{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 我想做一个坏孩纸 的问题《Generate PDF of Protected Django Webpage with Atta》','https://www.manongdao.com/q-422626.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
So I'm trying to generate a PDF of a view that I have in a django web application. This view is protected, meaning the user has to be logged in and have specific permission to view the page. I also have some attachments (stored in the database as FileFields) that I would like to append to the end of the PDF.
I've read most of the posts I could find on how to generate PDFs from a webpage using pdfkit or reportlab, but all of them fail for me for some reason or another.
Currently, the closest I've gotten is successfully generating a PDF of the page using pdfkit, but this requires me to remove the restrictions that require the user to be logged in and have page permissions, which really isn't an option long term. I found a couple posts that discuss printing pdfs on protected pages and providing login information, but I couldn't get any of that to work.
I haven't found anything on how to include attachments, and don't really know where to start with that.
I'm more than happy to update this question with more information or snippets of code if need be, but there's quite a few moving parts here and I don't want to flood people with useless information. Let me know if there's any other information I should provide, and thanks in advance for any help.
I got it working! Through a combination of PyPDF2 and pdfkit, I got this to work pretty simply. It works on protected pages because django takes care of getting the complete html as a string, which I just pass to pdfkit. It also supports appending attachments, but I doubt (though I haven't tested) that it works with anything other than pdfs.
You can use pdfkit to do that. You can retrieve the page using the url and pdfkit will handle the rest:
You will have to properly access the page using the appropriate headers for it is protected of course:
If you just want to secure it, you could write a custom Authentication Backend that lets your server spoof users. Way over-kill but it would solve your problem and at least you get to learn about custom auth backends! (Note: You should be using HTTPS.)
https://docs.djangoproject.com/en/1.11/topics/auth/customizing/#writing-an-authentication-backend
app/auth_backends.pyapp.auth_backends.SpoofAuthBackendbackend tosettings.pythat takes ashared_secretanduser_id.url(r'^spoof-user/(?P<user_id>\d+)/$', 'app.views.spoof_user', name="spoof-user")spoof_userthat must invoke bothdjango.contrib.auth.authenticate(which invokes backend in #1 above) and after getting user fromauthenticate(...)you pad the request with the userdjango.contrib.auth.login(request, user). Finally, this view should returnHttpResponseForbiddenif the shared secret is wrong orHttpResponseRedirectto the PDF URL you actually want (after logging in to spoof user programmatically viaauthenticateandlogin).You would probably want to create a random secret key each request using something like
cache.set('spoof-user-%s' % user_id, RANDOM_STRING, 30)which persists shared secret for 30 seconds to allow time for request. Then performpdf_response = requests.get("%s?shared_secret=1a2b3c&redirect_uri=/path/to/pdf/" % reverse('spoof-user', kwargs={'user_id': 1234})). Your new view will test the providedshared_secretin auth backend, login user to request and perform redirect torequest.GET.get('redirect_uri').