rest_framework认证,频率,权限

2025-02-09 技术教程

在views中fromrest_framework.viewsimportAPIViewfromrest_framework.viewsetsimportViewSetMixinimporthashlibimporttimefromapp01importmodelsfromrest_framework.responseimportResponsefromdjango.httpimportJsonResponseclassLogin(ViewSetMixin,APIView):defget_token(self):h6=hashlib.md5()ctime=time.time()h6.update(bytes(str(ctime),encoding='utf-8'))token=h6.hexdigest()returntokendefulogin(self,request):response={'status':100,'msg':'登录成功'}name=request.data.get('name')pwd=request.data.get('pwd')user=models.UserInfo.objects.all().filter(name=name,pwd=pwd).first()ifuser:ret=models.UserToken.objects.all().create(token=self.get_token(),user=user)#登录成功就去数据库中写tokenresponse['token']=self.get_token()else:response['status']=101response['msg']='用户名或密码错误'returnResponse(response)classAuthor(ViewSetMixin,APIView):#局部使用登录认证,频率,权限throttle_classes=[MyThrottle,]authentication_classes=[LoginAuth,]permission_classes=[UserPermission,]defget_authors(self,request):author=models.Author.objects.all()ser=Myser.Authorser(author,many=True)returnResponse(ser.data)#频率错误信息显示defthrottled(self,request,wait):classMyThrottled(exceptions.Throttled):default_detail='×××'extra_detail_singular='还剩{wait}秒.'extra_detail_plural='还剩{wait}秒'在MyAuth中----------------------------------------------------------------------------------------------------fromapp01importmodelsfromrest_frameworkimportexceptionsclassLoginAuth():defauthenticate(self,request):token=request.query_params.get('token')ret=models.UserToken.objects.all().filter(token=token).first()ifret:returnret.user,retelse:raiseexceptions.APIException('认证失败')classUserPermission():#message是出错显示的中文message='您没有权限查看'defhas_permission(self,request,view):user_type=request.user.user_type#取出用户类型对应的文字#固定用法:get_字段名字_display()user_type_name=request.user.get_user_type_display()print(user_type_name)ifuser_type==2:returnTrueelse:returnFalsefromrest_framework.throttlingimportSimpleRateThrottleclassMyThrottle(SimpleRateThrottle):scope='pinglv'defget_cache_key(self,request,view):returnself.get_ident(request)在Myser中---------------------------------------------------------------------------------fromrest_frameworkimportserializersfromapp01importmodelsclassBookser(serializers.ModelSerializer):classMeta:model=models.Bookfields='__all__'classAuthorser(serializers.ModelSerializer):classMeta:model=models.Authorfields='__all__'在setting中-----------------------------------------------------------------------------------------REST_FRAMEWORK={#'DEFAULT_AUTHENTICATION_CLASSES':['app01.MyAuth.LoginAuth',],#认证全局使用#'DEFAULT_PERMISSION_CLASSES':['app01.MyAuth.UserPermission',],#权限全局使用#'DEFAULT_THROTTLE_CLASSES':['app01.MyAuth.MyThrottle',],#频率全局使用#每分钟访问10次'DEFAULT_THROTTLE_RATES':{'pinglv':'10/m'},}