django身份认证、权限认证、频率校验使用及源码分析

左手的ㄟ右手 2023-08-17 15:39 107阅读 0赞

# 一. 身份认证源码分析 #

## 1.1 APIView源码的分析 ##

APIView源码之前分析过[https://www.cnblogs.com/maoruqiang/p/11135335.html][https_www.cnblogs.com_maoruqiang_p_11135335.html]，里面主要将request对象进行了封装，提供了额外的方法与属性，同时让装饰的CBV中方法忽略CSRF校验，最后还提供了身份认证、权限认证、频率校验等功能。

# 二. 身份认证源码分析及使用 #

## 2.1 身份认证源码分析 ##

在APIView中的dispatch方法中提供了三大校验：

![1635189-20190912152741286-1590806868.png][]

进入**self.perform\_authentication(request)**方法

![1635189-20190912152934677-609086066.png][]

返回APIView的dispatch方法中：

![1635189-20190912153033819-928574726.png][]

进入**self.initialize\_request(request, \*args, \*\*kwargs)**

**![1635189-20190912153152975-1132459496.png][]**

进入**self.get\_authenticators()**

**![1635189-20190912153358780-1004127905.png][]**

此时继承APIView的类中没有定义该属性，所以看看APIView中有没有

![1635189-20190912153528525-1812818085.png][]

这里进入**api\_settings，搜索**身份认证相关的配置

![1635189-20190912154148280-1849703255.png][]

我们将其复制到django项目中的**settings.py**中：

REST_FRAMEWORK = {
        # 身份认证配置，实际上这是全局配置
         'DEFAULT_AUTHENTICATION_CLASSES': (
            'rest_framework.authentication.SessionAuthentication',
            'rest_framework.authentication.BasicAuthentication',
         )
    }

随后回到requst.user，因为request是Request的对象，所以只需的是Request的user方法

![1635189-20190912154534169-1728836661.png][]

点击进入**self.\_authenticate()**

**![1635189-20190912154930896-611928954.png][]**

这就意味着我们要重写authenticate方法，那么要继承什么类吗，去之前复制到settings.py中默认的两个身份认证类中看看（将字符串复制出来改成导包的形式即可点击进入），随后进入其父类**BaseAuthentication**

![1635189-20190912155913616-36064443.png][]

在应用文件夹下新建myauthenticate.py文件，其中书写如下：

from rest_framework.authentication import BaseAuthentication
    from rest_framework.exceptions import AuthenticationFailed
    from django.contrib import auth
    
    
    # 身份认证组件
    class AuthenticateSybil(BaseAuthentication):
        def authenticate(self, request):
            username = request.data.get('username')
            pwd = request.data.get('password')
            print('身份认证开始', username, pwd)
            user_obj = auth.authenticate(username=username, password=pwd)
            if user_obj:
                # 分别可以使用request.user, request.auth取到
                return user_obj, '认证通过'
            else:
                # 用于认证失败时返回信息给前端
                raise AuthenticationFailed('认证失败')

随便可以全局配置settings.py：

区部配置，在视图类中写即可

from rest_framework.views import APIView
    from rest_framework.response import Response
    from app02.myauthticate import AuthenticateSybil
    # Create your views here.
    
    
    class Test(APIView):
        authentication_classes = [AuthenticateSybil]
        #复制列表为空则是局部忽略校验
        authentication_classes = []
        def post(self, *args, **kwargs):
            print('成功进入视图函数')
            return Response({
        "name": "sybil"})

## 2.2 权限校验源码分析及使用 ##

![1635189-20190912162359400-334418333.png][]

进入**self.check\_permissions(request)**

**![1635189-20190912162711971-1047904328.png][]**

老样子，去api\_settings中搜索权限校验类，看看他们怎么写的

![1635189-20190912162925914-2145588498.png][]

同时看看**permission\_denied**

**![1635189-20190912163209867-81026239.png][]**

同样在myauthenticate.py中书写该认证

from rest_framework.permissions import BasePermission
    
    # 权限认证组件
    class PermissionSybil(BasePermission):
        message = ''
    
        def has_permission(self, request, view):
            print('权限认证开始')
            user_obj = request.user
            if not user_obj.is_superuser:
                self.message = '权限不足'
            else:
                return True

全局配置：

局部配置

class Test(APIView):
        authentication_classes = [AuthenticateSybil]
        #局部配置，如果想忽略校验则将值改为空[]
        permission_classes = [PermissionSybil]
        
        def post(self, *args, **kwargs):
            print('成功进入视图函数')
            return Response({
        "name": "sybil"})

## 2.3 频率校验源码分析及使用 ##

![1635189-20190912163719995-253187214.png][]

进入**self.check\_throttles(request)**

**![1635189-20190912163923376-888216596.png][]**

所以我们需要重写allow\_request方法，点击进入频率校验的父类：

![1635189-20190912164011649-505477637.png][]

父类方法如下：

![1635189-20190912164131162-1056599262.png][]

为了方便，我们使用**SimpleRateThrottle**

![1635189-20190912164343682-1976357654.png][]

该类实例化时会执行**\_\_init\_\_**

**![1635189-20190912164447190-945584722.png][]**

先看看**get\_rate()**方法

![1635189-20190912164612754-159945620.png][]

那么THROTTLE\_RATES是啥，我们看看

![1635189-20190912164643159-691465926.png][]

去api\_settings中查看

![1635189-20190912164704111-393026504.png][]

接下来看看**self.parse\_rate(self.rate)**方法

![1635189-20190912165045221-2099885985.png][]

然后看看频率组件需要重写的**allow\_request**

![1635189-20190912165604427-1357408520.png][]

看看**throttle\_success**

![1635189-20190912165710526-1345152213.png][]

自定义频率组件，这里同样写在myauthenticate.py中

from rest_framework.throttling import SimpleRateThrottle
    
    # 频率校验
    class ThrottleSybil(SimpleRateThrottle):
        scope = 'Isybil'
    
        def get_cache_key(self, request, view):
            # 这里可以直接调用父类的get_ident获取唯一标识
            return super(ThrottleSybil, self).get_ident(request)

全局配置：

REST_FRAMEWORK = {
        # 身份认证配置
         'DEFAULT_AUTHENTICATION_CLASSES': (
            'rest_framework.authentication.SessionAuthentication',
            'rest_framework.authentication.BasicAuthentication',
            'app02.myauthticate.AuthenticateSybil'
         ),
        # 权限认证全局配置
        'DEFAULT_PERMISSION_CLASSES': (
            'rest_framework.permissions.AllowAny',
            'app02.myauthticate.PermissionSybil'
        ),
        # 频率校验全局配置
        'DEFAULT_THROTTLE_CLASSES': (
            'app02.myauthticate.ThrottleSybil',
        ),
        'DEFAULT_THROTTLE_RATES': {
            # 用户Isybil的频率限制，类中scope = 'Isybil'可以获取该限制
            'Isybil': '3/m',
        },
    }

局部配置

from rest_framework.views import APIView
    from rest_framework.response import Response
    from app02.myauthticate import AuthenticateSybil, PermissionSybil, ThrottleSybil
    # Create your views here.
    
    
    class Test(APIView):
        authentication_classes = [AuthenticateSybil]
        permission_classes = [PermissionSybil]
        throttle_classes = [ThrottleSybil]
    
        def post(self, *args, **kwargs):
            print('成功进入视图函数')
            return Response({
        "name": "sybil"})

转载于:https://www.cnblogs.com/maoruqiang/p/11512859.html

[https_www.cnblogs.com_maoruqiang_p_11135335.html]: https://www.cnblogs.com/maoruqiang/p/11135335.html
[1635189-20190912152741286-1590806868.png]: /images/20230810/e203e33e06474542b349ea5e87fc8eff.png
[1635189-20190912152934677-609086066.png]: /images/20230810/015f36b4b23649a88f21dc6ce82ab23e.png
[1635189-20190912153033819-928574726.png]: /images/20230810/1a27bab0827044a9a30b3f3f88216cfe.png
[1635189-20190912153152975-1132459496.png]: /images/20230810/1d63ac4657274b0a853d9580bfb29d92.png
[1635189-20190912153358780-1004127905.png]: /images/20230810/44b9f9bef9c14f2591d94ec85aca8cca.png
[1635189-20190912153528525-1812818085.png]: /images/20230810/3e7c58cdcaaf46ffb03b248537fdd744.png
[1635189-20190912154148280-1849703255.png]: /images/20230810/54660ed601604a269bde4e5e90e6e039.png
[1635189-20190912154534169-1728836661.png]: /images/20230810/da7e39b22d5940d0ac4ad0ac7ff9aef3.png
[1635189-20190912154930896-611928954.png]: /images/20230810/bf67ac42bbcd458b881b057fb68d03ed.png
[1635189-20190912155913616-36064443.png]: /images/20230810/b8e699a2f3cd4ae1b97fbee31111b884.png
[1635189-20190912162359400-334418333.png]: /images/20230810/bae52d056a054131b4a808bb4dec30e4.png
[1635189-20190912162711971-1047904328.png]: /images/20230810/17ae2304d1904b94a2936c4c24307aba.png
[1635189-20190912162925914-2145588498.png]: /images/20230810/6bce6b91b669435aa49c7b58bff42f84.png
[1635189-20190912163209867-81026239.png]: /images/20230810/665746a2fa35452db48cb1f7fa13bd75.png
[1635189-20190912163719995-253187214.png]: /images/20230810/48ac44f5cd3d4fc584389f481491cbb8.png
[1635189-20190912163923376-888216596.png]: /images/20230810/c101384bb43b4bdaab8f82a03c945d9b.png
[1635189-20190912164011649-505477637.png]: /images/20230810/c1ec61159ebd408a954b0bde35a9fe1d.png
[1635189-20190912164131162-1056599262.png]: /images/20230810/033c92feeabf43d6b967ad21bf21e929.png
[1635189-20190912164343682-1976357654.png]: /images/20230810/3fbeabc83bf042f3b2ea3c9eaf3dcae2.png
[1635189-20190912164447190-945584722.png]: /images/20230810/d135c0b0e3ac436599fd22daac0a2a3e.png
[1635189-20190912164612754-159945620.png]: /images/20230810/a31a24223bcb4508a041519a36511f5e.png
[1635189-20190912164643159-691465926.png]: /images/20230810/dda66628277246abbe3cf64ca360cdd4.png
[1635189-20190912164704111-393026504.png]: /images/20230810/d5827345f78a4073823ff0a8ba2c1e06.png
[1635189-20190912165045221-2099885985.png]: /images/20230810/1ab5951738b84b0d998d687b6ff178aa.png
[1635189-20190912165604427-1357408520.png]: /images/20230810/ac37fd005af549c8a7546ace47ef62cc.png
[1635189-20190912165710526-1345152213.png]: /images/20230810/de74162b9a3c420ea6b3e9ba92ab3361.png