码迷,mamicode.com
首页 > 其他好文 > 详细

restframework认证权限频率

时间:2018-11-21 16:01:24      阅读:110      评论:0      收藏:0      [点我收藏+]

标签:lse   get   ase   time()   注册   图片   src   失败   init   

认证组件

认证组件的流程

技术分享图片
--> CBV里的APIView --> self.dispatch() --> self.initial() 
--> self.perform_authentication() --> request.user
--> self.initialize_request     --> Request类
--> def user(self) 
--> self._authenticate()    
        for authenticator in self.authenticators:
            try:
                user_auth_tuple = authenticator.authenticate(self)
            except exceptions.APIException:
                self._not_authenticated()
                raise

            if user_auth_tuple is not None:
                self._authenticator = authenticator
                self.user, self.auth = user_auth_tuple
                return

        self._not_authenticated()
认证流程

app01.utils.py下

class TokenAuth(BaseAuthentication):
    """自己写的认证类"""

    def authenticate(self, request):
        token = request.GET.get("token")
        token_obj = Token.objects.filter(token=token).first()
        if not token_obj:
            # 认证失败
            raise exceptions.AuthenticationFailed("认证失败!")
        else:
            # print("token_obj.user.name", token_obj.user.name)
            # print("token_obj.token", token_obj.token)
            return token_obj.user.name, token_obj.token

局部的配置

views.py下

from app01.utils import * 
class PublishView(APIView):
    # 认证组件
    authentication_classes = [TokenAuth, ]

    def get(self, request):

        print("token_obj.user.name", request.user)  # 在认证组件注册进去的
        print("token_obj.token", request.auth)
        publish_list = Publish.objects.all()
        ps = PublisherModerSerializers(publish_list, many=True)
        return Response(ps.data)

    def post(self, request):
        ps = PublisherModerSerializers(data=request.data)
        if ps.is_valid():
            ps.save()
            return Response(ps.data)
        else:
            return Response(ps.errors)

全局的配置

setting.py下

setting.py
    REST_FRAMEWORK = {
        "DEFAULT_AUTHENTICATION_CLASSES": ("app01.utils.TokenAuth", ),

    }

# 某条接口不想走全局的认证的话,可以在局部配一条空的认证配置
authentication_classes = []

权限组件

权限组件

app01.utils.py下

class SVIPPermission(object):
    """权限类"""
    message = "只有超级用户可以访问"

    def has_permission(self, request, view):
        username = request.user
        user_type = User.objects.filter(name=username).first().user_type
        if user_type == 3:
            # 通过验证
            return True
        else:
            # 验证失败
            return False

局部的配置

views.py下

from app01.utils import *

class BookViewSet(generics.ListCreateAPIView):
    permission_classes = [SVIPPermission,]
    queryset = Book.objects.all()
    serializer_class = BookSerializers

全局的配置

setting.py下

REST_FRAMEWORK={
    "DEFAULT_PERMISSION_CLASSES":["app01.utils.SVIPPermission",]
}

频率组件

app01.utils.py下

from rest_framework.throttling import BaseThrottle

VISIT_RECORD={}
class VisitThrottle(BaseThrottle):

    def __init__(self):
        self.history=None

    def allow_request(self,request,view):
        remote_addr = request.META.get(REMOTE_ADDR)
        print(remote_addr)
        import time
        ctime=time.time()

        if remote_addr not in VISIT_RECORD:
            VISIT_RECORD[remote_addr]=[ctime,]
            return True

        history=VISIT_RECORD.get(remote_addr)
        self.history=history

        while history and history[-1]<ctime-60:
            history.pop()

        if len(history)<3:
            history.insert(0,ctime)
            return True
        else:
            return False

    def wait(self):
        import time
        ctime=time.time()
        return 60-(ctime-self.history[-1])

views.py下

from app01.utils import *

class BookViewSet(generics.ListCreateAPIView):
    throttle_classes = [VisitThrottle,]
    queryset = Book.objects.all()
    serializer_class = BookSerializers

setting.py下

REST_FRAMEWORK={
    "DEFAULT_THROTTLE_CLASSES":["app01.utils.VisitThrottle",]
}

内置throttle类

app01.utils.py下

class VisitThrottle(SimpleRateThrottle):

    scope="visit_rate"
    def get_cache_key(self, request, view):

        return self.get_ident(request)

setting.py下

REST_FRAMEWORK={
    "DEFAULT_THROTTLE_CLASSES":["app01.utils.VisitThrottle",],
    "DEFAULT_THROTTLE_RATES":{
    "visit_rate":"5/m",
}
}

 

restframework认证权限频率

标签:lse   get   ase   time()   注册   图片   src   失败   init   

原文地址:https://www.cnblogs.com/sunch/p/9994065.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!