drf自定义认证,权限,IP频率,的简单代码
认证:
from rest_framework.authentication import BaseAuthentication
from rest_framework.exceptions import AuthenticationFailed
from rest_framework.settings import api_settings
from app01.models import Reg, UserToken
class MyAuthentication(BaseAuthentication):
def authenticate(self, request):
user = getattr(request._request, 'user', None)
token = request.GET.get('token')
if not token:
authuser = api_settings.UNAUTHENTICATED_USER()
return authuser, token
# raise AuthenticationFailed('请求头中没有token值')
user_token = UserToken.objects.filter(token=token).first()
if not user_token:
raise AuthenticationFailed('user_token表中没有值')
return user_token.user, token
权限:
from rest_framework.permissions import AllowAny
from rest_framework.permissions import BasePermission
from rest_framework.exceptions import APIException
class Mypermissions(BasePermission):
def has_permission(self, request, view):
if request.user.user_type == 1:
return True
return False
频率:
from rest_framework.throttling import BaseThrottle
class MyUserThrottle(BaseThrottle):
VISIT_RECORD = {}
def __init__(self):
self.history = None
self.Second = 0
self.number = 0
def allow_request(self, request, view):
if request.auth:
if request.user.user_type == 1:
self.Second = 60
self.number6
bl = MyThrottles(self, request, view)
return bl
if request.user.user_type == 2:
return True
if request.user.user_type == 3:
return True
# return None
else:
self.Second = 60
self.number6
bl = MyThrottles(self, request, view)
return bl
def wait(self):
import time
ctime = time.time()
return 60 - (ctime - self.history[-1])
is_bl = True
class MyAnonUserThrottle(BaseThrottle):
VISIT_RECORD = {}
# Second = 60
number = 6
timeout = 30
anon_Second = 30
anon_number = 3
anon_timeout = 60
def __init__(self):
self.history = None
def allow_request(self, request, view):
if request.auth:
if request.user.user_type == 1:
if is_bl:
num = 60
else:
num = 30
bl = MyThrottles(self, request, view, num)
return bl
if request.user.user_type == 2:
return True
if request.user.user_type == 3:
return True
# return None
else:
if is_bl:
num = 60
else:
num = 60
self.number = 3
self.timeout = 60
bl = MyThrottles(self, request, view,num)
return bl
def wait(self):
import time
ctime = time.time()
m = self.timeout - (ctime - self.history[-1])
print(m)
return m
#网上抄的代码 改动了一点点
def MyThrottles(self=None, request=None, view=None, Second=None):
# (1)取出访问者ip
# print(request.META)
ip = request.META.get('REMOTE_ADDR')
import time
ctime = time.time()
# (2)判断当前ip不在访问字典里,添加进去,并且直接返回True,表示第一次访问
if ip not in self.VISIT_RECORD:
self.VISIT_RECORD[ip] = [ctime, ]
return True
self.history = self.VISIT_RECORD.get(ip)
# (3)循环判断当前ip的列表,有值,并且当前时间减去列表的最后一个时间大于60s,把这种数据pop掉,这样列表中只有60s以内的访问时间,
while self.history and ctime - self.history[-1] > Second:
self.history.pop()
# (4)判断,当列表小于3,说明一分钟以内访问不足三次,把当前时间插入到列表第一个位置,返回True,顺利通过
# (5)当大于等于3,说明一分钟内访问超过三次,返回False验证失败
global is_bl
if len(self.history) < self.number:
is_bl = True
self.history.insert(0, ctime)
return True
else:
# self.history[-1] = self.history[-1] -self.char
is_bl = False
return False
浙公网安备 33010602011771号