权限组件
# app.models.py:表结构
class User(models.Model):
user = models.CharField(max_length=32)
password = models.CharField(max_length=32)
choice = ((1, '超级用户'), (2, '普通用户'), (3, '穷逼用户'))
type = models.IntegerField(choices=choice, null=True)
def __str__(self):
return self.user
# app.auth.py:认证模块
class MyPermission(BasePermission):
message = '您的权限不够!'
def has_permission(self, request, view):
user = request.user
if user.type == 1:
return True
return False
# settings.py
REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES': ('app.auth.MyPermission',),
}
# app.views.py
# 在视图类中通过 permission_classes = [] 来局部禁用
class Books(APIView):# 没有局部禁用默认就有
def get(self, request):
return Response({
'status': 0,
'message': 'ok',
'results': []
})
频率组件
#app.auth.py:认证模块
class MyRateThrottle(SimpleRateThrottle):
scope = 'xxx'
def get_cache_key(self, request, view):
# return self.get_ident(request)
return request.META.get('REMOTE_ADDR')
#settings.py:配置文件
REST_FRAMEWORK = {
'DEFAULT_THROTTLE_RATES': {
'xxx': '3/m' #格式对应上面的scope
},
'DEFAULT_THROTTLE_CLASSES': ('app.auth.MyRateThrottle',),
#这样设置为全局使用
}
# app.views.py:视图层
class Books(APIView):
def get(self, request):
return Response({
'status': 0,
'message': 'ok',
'results': []
})
# 自定义错误信息
def throttled(self, request, wait):
from rest_framework.exceptions import Throttled
class MyThrottled(Throttled):
default_detail = '访问频率过快!'
extra_detail_plural = '{wait}秒后再试!'
raise MyThrottled(wait)
频率组件原理
class MyThrottle(BaseThrottle):
# 存放ip与访问时间list的对应关系
VISIT_RECORD = {}
def __init__(self):
# 存放某一访问者历史访问时间的
self.history = None
def allow_request(self, request, view):
# 1) 取出访问者ip
ip = request.META.get('REMOTE_ADDR')
# 2) 获取当前时间
import time
ctime = time.time()
# 3) 判断是否是第一次访问
if ip not in self.VISIT_RECORD:
self.VISIT_RECORD[ip] = [ctime, ]
return True
self.history = self.VISIT_RECORD.get(ip)
# 4) 当前时间与最开始访问时间间隔超出60s则可以再次访问,移除最开始的访问时间
while self.history and ctime - self.history[-1] > 60:
self.history.pop()
# 5) 访问频率的处理
if len(self.history) < 3:
self.history.insert(0, ctime)
return True
else:
return False
def wait(self):
import time
ctime = time.time()
# 还要等多久才能访问
return 60 - (ctime - self.history[-1])