1 # permission.py
2 from rest_framework.permissions import BasePermission
3
4
5 class comm_BasePermission(BasePermission):
6 def has_permission(self, request, view):
7 user = request.user
8 print(user.get_user_type_display())
9 print(user.username)
10 # if user.user_type == 1 or 2:
11 if user.user_type == 1:
12 return True
13 else:
14 return False
# authontionscate.py
1 from rest_framework.authentication import BaseAuthentication
2
3 from rest_framework.exceptions import AuthenticationFailed
4
5 from . import models
6
7
8 class comm_authentication(BaseAuthentication):
9 def authenticate(self, request):
10 # token 放的位置由后端决定
11 token = request.GET.get('token')
12 # token = reques
13 if token:
14 token_user = models.UserToken.objects.filter(token=token).first()
15 if token_user:
16 return token_user.user, token
17 # else:
18 # AuthenticationFailed({'code': 101, 'msg': '你没有权限'})
19 else:
20 raise AuthenticationFailed('token认证失败')
21 else:
22 raise AuthenticationFailed('token没有')
1 # model.py
2 from django.db import models
3
4
5 class Book(models.Model):
6 title = models.CharField(max_length=64)
7 author = models.CharField(max_length=225)
8 price = models.CharField(max_length=64)
9
10
11 class User(models.Model):
12 username = models.CharField(max_length=16)
13 password = models.CharField(max_length=32)
14 user_type = models.IntegerField(choices=((1, 'vip'), (2, 'comm'), (3, '2b')))
15
16
17 class UserToken(models.Model):
18 token = models.CharField(max_length=64)
19 user = models.OneToOneField(to='User', on_delete=models.DO_NOTHING)
20
21 # urls.py
22 from django.contrib import admin
23 from django.urls import path, re_path, include
24 from rest_framework.routers import SimpleRouter
25
26 from app01 import views
27
28 router = SimpleRouter()
29 router.register('', views.BookView, 'get1')
30
31 urlpatterns = [
32 path('admin/', admin.site.urls),
33 path('login/', views.LoginView.as_view()),
34 path('', include(router.urls)),
35
36 ]
37
38 # views.py
39 import uuid
40 from django.shortcuts import render
41 from rest_framework.views import APIView
42 from rest_framework.response import Response
43 from rest_framework.decorators import action
44 from rest_framework.viewsets import ModelViewSet
45 from rest_framework.generics import GenericAPIView
46
47 from rest_framework.authentication import SessionAuthentication
48 from rest_framework.permissions import IsAdminUser
49 from rest_framework.throttling import AnonRateThrottle, UserRateThrottle
50
51 from . import models
52 from . import serializer
53 from .authontionscate import comm_authentication
54 from .permission import comm_BasePermission
55
56 '''
57 1.认证配合权限(自定义)局部
58 2.认证配合权限(内置)全局
59 3.认证+频率(内置)---未登录的用户 登录的用户 进行限制
60 4.认证+权限+频率(内置)
61 '''
62
63
64 # 1.认证配合权限(自定义)局部
65 # 图书返回接口
66 # class BookView(ModelViewSet):
67 # authentication_classes = [comm_authentication]
68 # permission_classes = [comm_BasePermission]
69 # queryset = models.Book.objects.all()
70 # serializer_class = serializer.ModelViewSetSerializer
71 #
72 # @action(methods=['GET', 'POST'], detail=False)
73 # def get1(self, request):
74 # book = self.get_queryset()[0:2]
75 # book_serializer = self.get_serializer(book, many=True)
76 # return Response({'code': 100, 'msg': '成功', 'data': book_serializer.data})
77 #
78 #
79 # # 登录接口
80 # class LoginView(APIView):
81 # def post(self, request):
82 # username = request.data.get('username')
83 # password = request.data.get('password')
84 # user = models.User.objects.filter(username=username, password=password).first()
85 # if user:
86 # token = uuid.uuid4()
87 # models.UserToken.objects.update_or_create(defaults={'token': token}, user=user)
88 # return Response({'code': 100, 'msg': '成功', 'token': token})
89 # else:
90 # return Response({'code': 101, 'msg': '失败,账号错误或密码错误'})
91
92
93 # 2.认证配合权限(内置)全局
94 # class BookView(ModelViewSet):
95 # queryset = models.Book.objects.all()
96 # serializer_class = serializer.ModelViewSetSerializer
97 #
98 # @action(methods=['GET', 'POST'], detail=False)
99 # def get1(self, request):
100 # book = self.get_queryset()[0:2]
101 # book_serializer = self.get_serializer(book, many=True)
102 # return Response({'code': 100, 'msg': '成功', 'data': book_serializer.data})
103 #
104 #
105 # # 登录接口
106 # class LoginView(APIView):
107 # authentication_classes = []
108 # permission_classes = []
109 #
110 # def post(self, request):
111 # username = request.data.get('username')
112 # password = request.data.get('password')
113 # user = models.User.objects.filter(username=username, password=password).first()
114 # if user:
115 # token = uuid.uuid4()
116 # models.UserToken.objects.update_or_create(defaults={'token': token}, user=user)
117 # return Response({'code': 100, 'msg': '成功', 'token': token})
118 # else:
119 # return Response({'code': 101, 'msg': '失败,账号错误或密码错误'})
120
121
122 # # 3.认证+频率(内置)--- 未登录的用户 登录的用户 进行限制
123 # class BookView(ModelViewSet):
124 # queryset = models.Book.objects.all()
125 # serializer_class = serializer.ModelViewSetSerializer
126 #
127 # @action(methods=['GET', 'POST'], detail=False)
128 # def get1(self, request):
129 # book = self.get_queryset()[0:2]
130 # book_serializer = self.get_serializer(book, many=True)
131 # return Response({'code': 100, 'msg': '成功', 'data': book_serializer.data})
132 #
133 #
134 # # 登录接口
135 # class LoginView(APIView):
136 # authentication_classes = []
137 # permission_classes = []
138 #
139 # def post(self, request):
140 # username = request.data.get('username')
141 # password = request.data.get('password')
142 # user = models.User.objects.filter(username=username, password=password).first()
143 # if user:
144 # token = uuid.uuid4()
145 # models.UserToken.objects.update_or_create(defaults={'token': token}, user=user)
146 # return Response({'code': 100, 'msg': '成功', 'token': token})
147 # else:
148 # return Response({'code': 101, 'msg': '失败,账号错误或密码错误'})
149
150
151 # 4.认证+权限+频率(内置)
152 class BookView(ModelViewSet):
153 authentication_classes = [SessionAuthentication]
154 permission_classes = [IsAdminUser]
155 throttle_classes = [AnonRateThrottle, UserRateThrottle]
156 queryset = models.Book.objects.all()
157 serializer_class = serializer.ModelViewSetSerializer
158
159 @action(methods=['GET', 'POST'], detail=False)
160 def get1(self, request):
161 book = self.get_queryset()[0:2]
162 book_serializer = self.get_serializer(book, many=True)
163 return Response({'code': 100, 'msg': '成功', 'data': book_serializer.data})
164
165
166 # 登录接口
167 class LoginView(APIView):
168 authentication_classes = []
169 permission_classes = []
170
171 def post(self, request):
172 username = request.data.get('username')
173 password = request.data.get('password')
174 user = models.User.objects.filter(username=username, password=password).first()
175 if user:
176 token = uuid.uuid4()
177 models.UserToken.objects.update_or_create(defaults={'token': token}, user=user)
178 return Response({'code': 100, 'msg': '成功', 'token': token})
179 else:
180 return Response({'code': 101, 'msg': '失败,账号错误或密码错误'})
181
182 # serializer.py
183 from rest_framework import serializers
184 from . import models
185
186
187 class ModelViewSetSerializer(serializers.ModelSerializer):
188 class Meta:
189 model = models.Book
190 fields = '__all__'
191
192 # settings.py
193
194 REST_FRAMEWORK = {
195 # 2.内置登录认证
196 'DEFAULT_AUTHENTICATION_CLASSES': [
197 'rest_framework.authentication.SessionAuthentication',
198 ],
199 # 2.内置权限
200 'DEFAULT_PERMISSION_CLASSES': [
201 'rest_framework.permissions.IsAdminUser',
202 ],
203 # 3.内置频率--未登录限制
204 'DEFAULT_THROTTLE_CLASSES': (
205 'rest_framework.throttling.AnonRateThrottle',
206 ),
207 'DEFAULT_THROTTLE_RATES': {
208 'anon': '3/m',
209 },
210 # 3.登录与未登录限制
211 'DEFAULT_THROTTLE_CLASSES': (
212 'rest_framework.throttling.AnonRateThrottle',
213 'rest_framework.throttling.UserRateThrottle' # 登录频率
214 ),
215 'DEFAULT_THROTTLE_RATES': {
216 'user': '5/m',
217 'anon': '3/m',
218 },
219 # 4. 局部
220 'DEFAULT_THROTTLE_RATES': {
221 'user': '5/m',
222 'anon': '3/m',
223 }
224 }
浙公网安备 33010602011771号