python_restframework

(1) 取出访问者ip
(2) 判断当前ip不在访问字典里，添加进去，并且直接返回True,表示第一次访问，在字典里，继续往下走
(3) 循环判断当前ip的列表，有值，并且当前时间减去列表的最后一个时间大于60s，把这种数据pop掉，这样列表中只有60s以内的访问时间，
(4) 判断，当列表小于3，说明一分钟以内访问不足三次，把当前时间插入到列表第一个位置，返回True，顺利通过
(5) 当大于等于3，说明一分钟内访问超过三次，返回False验证失败

def dispatch(self, request, *args, **kwargs):
    try:
        # 进入初始化
        self.initial(request, *args, **kwargs)

APIview下的方法
def initial(self, request, *args, **kwargs):
    # 认证
    self.perform_authentication(request)
    # 进入权限
    self.check_permissions(request)
    # --> 频率
    self.check_throttles(request)

def check_throttles(self, request):
    """
    Check if request should be throttled.
    Raises an appropriate exception if the request is throttled.
    """
    # 循环的是列表
    for throttle in self.get_throttles():
        # 返回结果true or false， false就继续执行
        if not throttle.allow_request(request, self):
            # 视图类的三个参数， self, request，  
            # throttle.wait()： 最后wait返回的数字
            self.throttled(request, throttle.wait())

def get_throttles(self):
    """
    Instantiates and returns the list of throttles that this view uses.
    """
    # 跟权限组件一样， 这里循环 return出去的也是一个列表
    return [throttle() for throttle in self.throttle_classes]

# 当返回为false时，说明该用户或订单无此权限,   
# not false为true 继续往下执行, not true就是 false, 不执行下面代码
if not throttle.allow_request(request, self):

# 如果是false 就直接返回这个错误了
def allow_request(self, request, view):
    """
    Return `True` if the request should be allowed, `False` otherwise.
    """
    raise NotImplementedError('.allow_request() must be overridden')

# 继承基础的认证权限， 如果忘了要定义哪个类 直接在这里看也OK

from rest_framework.throttling import BaseThrottle
    # 自定义的组件
    def allow_request(self, request, view):
        raise NotImplementedError('.allow_request() must be overridden')

    def get_ident(self, request):
        xff = request.META.get('HTTP_X_FORWARDED_FOR')
        remote_addr = request.META.get('REMOTE_ADDR')
        num_proxies = api_settings.NUM_PROXIES

        if num_proxies is not None:
            if num_proxies == 0 or xff is None:
                return remote_addr
            addrs = xff.split(',')
            client_addr = addrs[-min(num_proxies, len(addrs))]
            return client_addr.strip()

        return ''.join(xff.split()) if xff else remote_addr
    # 最后要返回的时间或者其它
    def wait(self):
        return None

class MyPermission(BasePermission):
    # 前台返回的错误
    message = "您没有权限, 请先联系下管理员增加权限"
    # 获取权限
    def has_permission(self,request, view):
        # 认证组件， 返回的request.user
        print("permission: ", request.user.permission)
        if request.user.permission > 1:
            # 如果大于就是true， 在第3步，if not true 等于false就不执行它了
            return True
        return False

class FirstThrottle(BaseThrottle):
    get_ip = {}

    def __init__(self):
        self.history = None
        self.ip = None
        self.ctime = time.time()

    def allow_request(self, request, view):
        :param request: 浏览器请求过来的数据
        :param view: apiview视图
        :return: true or false

        # 1、取出访问者的IP
        client_ip = request.META.get("REMOTE_ADDR")
        self.ip = client_ip
        # 2、判断不存在的话添加到字典 并将时间也一并添加进去
        if client_ip not in self.get_ip:
            self.get_ip[client_ip] = [self.ctime, ]
            return True
        # 获取当前IP的访问时间记录
        self.history = self.get_ip[client_ip]

        # 3、 开始循环判断, 如果最后一个大于60秒就直接干掉
        while self.history and self.ctime - self.history[-1] > 60:
            self.history.pop()

        if len(self.history) < 3:
            self.history.insert(0, self.ctime)
            return True
        return False

    def wait(self):
        last_time = self.ctime - self.history[-1] - 10
        if last_time == 0:
            self.get_ip[self.ip].clear()
        return last_time

# settings.py文件中定义， 所有的组件都可以放在这里

REST_FRAMEWORK = {
    "DEFAULT_THROTTLE_CLASSES": [
        'app01.myauth.FirstThrottle',  # 全局使用权限
    ]
}

类中直接使用 
    throttle_classes = [FirstThrottle, ]

类中直接使用 
    throttle_classes = []

class SimpleRateThrottle(BaseThrottle):
    cache = default_cache
    # 获取时间
    timer = time.time
    cache_format = 'throttle_%(scope)s_%(ident)s'
    # 这个是在setting中设置的 DEFAULT_THROTTLE_RATES的字典key， 必须得定义
    scope = None
    THROTTLE_RATES = api_settings.DEFAULT_THROTTLE_RATES

    # 初始化，
    def __init__(self):
        # 首先就是先判断 rate是否为空, 如果是false为空，就进入self.get_rate 
        if not getattr(self, 'rate', None):
            # 直接输出错误
            self.rate = self.get_rate()
        # 如果上一步通过，就继续进入这里 9.2    
        self.num_requests, self.duration = self.parse_rate(self.rate)
        # 也就是说执行完9.2之后 获取到的结果就是
        # self.num_requests, self.duration = (10,60)

def get_rate(self):
    # scope 这个值在类中必须被定义成 settings中定义的值 如thro_rate
    if not getattr(self, 'scope', None):
        msg = ("You must set either `.scope` or `.rate` for '%s' throttle" %
        self.__class__.__name__)
        raise ImproperlyConfigured(msg)
    try:
        # 在配置文件中 将thro_rate 取出， 返回 10/m
        return self.THROTTLE_RATES[self.scope]
    except KeyError:
        msg = "No default throttle rate set for '%s' scope" % self.scope
        raise ImproperlyConfigured(msg)

def parse_rate(self, rate):
    """
    Given the request rate string, return a two tuple of:
    <allowed number of requests>, <period of time in seconds>
    """
    # 这个是在setting中设置的 DEFAULT_THROTTLE_RATES的字典设置为空，就直接返回none,none
    if rate is None:
        return (None, None)
    # 这里的rate就是就是get_rate取出来的10/m 然后切割它
    num, period = rate.split('/')
    num_requests = int(num)
    # 定义如果是m就是60秒，然后字典中直接取值这里是m取出来的就是60
    duration = {'s': 1, 'm': 60, 'h': 3600, 'd': 86400}[period[0]]
    # 最后返回它俩
    return (num_requests, duration)

def get_cache_key(self, request, view):
    """
    # 应返回可用于限制的唯一缓存键。
    Should return a unique cache-key which can be used for throttling.
    # 必须要重写， 否则调用SimpleRateThrottle也会直接报错
    Must be overridden.

    May return `None` if the request should not be throttled.
    """
    raise NotImplementedError('.get_cache_key() must be overridden')

class FirstThrottle(SimpleRateThrottle):
    # 这里会调用 self.get_rate那个函数，返回的就是 10/m了
    scope = "thro_rate"

    # 如果不重新定义就会报错， 因为它得从缓存中找出 ip地址
    def get_cache_key(self, request, view):
        # 返回空也行， 也会有倒计时
        return self.get_ident(request)
        # "detail": "Request was throttled. Expected available in 56 seconds."

def check_throttles(self, request):
    """
    Check if request should be throttled.
    Raises an appropriate exception if the request is throttled.
    """
    for throttle in self.get_throttles():
        if not throttle.allow_request(request, self):
            # 如果不存在 就进入到 throttled中
            self.throttled(request, throttle.wait())

def throttled(self, request, wait):
    """
    If request is throttled, determine what kind of exception to raise.
    """
    # 返回错误信息
    raise exceptions.Throttled(wait)

class Throttled(APIException):
    status_code = status.HTTP_429_TOO_MANY_REQUESTS
    default_detail = _('Request was throttled.')
    extra_detail_singular = 'Expected available in {wait} second.'
    extra_detail_plural = 'Expected available in {wait} seconds.'

from app01.SelfThrottle import FirstThrottle
from rest_framework import exceptions

class Thor(APIView):
    # 局部使用
    throttle_classes = [FirstThrottle, ]

    def get(self, request, *args, **kwargs):
        return HttpResponse("ok")

    # 需要注意的是 这里需要在视图类的重写方法，或继承
    def throttled(self, request, wait):
        class Myerrors(exceptions.Throttled):
            default_detail = "超出频率限制"
            extra_detail_singular = '请 {wait} 秒后在访问.'
            extra_detail_plural = '请 {wait} 秒后在访问.'

        raise Myerrors(wait)