Django rest framework工具包简单用法示例

INSTALLED_APPS = [  'django.contrib.admin',  'django.contrib.auth',  'django.contrib.contenttypes',  'django.contrib.sessions',  'django.contrib.messages',  'django.contrib.staticfiles',  'app.apps.AppConfig',  'rest_framework', #注册]

from django.conf.urls import urlfrom django.contrib import adminfrom app import viewsurlpatterns = [  url(r'^admin/', admin.site.urls),  url(r'^auth/', views.AuthView.as_view()), #验证  url(r'^index/', views.IndexView.as_view()), #首页  url(r'^order/', views.OrderView.as_view()), #定单]

from rest_framework.views import APIViewfrom rest_framework.request import Requestfrom django.http import JsonResponse,HttpResponsefrom app.utils.commons import gen_tokenfrom app.utils.auth import LuffyAuthenticationfrom app.utils.throttle import LuffyAnonRateThrottle,LuffyUserRateThrottlefrom app.utils.permission import LuffyPermissionfrom . import modelsclass AuthView(APIView):  """  认证相关视图  由于继承了APIView,所以csrf就没有了，具体的源代码只是有一个装饰器，  加上了csrf_exempt装饰器，屏蔽了csrf  写法是在return的时候csrf_exempt(view) 和@使用装饰器效果是一样的，这种写法还可以写在url路由中。  """  def post(self,request,*args,**kwargs):    """    用户登录功能    :param request:    :param args:    :param kwargs:    :return:    """    ret = {'code': 1000, 'msg': None}    # 默认要返回的信息    user = request.data.get('username')    # 这里的request已经不是原来的request了    pwd = request.data.get('password')    user_obj = models.UserInfo.objects.filter(user=user, pwd=pwd).first()    if user_obj:      tk = gen_token(user) #返回一个哈希过得字符串      #进行token验证      models.Token.objects.update_or_create(user=user_obj, defaults={'token': tk})      # 数据库存入一个token信息      ret['code'] = 1001      ret['token'] = tk    else:      ret['msg'] = "用户名或密码错误"    return JsonResponse(ret)

def gen_token(username):  import time  import hashlib  ctime = str(time.time())  hash = hashlib.md5(username.encode('utf-8'))  hash.update(ctime.encode('utf-8'))  return hash.hexdigest()

class IndexView(APIView):  """  用户认证    http://127.0.0.1:8001/v1/index/?tk=sdfasdfasdfasdfasdfasdf    获取用户传入的Token  首页限制：request.user    匿名：5/m    用户：10/m  """  authentication_classes = [LuffyAuthentication,]  #认证成功返回一个用户名，一个对象，不成功就是None  throttle_classes = [LuffyAnonRateThrottle,LuffyUserRateThrottle]  #访问次数限制，如果合格都为True  def get(self,request,*args,**kwargs):    return HttpResponse('首页')

from rest_framework.authentication import BaseAuthenticationfrom rest_framework import exceptionsfrom app import modelsclass LuffyAuthentication(BaseAuthentication):  def authenticate(self, request):    tk = request.query_params.get('tk')    if not tk:      return (None,None)      # raise exceptions.AuthenticationFailed('认证失败')    token_obj = models.Token.objects.filter(token=tk).first()    if not token_obj:      return (None,None)    return (token_obj.user,token_obj)

from rest_framework.throttling import BaseThrottle,SimpleRateThrottleclass LuffyAnonRateThrottle(SimpleRateThrottle):  scope = "luffy_anon"  def allow_request(self, request, view):    """    Return `True` if the request should be allowed, `False` otherwise.    """    if request.user:      return True    # 获取当前访问用户的唯一标识    self.key = self.get_cache_key(request, view)    # 根据当前用户的唯一标识，获取所有访问记录    # [1511312683.7824545, 1511312682.7824545, 1511312681.7824545]    self.history = self.cache.get(self.key, [])    # 获取当前时间    self.now = self.timer()    # Drop any requests from the history which have now passed the    # throttle duration    while self.history and self.history[-1] <= self.now - self.duration:      self.history.pop()    if len(self.history) >= self.num_requests:  #判断访问次数是否大于限制次数      return self.throttle_failure()    return self.throttle_success() #返回True  def get_cache_key(self, request, view):    return 'throttle_%(scope)s_%(ident)s' % {      'scope': self.scope,      'ident': self.get_ident(request),      # 判断是否为代理等等    }class LuffyUserRateThrottle(SimpleRateThrottle):  scope = "luffy_user"  def allow_request(self, request, view):    """    Return `True` if the request should be allowed, `False` otherwise.    """    if not request.user:  #判断登录直接返回True      return True    # 获取当前访问用户的唯一标识    # 用户对所有页面    # self.key = request.user.user    self.key = request.user.user + view.__class__.__name__    # 用户对单页面的访问限制    # 根据当前用户的唯一标识，获取所有访问记录    # [1511312683.7824545, 1511312682.7824545, 1511312681.7824545]    self.history = self.cache.get(self.key, [])    # 获取当前时间    self.now = self.timer()    # Drop any requests from the history which have now passed the    # throttle duration    while self.history and self.history[-1] <= self.now - self.duration:      self.history.pop()    if len(self.history) >= self.num_requests:  #访问次数的限制      return self.throttle_failure()    return self.throttle_success()  #返回True

from rest_framework.permissions import BasePermissionclass LuffyPermission(BasePermission):  def has_permission(self, request, view):    """    Return `True` if permission is granted, `False` otherwise.    """    if request.user:      return True    return False

class OrderView(APIView):  """  订单页面：只有登录成功后才能访问    - 认证(匿名和用户)    - 权限(用户)    - 限制（）  """  authentication_classes = [LuffyAuthentication, ]  permission_classes = [LuffyPermission,] #登录就返回True  throttle_classes = [LuffyAnonRateThrottle, LuffyUserRateThrottle]  def get(self,request,*args,**kwargs):    return HttpResponse('订单')

REST_FRAMEWORK = {  'UNAUTHENTICATED_USER': None,  'UNAUTHENTICATED_TOKEN': None,  "DEFAULT_THROTTLE_RATES": {    'luffy_anon': '3/m', #匿名用户一分钟访问3次    'luffy_user': '6/m'　　#登录用户一分钟访问6次  },}