Django Rest Framwork(认证，权限，频率）简单使用（一）

一、rest认证

在RestView.py中定义如下：

def token_md5(username):
    """
    :Function： 生成随机字符串Md5，
    :param username:
    :return:   Md5随机字符串
    """
    import hashlib
    import time
    ctime = str(time.time())
    token_a = hashlib.md5(bytes(username, encoding='utf-8'))
    token_a.update(bytes(ctime, encoding='utf-8'))
    return token_a.hexdigest()

class AuthView(APIView):
    """
    用户登录，设置token随机字符串
    """
    authentication_classes = []
    permission_classes = []
　　#throttle_classes=[]  
    def post(self, request, *args, **kwargs):
        ret = {'code': 1000, 'msg': None}
        username = request._request.POST.get('username')
        passwd = request._request.POST.get('passwd')
        obj = models.User.objects.filter(username=username, passwd=passwd).first()
        if not obj:
            ret['code'] = 1001
            ret['msg'] = "登录失败"
        else:
            token = token_md5(username)
            ret['token'] = token
            ret['code'] = 200
            ret['msg'] = '登录成功'
            # token数据中添加token随机字符串
            co, created = models.UserToken.objects.update_or_create(user=obj, defaults={'token': token})
　　　　　return JsonResponse(ret, json_dumps_params={'ensure_ascii': False})#这边要写ensure_ascii：False保证中文不乱吗

在App的utils中定义auth（认证），permission（权限），Mythrottling(访问频率）

utils中的auth.py

from cmdb import models
from rest_framework import exceptions
from rest_framework.authentication import BaseAuthentication
class Authenticate(BaseAuthentication):
    """
    用户认证
    """
    def authenticate(self, request, *args, **kwargs):
        """
        :Function: 验证是否含有token随机字符串
        :param request:
        :param args:
        :param kwargs:
        :return: request.user, request.auth 请求用户名和认证
        """
        token_obj = request._request.GET.get('token')
        select_auth_result = models.UserToken.objects.filter(token=token_obj).first()
        if not select_auth_result:
            raise exceptions.AuthenticationFailed('登录失败oo!')
        return (select_auth_result.user, select_auth_result)#源码中返回一个user，和一个auth的元组

    def authenticate_header(self,request):
        pass

permission.py:

from rest_framework.permissions import BasePermission
class VipUserPermission(BasePermission):
    message='你不是Svip用户，没有权利访问'
    def has_permission(self, request, view):
        if request.user.user_type != 3:
            return False
        return True

Mythrottlings.py:

from rest_framework.throttling import BaseThrottle, SimpleRateThrottle
class My_login_throtte(SimpleRateThrottle):
    scope = 'AuthGet'
    def get_cache_key(self, request, view):
        return self.get_ident(request)

 在全局settings配置中配置如下：

REST_FRAMEWORK = {
    "DEFAULT_AUTHENTICATION_CLASSES": ['cmdb.utils.auth.Authenticate', ],  # 其中写认证的类的路径，不要在views中，这里我放在了utils目录下auth.py中
    "UNAUTHENTICATED_USER": lambda: "匿名",  # 匿名用户配置，只需要函数或类的对应的返回值，对应request.user="匿名"
    "UNAUTHENTICATED_token": None,  # 匿名token，只需要函数或类的对应的返回值，对应request.auth=None
     "DEFAULT_PERMISSION_CLASSES" : ['cmdb.utils.permission.VipUserPermission',], #权限控制
     "DEFAULT_THROTTLE_CLASSES" : ['cmdb.utils.Mythrottling.My_login_throtte',],  #访问频率控制
     "DEFAULT_THROTTLE_RATES":{
                     'AuthGet': '5/m',
                               }    #设置源码中的rate值
　　
}

在指定的视图中用

   authentication_classes = []
   permission_classes = []
　 throttle_classes=[]  

来表示不适用全局配置：