drf自定義認證,許可權,IP頻率,的簡單程式碼
阿新 • • 發佈:2022-03-21
認證:
from rest_framework.authentication import BaseAuthentication from rest_framework.exceptions import AuthenticationFailed from rest_framework.settings import api_settings from app01.models import Reg, UserToken class MyAuthentication(BaseAuthentication): def authenticate(self, request): user = getattr(request._request, 'user', None) token = request.GET.get('token') if not token: authuser = api_settings.UNAUTHENTICATED_USER() return authuser, token # raise AuthenticationFailed('請求頭中沒有token值') user_token = UserToken.objects.filter(token=token).first() if not user_token: raise AuthenticationFailed('user_token表中沒有值') return user_token.user, token
許可權:
from rest_framework.permissions import AllowAny from rest_framework.permissions import BasePermission from rest_framework.exceptions import APIException class Mypermissions(BasePermission): def has_permission(self, request, view): if request.user.user_type == 1: return True return False
頻率:
from rest_framework.throttling import BaseThrottle class MyAnonUserThrottle(BaseThrottle): VISIT_RECORD = {} def __init__(self): self.history = None self.Second = 0 self.number = 0 def allow_request(self, request, view): if request.auth: if request.user.user_type == 1: self.Second = 60 self.number = 6 bl = MyThrottles(self, request, view) return bl if request.user.user_type == 2: return True if request.user.user_type == 3: return True # return None else: self.Second = 30 self.number = 3 bl = MyThrottles(self, request, view) return bl def wait(self): import time ctime = time.time() return 60 - (ctime - self.history[-1]) #網上抄的程式碼 自己定義的時間段內 超出了自定義訪問次數 def MyThrottles(self=None, request=None, view=None): # (1)取出訪問者ip # print(request.META) ip = request.META.get('REMOTE_ADDR') import time ctime = time.time() # (2)判斷當前ip不在訪問字典裡,新增進去,並且直接返回True,表示第一次訪問 if ip not in self.VISIT_RECORD: self.VISIT_RECORD[ip] = [ctime, ] return True self.history = self.VISIT_RECORD.get(ip) # (3)迴圈判斷當前ip的列表,有值,並且當前時間減去列表的最後一個時間大於60s,把這種資料pop掉,這樣列表中只有60s以內的訪問時間, while self.history and ctime - self.history[-1] > self.Second: self.history.pop() # (4)判斷,當列表小於3,說明一分鐘以內訪問不足三次,把當前時間插入到列表第一個位置,返回True,順利通過 # (5)當大於等於3,說明一分鐘內訪問超過三次,返回False驗證失敗 if len(self.history) < self.number: self.history.insert(0, ctime) return True else: return False