对匿名用户采用 IP 控制访问频率,对登录用户采用 用户名 控制访问频率。
from rest_framework.throttling import SimpleRateThrottle class VisitThrottle(SimpleRateThrottle): """匿名用户访问频率限制""" scope = "AnonymousUser" # 随便写的,可以作为key保存在缓存中 def get_cache_key(self, request, view): return self.get_ident(request) class UserThrottle(SimpleRateThrottle): """登录用户访问频率限制""" scope = "LoginUser" def get_cache_key(self, request, view):return request.user
可以配置redis
CACHES = { "default": { "BACKEND": "django_redis.cache.RedisCache", "LOCATION": "redis://127.0.0.1:6379", "OPTIONS": { "CLIENT_CLASS": "django_redis.client.DefaultClient", "CONNECTION_POOL_KWARGS": {"max_connections": 100} # "PASSWORD": "密码", } } }
匿名用户的访问频率限制,这里设置在全站下,如下:
REST_FRAMEWORK = { "DEFAULT_THROTTLE_CLASSES": ["appxx.utils.VisitThrottle"], "DEFAULT_THROTTLE_RATES":{ "AnonymousUser": "3/m", # 匿名用户一分钟可以访问3次,秒(s)、分(m)、时(h)、天(d) "LoginUser": "10/m", # 登录用户一分钟可以访问10次 } }
登录用户的访问频率设置在单独的视图中,而视图依赖身份认证才能辨别用户是否登陆了,所以设置如下:
class BookViewSet(viewsets.ModelViewSet): authentication_classes = [TokenAuthentication] throttle_classes = [UserThrottle] queryset = models.Book.objects.all() serializer_class = serializers.BookSerializer
用户身份认证如下:
from rest_framework import authentication from rest_framework import exceptionsfrom appxx import models class TokenAuthentication(authentication.BaseAuthentication): """身份认证""" def authenticate(self, request): token = request.GET.get("token") obj = models.UserAuthToken.objects.filter(token=token).first() if not obj: raise exceptions.AuthenticationFailed("验证失败!") else: return (obj.user.username, obj.token)