Django-RestFramework Flashcards
bjhjbHow to add djangorestframework to the project?
1.Install the project.
python -m pip install djangorestframework~=3.13.0
2.Add it to the django project.insettings.py in main project dir.append to the INSTALLED_APPS list the following line
‘rest_framework’
Is it proffesional to keep the api urls within the same app or do we need to create a new app for that??
Both are fine.When kept within the same app usually as prefix like /api/ is added to differentiate it from the rest.
How to set configurations for the rest_framework?
In settings file create a dict call REST_FRAMEWORK.Configurations are set here.
How to dearl with cors issues in django?
1.Instal django-cors-headers
2.Insert the following entry in middleware list in settings.py just above commonmiddleware.
‘corsheaders.middleware.CoresMiddleware’
3.add a new list called CORS_ALLOWED_ORIGINS in settings.py file
add the hostname urls that are allowed to be accessed from the client side.
Ho to create a new user structure in dkango?
define a new app for this let it be accounts
create a customuser as shown below
———————————————————–
from django.contrib.auth.models import AbstractUser
class CustonUser(AbstractUser):
…
———————————————————–
Make sure you set AUTH_USER_MODEL IN SETTINGS to ‘acoounts.CustomUser’ #Why no model in b/w ???
What are the 4 project level permissions available in restframework??
AllowAny,IsAuthenticated,IsAdminUser,IsAuthenticatedOrReadOnly
how to import permissions?
from rest_framework import permissions
How to add a particular permission to a class view?
include a field called “permission_classes” and assign a list of possinble permissions like string in a tuple
Is permission IsAuthenticated inherit from any base class .If yes name it?
BasePermission
What are the 4 basic types of auth supported by rest_framework out of the box?
Basic auth,Session Auth,Token Auth,Default AUth(comb og basic and session auth)
Hoe does basic auth in rest_framework work?
base64 encoded usrname and password in a string is sent with every req.in authorization header
Disadvantages
Very insecure.HTTPS is a must
Inefficient username and password has to be checked every time.
How does Session Auth work?
username and pass sent with 1st request.a sesion obj is created and stored in server.session id for the same is sent back to th user.User store this on client side and sent with every request afterwards for auth.password is availbale till the end of the session.
Statefull
Adv
more secure as pass sent only once
more efficient since usename and pass has to be checked onl once
Disdv
session id must be kept upto date in all the servers.challenging for large sites.
session id onl valid in only 1 browser.do not work across multiple domain,
cookie sent out with every req event he one that do not require it
How does Token Auth in rest_framework work?
Uniques token is generated and stored on the client side during first login.this token can be used in multiple apps.
Server does not keep the token .It is just checked to be valid or not.
Adv
Scaling servers is easier as session id do not have to kept uptodate.
token can be shared by multiple frontends
Disv
TOkens can get quite large as it contains a lot of information about the user.It can cause performance degradation.
rest_framework default auth setting?
A comb of session auth and basic auth.session id generated is stored in authorization header.
import SessionAuthentication class.also name the rest_framework key for setting auth classes supported.
- rest_framework.authentication.SessionAuthentication
2.DEFAULT_AUTHENTICATION_CLASSES
