Django的AuthenticationMiddleware有什么技巧

LazyUser 就像是一个懒惰的包装器。它的 get 方法是 Python 中的一种特殊方法，当你访问这个对象时，它会被调用。因此，用户的具体信息只有在真正需要的时候才会被确定。这是有道理的，因为这个操作会触发数据库的调用，而这些调用只有在用户确实需要的时候才应该发生。

LazyUser 并不是直接分配给请求实例本身，而是分配给请求的实例类，这样它也能在实例中使用。为什么要这样做，我就不太清楚了。

LazyUser对象是一个Python描述符，也就是说，它是一个可以控制自己如何通过其父类的实例来访问的对象。（听起来有点复杂。）让我来给你简单解释一下：

# Having a LazyUser means we don't have to get the actual User object
# for each request before it's actually accessed.
class LazyUser(object):
    # Define the __get__ operation for the descripted object.
    # According to the docs, "descr.__get__(self, obj, type=None) --> value".
    # We don't need the type (obj_type) for anything, so don't mind that.
    def __get__(self, request, obj_type=None):
        # This particular request doesn't have a cached user?
        if not hasattr(request, '_cached_user'):
            # Then let's go get it!
            from django.contrib.auth import get_user
            # And save it to that "hidden" field.
            request._cached_user = get_user(request)
        # Okay, now we have it, so return it.
        return request._cached_user

class AuthenticationMiddleware(object):
    # This is done for every request...
    def process_request(self, request):
        # Sanity checking.
        assert hasattr(request, 'session'), "blah blah blah."
        # Put the descriptor in the class's dictionary. It can thus be
        # accessed by the class's instances with `.user`,  and that'll
        # trigger the above __get__ method, eventually returning an User, 
        # AnonymousUser, or what-have-you.
        # Come to think of it, this probably wouldn't have to be done 
        # every time, but the performance gain of checking whether we already
        # have an User attribute would be negligible, or maybe even negative.
        request.__class__.user = LazyUser()
        # We didn't mess with the request enough to have to return a
        # response, so return None.
        return None

这样解释有没有帮助呢？ :)