认证组件
认证组件的流程
--> CBV里的APIView --> self.dispatch() --> self.initial() --> self.perform_authentication() --> request.user --> self.initialize_request --> Request类 --> def user(self) --> self._authenticate() for authenticator in self.authenticators: try: user_auth_tuple = authenticator.authenticate(self) except exceptions.APIException: self._not_authenticated() raise if user_auth_tuple is not None: self._authenticator = authenticator self.user, self.auth = user_auth_tuple return self._not_authenticated()
app01.utils.py下
class TokenAuth(BaseAuthentication): """自己写的认证类""" def authenticate(self, request): token = request.GET.get("token") token_obj = Token.objects.filter(token=token).first() if not token_obj: # 认证失败 raise exceptions.AuthenticationFailed("认证失败!") else: # print("token_obj.user.name", token_obj.user.name) # print("token_obj.token", token_obj.token) return token_obj.user.name, token_obj.token
局部的配置
views.py下
from app01.utils import * class PublishView(APIView): # 认证组件 authentication_classes = [TokenAuth, ] def get(self, request): print("token_obj.user.name", request.user) # 在认证组件注册进去的 print("token_obj.token", request.auth) publish_list = Publish.objects.all() ps = PublisherModerSerializers(publish_list, many=True) return Response(ps.data) def post(self, request): ps = PublisherModerSerializers(data=request.data) if ps.is_valid(): ps.save() return Response(ps.data) else: return Response(ps.errors)
全局的配置
setting.py下
setting.py REST_FRAMEWORK = { "DEFAULT_AUTHENTICATION_CLASSES": ("app01.utils.TokenAuth", ), }
# 某条接口不想走全局的认证的话,可以在局部配一条空的认证配置
authentication_classes = []
权限组件
权限组件
app01.utils.py下
class SVIPPermission(object): """权限类""" message = "只有超级用户可以访问" def has_permission(self, request, view): username = request.user user_type = User.objects.filter(name=username).first().user_type if user_type == 3: # 通过验证 return True else: # 验证失败 return False
局部的配置
views.py下
from app01.utils import * class BookViewSet(generics.ListCreateAPIView): permission_classes = [SVIPPermission,] queryset = Book.objects.all() serializer_class = BookSerializers
全局的配置
setting.py下
REST_FRAMEWORK={ "DEFAULT_PERMISSION_CLASSES":["app01.utils.SVIPPermission",] }
频率组件
app01.utils.py下
from rest_framework.throttling import BaseThrottle VISIT_RECORD={} class VisitThrottle(BaseThrottle): def __init__(self): self.history=None def allow_request(self,request,view): remote_addr = request.META.get('REMOTE_ADDR') print(remote_addr) import time ctime=time.time() if remote_addr not in VISIT_RECORD: VISIT_RECORD[remote_addr]=[ctime,] return True history=VISIT_RECORD.get(remote_addr) self.history=history while history and history[-1]<ctime-60: history.pop() if len(history)<3: history.insert(0,ctime) return True else: return False def wait(self): import time ctime=time.time() return 60-(ctime-self.history[-1])
views.py下
from app01.utils import * class BookViewSet(generics.ListCreateAPIView): throttle_classes = [VisitThrottle,] queryset = Book.objects.all() serializer_class = BookSerializers
setting.py下
REST_FRAMEWORK={ "DEFAULT_THROTTLE_CLASSES":["app01.utils.VisitThrottle",] }
内置throttle类
app01.utils.py下
class VisitThrottle(SimpleRateThrottle): scope="visit_rate" def get_cache_key(self, request, view): return self.get_ident(request)
setting.py下
REST_FRAMEWORK={ "DEFAULT_THROTTLE_CLASSES":["app01.utils.VisitThrottle",], "DEFAULT_THROTTLE_RATES":{ "visit_rate":"5/m", } }