drf—— 编写登录接口,用同一个接口既可以不登录访问,又可以登录访问
要求:
编写登录接口,一个接口既可以不登录访问,又可以登录访问(匿名用户一分钟访问1次,登录用户一分钟访问3次)
#需要用到student和user表
1.models.py
from django.db import models class Student(models.Model): name = models.CharField(max_length=32) sex = models.SmallIntegerField(choices=((1, '男'), (2, '女'), (3, '未知')), default=1) age = models.IntegerField() class User(models.Model): username = models.CharField(max_length=32) password = models.CharField(max_length=32) user_type = models.IntegerField(choices=((1, '超级用户'), (2, '普通用户'), (3, '二笔用户')),default=1) #此表完全可以与User表合为一个,但这样解耦合,可扩展性高 class UserToken(models.Model): user = models.OneToOneField(to='User',on_delete=models.CASCADE) token = models.CharField(max_length=64)
2.数据迁移,两条命令;然后连接数据库,在user和student表中写入测试数据
3.serializer.py
from rest_framework import serializers from app01.models import Student class StudentSerializer(serializers.ModelSerializer): sex = serializers.CharField(source='get_sex_display') class Meta: model = Student fields = '__all__'
4.auth.py
from rest_framework.throttling import BaseThrottle,SimpleRateThrottle from app01 import models #from rest_framework.exceptions import AuthenticationFailed from rest_framework.authentication import BaseAuthentication class LoginAuth(BaseAuthentication): def authenticate(self, request): token = request.GET.get('token') res = models.UserToken.objects.filter(token=token).first() if res: return (res.user, token) else: return None class MySimpleThrottle(SimpleRateThrottle): scope = 'xxx' def get_cache_key(self, request, view): if not request.user.id: # 没有登录用户 return self.get_ident(request) # 根据ip限制 else: return None class MyLoginThrottle(SimpleRateThrottle): scope = 'login' def get_cache_key(self, request, view): return request.user.pk
5.views.py
from rest_framework.views import APIView from app01 import models import uuid from app01.auth import LoginAuth,MyLoginThrottle,MySimpleThrottle class LoginView(APIView): authentication_classes = [] def post(self, request): res = {'code': 100, 'msg': '登录成功'} username = request.data.get('username') password = request.data.get('password') # 查询数据库 user = models.User.objects.filter(username=username, password=password).first() if user: token = uuid.uuid4() # 生成一个随机字符串 # 把token存到UserToken表中(如果是第一次登录:新增,如果不是第一次:更新) models.UserToken.objects.update_or_create(defaults={'token': token}, user=user) res['token'] = token return Response(res) else: res['code'] = 101 res['msg'] = '用户名或密码错误' return Response(res) from app01.models import Student from app01.serializer import StudentSerializer from rest_framework.mixins import ListModelMixin from rest_framework.viewsets import GenericViewSet from rest_framework.response import Response from rest_framework.mixins import CreateModelMixin class StudentView(GenericViewSet, ListModelMixin, CreateModelMixin): queryset = Student.objects.all() serializer_class = StudentSerializer authentication_classes = [LoginAuth,] throttle_classes = [MyLoginThrottle,MySimpleThrottle,]
6.urls.py
from django.urls import path from app01 import views #自动生成路由 from rest_framework.routers import SimpleRouter router=SimpleRouter() router.register('students',views.StudentView) urlpatterns = [ path('login/', views.LoginView.as_view()), ] urlpatterns+=router.urls print(router.urls)
7.settings.py
INSTALLED_APPS = [ ... 'rest_framework' ] REST_FRAMEWORK = { # 'DEFAULT_THROTTLE_CLASSES':['app01.auth.MyThrottle',], 'DEFAULT_THROTTLE_RATES' : { 'xxx':'1/m', 'login':'3/m' } }
后续:
如果要写两个接口,一个接口不登陆访问1次,一个接口登录访问3次,可以用以下的方式:(推荐使用写两个接口,这样解耦合,不需要写那么多判断麻烦) -方式一: -写两个频率类(一个是根据ip限制,另一个根据userid) -方式二: -使用内置的,如果可以,就没问题就可以,如果又问题需要继承重写get_cache_key方法