drf自定義認證，許可權，IP頻率，的簡單程式碼

阿新 • • 發佈：2022-03-21

認證：

from rest_framework.authentication import BaseAuthentication
from rest_framework.exceptions import AuthenticationFailed
from rest_framework.settings import api_settings
from app01.models import Reg, UserToken


class MyAuthentication(BaseAuthentication):
    def authenticate(self, request):
        user = getattr(request._request, 'user', None)
        token = request.GET.get('token')
        if not token:
            authuser = api_settings.UNAUTHENTICATED_USER()
            return authuser, token
            # raise AuthenticationFailed('請求頭中沒有token值')
        user_token = UserToken.objects.filter(token=token).first()
        if not user_token:
            raise AuthenticationFailed('user_token表中沒有值')
        return user_token.user, token

許可權：

from rest_framework.permissions import AllowAny

from rest_framework.permissions import BasePermission

from rest_framework.exceptions import APIException

class Mypermissions(BasePermission):
    def has_permission(self, request, view):
        if request.user.user_type == 1:
            return True
        return False

頻率：

from rest_framework.throttling import BaseThrottle

class MyAnonUserThrottle(BaseThrottle):
    VISIT_RECORD = {}

    def __init__(self):
        self.history = None
        self.Second = 0
        self.number = 0

    def allow_request(self, request, view):
        if request.auth:
            if request.user.user_type == 1:
                self.Second = 60
                self.number = 6
                bl = MyThrottles(self, request, view)
                return bl
            if request.user.user_type == 2:
                return True
            if request.user.user_type == 3:
                return True
        # return None
        else:
            self.Second = 30
            self.number = 3
            bl = MyThrottles(self, request, view)
            return bl

    def wait(self):
        import time
        ctime = time.time()
        return 60 - (ctime - self.history[-1])

#網上抄的程式碼  自己定義的時間段內 超出了自定義訪問次數 
def MyThrottles(self=None, request=None, view=None):
    # （1）取出訪問者ip
    # print(request.META)
    ip = request.META.get('REMOTE_ADDR')
    import time
    ctime = time.time()
    # （2）判斷當前ip不在訪問字典裡，新增進去，並且直接返回True,表示第一次訪問
    if ip not in self.VISIT_RECORD:
        self.VISIT_RECORD[ip] = [ctime, ]
        return True
    self.history = self.VISIT_RECORD.get(ip)
    # （3）迴圈判斷當前ip的列表，有值，並且當前時間減去列表的最後一個時間大於60s，把這種資料pop掉，這樣列表中只有60s以內的訪問時間，
    while self.history and ctime - self.history[-1] > self.Second:
        self.history.pop()
    # （4）判斷，當列表小於3，說明一分鐘以內訪問不足三次，把當前時間插入到列表第一個位置，返回True，順利通過
    # （5）當大於等於3，說明一分鐘內訪問超過三次，返回False驗證失敗
    if len(self.history) < self.number:
        self.history.insert(0, ctime)
        return True
    else:
        return False