一、頻率簡介 為了控制用戶對某個url的請求 的頻率,比如 ,一分鐘以內,只能訪問三次 二、自定義頻率類,自定義頻率規則 自定義的邏輯 代碼實現: import time 自定義頻率控制 class MyThrottle(): visitor_dic = {} def __init__(self): ...
一、頻率簡介
為了控制用戶對某個url的請求 的頻率,比如 ,一分鐘以內,只能訪問三次
二、自定義頻率類,自定義頻率規則
自定義的邏輯
(1)取出訪問者的ip (2)判斷當前ip不在訪問字典里,添加進去,並且直接返回True,表示第一次訪問,在字典里,繼續往下走 (3)循壞判斷當前ip的列表,有值,並且當前時間減去列表的最後一時間大於60秒,把這種數據pop掉 ,這樣列表中只有 60s以內的訪問時間; (4)判斷,當列表小於3,說明一分鐘 以內訪問次數不足3次,把當前時間插入到列表第一個位置,返回True,順利通過; (5)當大於等於3,說明一分鐘內訪問超過3次,返回 False驗證失敗
代碼實現:
import time 自定義頻率控制 class MyThrottle(): visitor_dic = {} def __init__(self): self.history = None def allow_request(self, request, view): ''' #(1)取出訪問者ip # (2)判斷當前ip不在訪問字典里,添加進去,並且直接返回True,表示第一次訪問,在字典里,繼續往下走 # (3)迴圈判斷當前ip的列表,有值,並且當前時間減去列表的最後一個時間大於60s,把這種數據pop掉,這樣列表中只有60s以內的訪問時間, # (4)判斷,當列表小於3,說明一分鐘以內訪問不足三次,把當前時間插入到列表第一個位置,返回True,順利通過 # (5)當大於等於3,說明一分鐘內訪問超過三次,返回False驗證失敗 } ''' # META:請求所有的東西的字典 # 拿出ip地址 ip = request.META.get('REMOTE_ADDR') # 當前時間 ctime = time.time() # self先從自身找,再到類中找 if ip not in self.visitor_dic: self.visitor_dic[ip] = [ctime, ] return True # 根據當前時間者ip,取出訪問的時間列表 history = self.visitor_dic[ip] # 記錄一下當前訪問的人 self.history = history while history and ctime - history[-1] > 60: history.pop() if len(history) < 3: # 將當前時間放到第0個位置上 history.insert(0, ctime) return True else: return False def wait(self): # 剩餘時間 ctime = time.time() return 60 - (ctime - self.history[-1])View Code
view層
from django.shortcuts import render, HttpResponse from rest_framework import exceptions from rest_framework.views import APIView from app01.myauth import MyThrottle class Test(APIView): throttle_classes = [MyThrottle, ] def get(self, request): return HttpResponse('ok') # 將前端提示信息轉化成 中文 def throttled(self, request, wait): class MyThottled(exceptions.Throttled): default_detail = '傻逼' extra_detail_singular = '還剩{wait}秒' extra_detail_plural = '還剩{wait}秒' raise MyThottled(wait)View Code
三、內置 頻率類 及局部使用
寫一個類,繼承自SimpleRateThrottle,(根據ip限制)問:要根據用戶現在怎麼寫:
from rest_framework.throttling import SimpleRateThrottle class MyThrottle(SimpleRateThrottle): scope = 'luffy' def get_cache_key(self, request, view): return self.get_ident(request)
在settings里配置:(一分鐘訪問三次)
REST_FRAMEWORK = { 'DEFAULT_THROTTLE_RATES':{ 'luffy':'3/m' } }
內置頻率限制類:
BaseThrottle是 所有類的基類:方法:def get_ident(self,request)獲取標識,其實就是獲取ip,自定義的需要繼承它;
AnonRateThrottle:未登錄用戶ip限制,需要配合 auth模塊用
SimpleRateThrottle:重寫此方法 ,可以實現頻率現在,不需要咱們手寫上面自定義的邏輯
UserRateThrottle:登錄用戶頻率限制,這個得配合auth模塊來用
ScopedRateThrottle:應用在局部視圖上的(忽略)
四、原碼分析
def check_throttles(self, request): for throttle in self.get_throttles(): if not throttle.allow_request(request, self): self.throttled(request, throttle.wait()) def throttled(self, request, wait): #拋異常,可以自定義異常,實現錯誤信息的中文顯示 raise exceptions.Throttled(wait)View Code
class SimpleRateThrottle(BaseThrottle): # 咱自己寫的放在了全局變數,他的在django的緩存中 cache = default_cache # 獲取當前時間,跟咱寫的一樣 timer = time.time # 做了一個字元串格式化, cache_format = 'throttle_%(scope)s_%(ident)s' scope = None # 從配置文件中取DEFAULT_THROTTLE_RATES,所以咱配置文件中應該配置,否則報錯 THROTTLE_RATES = api_settings.DEFAULT_THROTTLE_RATES def __init__(self): if not getattr(self, 'rate', None): # 從配置文件中找出scope配置的名字對應的值,比如咱寫的‘3/m’,他取出來 self.rate = self.get_rate() # 解析'3/m',解析成 3 m self.num_requests, self.duration = self.parse_rate(self.rate) # 這個方法需要重寫 def get_cache_key(self, request, view): """ Should return a unique cache-key which can be used for throttling. Must be overridden. May return `None` if the request should not be throttled. """ raise NotImplementedError('.get_cache_key() must be overridden') def get_rate(self): if not getattr(self, 'scope', None): msg = ("You must set either `.scope` or `.rate` for '%s' throttle" % self.__class__.__name__) raise ImproperlyConfigured(msg) try: # 獲取在setting里配置的字典中的之,self.scope是 咱寫的luffy return self.THROTTLE_RATES[self.scope] except KeyError: msg = "No default throttle rate set for '%s' scope" % self.scope raise ImproperlyConfigured(msg) # 解析 3/m這種傳參 def parse_rate(self, rate): """ Given the request rate string, return a two tuple of: <allowed number of requests>, <period of time in seconds> """ if rate is None: return (None, None) num, period = rate.split('/') num_requests = int(num) # 只取了第一位,也就是 3/mimmmmmmm也是代表一分鐘 duration = {'s': 1, 'm': 60, 'h': 3600, 'd': 86400}[period[0]] return (num_requests, duration) # 邏輯跟咱自定義的相同 def allow_request(self, request, view): """ Implement the check to see if the request should be throttled. On success calls `throttle_success`. On failure calls `throttle_failure`. """ if self.rate is None: return True self.key = self.get_cache_key(request, view) if self.key is None: return True self.history = self.cache.get(self.key, []) self.now = self.timer() # Drop any requests from the history which have now passed the # throttle duration while self.history and self.history[-1] <= self.now - self.duration: self.history.pop() if len(self.history) >= self.num_requests: return self.throttle_failure() return self.throttle_success() # 成功返回true,並且插入到緩存中 def throttle_success(self): """ Inserts the current request's timestamp along with the key into the cache. """ self.history.insert(0, self.now) self.cache.set(self.key, self.history, self.duration) return True # 失敗返回false def throttle_failure(self): """ Called when a request to the API has failed due to throttling. """ return False def wait(self): """ Returns the recommended next request time in seconds. """ if self.history: remaining_duration = self.duration - (self.now - self.history[-1]) else: remaining_duration = self.duration available_requests = self.num_requests - len(self.history) + 1 if available_requests <= 0: return None return remaining_duration / float(available_requests)View Code
