权限,频率(my)
权限
APP名:AuthDemo
models.py:创建表
from django.db import models # Create your models here. class UserInfo(models.Model): username = models.CharField(max_length=32) token = models.UUIDField() #UUIDField 生成随机字符串用来验证 CHOICES = ((1,"vip"),(2,"svip"),(3,"普通用户")) type = models.IntegerField(choices=CHOICES,default=3)
数据库迁移: makemigrations AuthDemo----.>migrate AuthDemo
utils(工具包)下创建 permissions.py (写权限类)
class MyPermission(object): message = "您没有权限,请充值" def has_permission(self,request,view): #权限逻辑,有权限返回True,没有返回False #认证是在权限前面执行 #request.user user_obj user_obj = request.user if user_obj.type == 1: return True else: return False
views.py(写视图)
from django.shortcuts import render from rest_framework.views import APIView from rest_framework.response import Response from .models import UserInfo #导表 from utils.Auth import MyAuth from utils.permission import MyPermission from rest_framework import permissions import uuid class UserView(APIView): def post(self, request): #接口 username = request.data["username"] #取username UserInfo.objects.create(username=username, token=uuid.uuid4())#创建用户 return Response("ok") class TestAuthView(APIView): permission_classes = [MyPermission,]#配置局部权限认证,不需要在setting配置全局 authentication_classes = [MyAuth,]#局部认证就不需要设置settings.py里的全局认证了 def get(self, request): print(request.user) print(request.auth) return Response("认证权限测试")
urls.py
from django.conf.urls import url from django.contrib import admin from SerDemo.views import fbv,CBVView,BookView # from SerDemo.my_views import BookAPIView,BookEditView from SerDemo.my_views import BooksAPIView from rest_framework.routers import DefaultRouter #路由组件 from VersionDemo.views import VersionView from AuthDemo.views import UserView,TestAuthView # 实例化DefaultRouter对象 router = DefaultRouter() #在router里注册路由以及路由匹配的视图 router.register(r"book",BooksAPIView) #查所有http://127.0.0.1:8000/book可查单条 urlpatterns = [ url(r'^admin/', admin.site.urls), #创建用户 url(r'^user$',UserView.as_view()), #认证 url(r'^test',TestAuthView.as_view()), ]
启服务:127.0.0.7:8000/user?token="表里随机字符串的值” / 127.0.0.7:8000/test?token="表里随机字符串的值”
频率
1,utils(工具包)创建throttle(写类)
自定义的频率限制类:
#======= =============自定义的频率限制类==================== from rest_framework import throttling import time VISIT_RECORD = {} class MyThrottle(object): ''' 60秒访问3次 ''' def __init__(self): self.history = None def allow_request(self,request,view): #view视图 ''' 频率限制的逻辑 通过返回False :param request: :param view: :return: ''' #获取用户IP ip = request.META.get("REMOTE_ADDR") #REMOTE_ADDR是request.META里的方法,是个字典,用来存IP的 #判断IP在访问记录里 now = time.time() #当前时间 if ip not in VISIT_RECORD: #如果不在 VISIT_RECORD[ip] = [now,] #以字典的形式存入访问记录 history = VISIT_RECORD[ip] #如果ip在访问记录里 history = VISIT_RECORD[ip] #把当前访问时间添加到列表最前面 history.insert(0,now) self.history = history #确保列表内的时间都是范围内时间 while history and now - history[-1] >60:#历史记录在列表里,并且时差大于60 秒 history.pop() #删除不符合规定的 if len(history)<=3: #如果访问的次数小于3 return True else: return False def wait(self): #self调用上边的self.history获取时间 ''' 返回还剩多久可以访问 :return: ''' now = time.time() return 60 - (now - self.history[-1])
使用自带的频率限制类=
#==============使用自带的频率限制类============== class MyVisitThrottle(throttling.SimpleRateThrottle): scope="WD" ''' 第一 自己的类里要有scope 第二 settings DEFAULT_THROTTLE_RATES 第三 DEFAULT_THROTTLE_RATES = { scope配置的变量值:xx} 第四 重写 get_cache_key(self,request,view) ''' def get_cache_key(self, request, view): return self.get_ident(request)
views.py
from django.shortcuts import render from rest_framework.views import APIView from rest_framework.response import Response from .models import UserInfo #导表 from utils.Auth import MyAuth from utils.permission import MyPermission from rest_framework import permissions from utils.throttle import MyThrottle, MyVisitThrottle import uuid class UserView(APIView): def post(self, request): #接口 username = request.data["username"] #取username UserInfo.objects.create(username=username, token=uuid.uuid4())#创建用户 return Response("ok") class TestAuthView(APIView): permission_classes = [MyPermission,]#配置局部权限认证,不需要在setting配置全局 authentication_classes = [MyAuth,]#局部认证就不需要设置settings.py里的全局认证了 throttle_classes = [MyVisitThrottle, ] # throttle_classes = [MyThrottle, ] def get(self, request): print(request.user) print(request.auth) return Response("认证权限测试")
settings.py:
REST_FRAMEWORK = { "DEFAULT_VERSIONING_CLASS": "rest_framework.versioning.URLPathVersioning",#默认使用的版本控制类 "DEFAULT_VERSION": "v1", #默认的版本 "ALLOWED_VERSIONS": ["v1", "v2"], #允许的版本 "VERSION_PARAM": "version", #参数名称 "DEFAULT_AUTHENTICATION_CLASSES": ["utils.Auth.MyAuth"], #全局默认认证类 # "DEFAULT_PERMISSION_CLASSES": ["BROP.utils,MyPermission"] #配置全局权限 "DEFAULT_THROTTLE_RATES": { #频率 60秒访问3次 "WD": "3/m" } }
urls.py:
from django.conf.urls import url from django.contrib import admin from SerDemo.views import fbv,CBVView,BookView # from SerDemo.my_views import BookAPIView,BookEditView from SerDemo.my_views import BooksAPIView from rest_framework.routers import DefaultRouter #路由组件 from VersionDemo.views import VersionView from AuthDemo.views import UserView,TestAuthView urlpatterns = [ url(r'^admin/', admin.site.urls), #创建用户 url(r'^user$',UserView.as_view()), #认证 url(r'^test',TestAuthView.as_view()), ] urlpatterns += router.urls #路由组件
起服务,访问
posted on 2018-11-01 15:51 liangliang123456 阅读(110) 评论(0) 编辑 收藏 举报
