目录
一、认证
二、权限
三、限制访问频率
四、总结
一、认证(补充的一个点)
认证请求头
1 #!/usr/bin/env python 2 # -*- coding:utf-8 -*- 3 from rest_framework.views import APIView 4 from rest_framework.response import Response 5 from rest_framework.authentication import BaseAuthentication 6 from rest_framework.permissions import BasePermission 7 8 from rest_framework.request import Request 9 from rest_framework import exceptions 10 11 token_list = [ 12 'sfsfss123kuf3j123', 13 'asijnfowerkkf9812', 14 ] 15 16 17 class TestAuthentication(BaseAuthentication): 18 def authenticate(self, request): 19 """ 20 用户认证,如果验证成功后返回元组: (用户,用户Token) 21 :param request: 22 :return: 23 None,表示跳过该验证; 24 如果跳过了所有认证,默认用户和Token和使用配置文件进行设置 25 self._authenticator = None 26 if api_settings.UNAUTHENTICATED_USER: 27 self.user = api_settings.UNAUTHENTICATED_USER() # 默认值为:匿名用户 28 else: 29 self.user = None 30 31 if api_settings.UNAUTHENTICATED_TOKEN: 32 self.auth = api_settings.UNAUTHENTICATED_TOKEN()# 默认值为:None 33 else: 34 self.auth = None 35 (user,token)表示验证通过并设置用户名和Token; 36 AuthenticationFailed异常 37 """ 38 val = request.query_params.get('token') 39 if val not in token_list: 40 raise exceptions.AuthenticationFailed("用户认证失败") 41 42 return ('登录用户', '用户token') 43 44 def authenticate_header(self, request): 45 """ 46 Return a string to be used as the value of the `WWW-Authenticate` 47 header in a `401 Unauthenticated` response, or `None` if the 48 authentication scheme should return `403 Permission Denied` responses. 49 """ 50 pass 51 52 53 class TestPermission(BasePermission): 54 message = "权限验证失败" 55 56 def has_permission(self, request, view): 57 """ 58 判断是否有权限访问当前请求 59 Return `True` if permission is granted, `False` otherwise. 60 :param request: 61 :param view: 62 :return: True有权限;False无权限 63 """ 64 if request.user == "管理员": 65 return True 66 67 # GenericAPIView中get_object时调用 68 def has_object_permission(self, request, view, obj): 69 """ 70 视图继承GenericAPIView,并在其中使用get_object时获取对象时,触发单独对象权限验证 71 Return `True` if permission is granted, `False` otherwise. 72 :param request: 73 :param view: 74 :param obj: 75 :return: True有权限;False无权限 76 """ 77 if request.user == "管理员": 78 return True 79 80 81 class TestView(APIView): 82 # 认证的动作是由request.user触发 83 authentication_classes = [TestAuthentication, ] 84 85 # 权限 86 # 循环执行所有的权限 87 permission_classes = [TestPermission, ] 88 89 def get(self, request, *args, **kwargs): 90 # self.dispatch 91 print(request.user) 92 print(request.auth) 93 return Response('GET请求,响应内容') 94 95 def post(self, request, *args, **kwargs): 96 return Response('POST请求,响应内容') 97 98 def put(self, request, *args, **kwargs): 99 return Response('PUT请求,响应内容')
1 # 2 class MyAuthtication(BasicAuthentication): 3 def authenticate(self, request): 4 token = request.query_params.get('token') #注意是没有GET的,用query_params表示 5 if token == 'zxxzzxzc': 6 return ('uuuuuu','afsdsgdf') #返回user,auth 7 # raise AuthenticationFailed('认证错误') #只要抛出认证错误这样的异常就会去执行下面的函数 8 raise APIException('认证错误') 9 def authenticate_header(self, request): #认证不成功的时候执行 10 return 'Basic reala="api"' 11 12 class UserView(APIView): 13 authentication_classes = [MyAuthtication,] 14 def get(self,request,*args,**kwargs): 15 print(request.user) 16 print(request.auth) 17 return Response('用户列表')