zoukankan      html  css  js  c++  java

  • 权限认证、频率认证

    权限组件

    # app.models.py:表结构
class User(models.Model):
    user = models.CharField(max_length=32)
    password = models.CharField(max_length=32)
    choice = ((1, '超级用户'), (2, '普通用户'), (3, '穷逼用户'))
    type = models.IntegerField(choices=choice, null=True)

    def __str__(self):
        return self.user
# app.auth.py:认证模块
class MyPermission(BasePermission):
    message = '您的权限不够!'
    def has_permission(self, request, view):
        user = request.user
        if user.type == 1:
            return True
        return False
# settings.py
REST_FRAMEWORK = {
    'DEFAULT_PERMISSION_CLASSES': ('app.auth.MyPermission',),
}
# app.views.py
# 在视图类中通过 permission_classes = [] 来局部禁用
class Books(APIView):# 没有局部禁用默认就有
    def get(self, request):
        return Response({
            'status': 0,
            'message': 'ok',
            'results': []
        })

    频率组件

    #app.auth.py:认证模块
class MyRateThrottle(SimpleRateThrottle):
    scope = 'xxx'
    def get_cache_key(self, request, view):
        # return self.get_ident(request)
        return request.META.get('REMOTE_ADDR')
#settings.py:配置文件
REST_FRAMEWORK = {
    'DEFAULT_THROTTLE_RATES': {
        'xxx': '3/m' #格式对应上面的scope
    },
    'DEFAULT_THROTTLE_CLASSES': ('app.auth.MyRateThrottle',),
  #这样设置为全局使用
}
# app.views.py:视图层
class Books(APIView):
    def get(self, request):
        return Response({
            'status': 0,
            'message': 'ok',
            'results': []
        })
    # 自定义错误信息
    def throttled(self, request, wait):
        from rest_framework.exceptions import Throttled
        class MyThrottled(Throttled):
            default_detail = '访问频率过快!'
            extra_detail_plural = '{wait}秒后再试!'
        raise MyThrottled(wait)

    频率组件原理

    class MyThrottle(BaseThrottle):
    # 存放ip与访问时间list的对应关系
    VISIT_RECORD = {}

    def __init__(self):
        # 存放某一访问者历史访问时间的
        self.history = None

    def allow_request(self, request, view):
        # 1) 取出访问者ip
        ip = request.META.get('REMOTE_ADDR')
        # 2) 获取当前时间
        import time
        ctime = time.time()
        # 3) 判断是否是第一次访问
        if ip not in self.VISIT_RECORD:
            self.VISIT_RECORD[ip] = [ctime, ]
            return True
        self.history = self.VISIT_RECORD.get(ip)
        # 4) 当前时间与最开始访问时间间隔超出60s则可以再次访问,移除最开始的访问时间
        while self.history and ctime - self.history[-1] > 60:
            self.history.pop()
        # 5) 访问频率的处理
        if len(self.history) < 3:
            self.history.insert(0, ctime)
            return True
        else:
            return False

    def wait(self):
        import time
        ctime = time.time()
        # 还要等多久才能访问
        return 60 - (ctime - self.history[-1])
  • 相关阅读:
    自定义 Repository 方法
    SpringData_JpaSpecificationExecutor接口
    SpringData_JpaRepository接口
    SpringData_PagingAndSortingRepository接口
    SpringData_CrudRepository接口
    SpringData修改和删除操作
    自定义查询语句SpringData
    SpringData关键字查询练习
    compile——生成ast
    vue-compile概述
  • 原文地址:https://www.cnblogs.com/ShenJunHui6/p/10899025.html
Copyright © 2011-2022 走看看