short. It must contain at least 8 characters.
This password is too common.
Bypass password validation and create user anyway? [y/N]: y
Superuser created successfully.
Now let's use the admin dashboard.
Execute manage.py and add "/ api / users" to the URL of the local host to access it.
Enter your username and password to log in.
After logging in, enter the title and content from [ADD TO DO] of Todos.
If you can save it as shown in the image below, the model is working properly.
Next, use Postman to check the operation of CRUD.
While running manage.py as before, add "/ api / users" to the URL of the local host and access it.
Enter your username and password to POST and GET again.
If the value is updated as shown in the image below, USER's GET and POST communication is successful.
Next, let's access Todolist.
Convert the "users" part of the URL to "todolist" and access it.
I've been warned that I don't have CRUD privileges unless I'm an authenticated user.
This is because I wrote in views.py that user authentication is required.
Access using the authentication token. The authentication token is obtained from Postman.
Start Postman.
When it starts, press the white "+" button.
Enter the URL with "auth" added. Select POST for the Http request.
Create a username and password field from Body> form-data and enter the existing VALUE.
When you press SEND, the token will be returned and you can copy it.
Launch chrome ModHeader from your browser.
Press the "+" button
Select Authorization and enter Token "copied token". (Half-width space after Token)
You can now also access the Todolist.
5. Bonus: Set API to be available from front end
Install CORS. CORS is a system that consists of forwarding HTTP headers that determines whether the browser blocks the front-end JavaScript code from accessing the response of a cross-origin request. By the way, the origin is a combination of "scheme (protocol)", "host (domain)" and "port" of the URL of the resource itself.
$ pip install django-cors-headers
Make Django aware of CORS.
setting.py
INSTALLED_APPS = [
#<Abbreviation>
'corsheaders',
]
MIDDLEWARE = [
#<Abbreviation>
'corsheaders.middleware.CorsMiddleware',
]
CORS_ORIGIN_WHITELIST = [
'http://localhost:3000',
]
You can now access it from the front end. In the next article, I'd like to summarize how to access the API from the front side.
References
・ Overview of Django (https://docs.djangoproject.com/ja/3.1/intro/overview/) -Let's create a device management tool with the Django REST API (https://www.udemy.com/course/django-rest-api/) ・ [Learning memo] About Make migrations and Migrate (https://qiita.com/frosty/items/8c715a53d7920c9cd1eb) ・ I summarized what I learned from the Django REST framework (https://qiita.com/breakthrough/items/f845592961d8863a72c5). ・ MDN (https://developer.mozilla.org/ja/docs/Glossary/CORS)
Recommended Posts