class Authentication(BaseAuthentication):

    def authenticate(self,request):

        token=request._request.GET.get("token")

        token_obj=UserToken.objects.filter(token=token).first()

        if not token_obj:

            raise exceptions.AuthenticationFailed("验证失败!")

        return (token_obj.user,token_obj)

def get_random_str(user):

    import hashlib,time

    ctime=str(time.time())

    md5=hashlib.md5(bytes(user,encoding="utf8"))

    md5.update(bytes(ctime,encoding="utf8"))

    return md5.hexdigest()

from app01.service.auth import *

from django.http import JsonResponse

class LoginViewSet(APIView):

    authentication_classes = [Authentication,]

    def post(self,request,*args,**kwargs):

        res={"code":1000,"msg":None}

        try:

            user=request._request.POST.get("user")

            pwd=request._request.POST.get("pwd")

            user_obj=UserInfo.objects.filter(user=user,pwd=pwd).first()

            print(user,pwd,user_obj)

            if not user_obj:

                res["code"]=1001

                res["msg"]="用户名或者密码错误"

            else:

                token=get_random_str(user)

                UserToken.objects.update_or_create(user=user_obj,defaults={"token":token})

                res["token"]=token

        except Exception as e:

            res["code"]=1002

            res["msg"]=e

        return JsonResponse(res,json_dumps_params={"ensure_ascii":False})

REST_FRAMEWORK={

    "DEFAULT_AUTHENTICATION_CLASSES":["app01.service.auth.Authentication",]

}　　

from rest_framework.permissions import BasePermission

class SVIPPermission(BasePermission):

    message="SVIP才能访问!"

    def has_permission(self, request, view):

        if request.user.user_type==3:

            return True

        return False

from app01.service.permissions import *

class BookViewSet(generics.ListCreateAPIView):

    permission_classes = [SVIPPermission,]

    queryset = Book.objects.all()

    serializer_class = BookSerializers

REST_FRAMEWORK={

    "DEFAULT_AUTHENTICATION_CLASSES":["app01.service.auth.Authentication",],

    "DEFAULT_PERMISSION_CLASSES":["app01.service.permissions.SVIPPermission",]

}

from rest_framework.throttling import BaseThrottle

VISIT_RECORD={}

class VisitThrottle(BaseThrottle):

    def __init__(self):

        self.history=None

    def allow_request(self,request,view):

        remote_addr = request.META.get('REMOTE_ADDR')

        print(remote_addr)

        import time

        ctime=time.time()

        if remote_addr not in VISIT_RECORD:

            VISIT_RECORD[remote_addr]=[ctime,]

            return True

        history=VISIT_RECORD.get(remote_addr)

        self.history=history

        while history and history[-1]<ctime-60:

            history.pop()

        if len(history)<3:

            history.insert(0,ctime)

            return True

        else:

            return False

    def wait(self):

        import time

        ctime=time.time()

        return 60-(ctime-self.history[-1])

from app01.service.throttles import *

class BookViewSet(generics.ListCreateAPIView):

    throttle_classes = [VisitThrottle,]

    queryset = Book.objects.all()

    serializer_class = BookSerializers

REST_FRAMEWORK={

    "DEFAULT_AUTHENTICATION_CLASSES":["app01.service.auth.Authentication",],

    "DEFAULT_PERMISSION_CLASSES":["app01.service.permissions.SVIPPermission",],

    "DEFAULT_THROTTLE_CLASSES":["app01.service.throttles.VisitThrottle",]

}

class VisitThrottle(SimpleRateThrottle):

    scope="visit_rate"

    def get_cache_key(self, request, view):

        return self.get_ident(request)

REST_FRAMEWORK={

    "DEFAULT_AUTHENTICATION_CLASSES":["app01.service.auth.Authentication",],

    "DEFAULT_PERMISSION_CLASSES":["app01.service.permissions.SVIPPermission",],

    "DEFAULT_THROTTLE_CLASSES":["app01.service.throttles.VisitThrottle",],

    "DEFAULT_THROTTLE_RATES":{

        "visit_rate":"5/m",

    }

}