快速限流

限流,限制用户访问频率,例如:用户1分钟最多访问100次 或者 短信验证码一天每天可以发送50次, 防止盗刷。

  • 对于匿名用户,使用用户IP作为唯一标识。
  • 对于登录用户,使用用户ID或名称作为唯一标识。
  1. 缓存={
  2.     用户标识:[12:33,12:32,12:31,12:30,12,]    1小时/5   12:34   11:34
  3. {
  1. pip3 install django-redis

先启动redis
image.png
配置参考 https://pypi.org/project/django-redis/

  1. # settings.py
  2. CACHES = {
  3.     "default": {
  4.         "BACKEND": "django_redis.cache.RedisCache",
  5.         "LOCATION": "redis://127.0.0.1:6379",
  6.         "OPTIONS": {
  7.             "CLIENT_CLASS": "django_redis.client.DefaultClient",
  8.             "PASSWORD": "",  # redis默认密码为空
  9.         }
  10.     }
  11. }
  1. # views.py
  3. from rest_framework.views import APIView
  4. from rest_framework.response import Response
  5. from rest_framework import exceptions
  6. from rest_framework import status
  7. from rest_framework.throttling import SimpleRateThrottle
  8. from django.core.cache import cache as default_cache
  11. class ThrottledException(exceptions.APIException):
  12.     status_code = status.HTTP_429_TOO_MANY_REQUESTS
  13.     default_code = 'throttled'
  16. class MyRateThrottle(SimpleRateThrottle):
  17.     cache = default_cache  # 访问记录存放在django的缓存中(需设置缓存)
  18.     scope = "user"  # 构造缓存中的key
  19.     cache_format = 'throttle_%(scope)s_%(ident)s'
  21.     # 设置访问频率,例如:1分钟允许访问10次
  22.     # 其他:'s', 'sec', 'm', 'min', 'h', 'hour', 'd', 'day'
  23.     THROTTLE_RATES = {"user": "10/m"}
  25.     def get_cache_key(self, request, view):
  26.         if request.user:
  27.             ident = request.user.pk  # 用户ID
  28.         else:
  29.             ident = self.get_ident(request)  # 获取请求用户IP(去request中找请求头)
  31.         # throttle_u # throttle_user_11.11.11.11ser_2
  33.         return self.cache_format % {'scope': self.scope, 'ident': ident}
  35.     def throttle_failure(self):
  36.         wait = self.wait()
  37.         detail = {
  38.             "code": 1005,
  39.             "data": "访问频率限制",
  40.             'detail': "需等待{}s才能访问".format(int(wait))
  41.         }
  42.         raise ThrottledException(detail)
  45. class OrderView(APIView):
  46.     throttle_classes = [MyRateThrottle, ]
  48.     def get(self, request):
  49.         return Response({"code": 0, "data": "数据..."})

image.png

多个限流类

本质,每个限流的类中都有一个 allow_request 方法,此方法内部可以有三种情况

  • 返回True,表示当前限流类允许访问,继续执行后续的限流类。
  • 返回False,表示当前限流类不允许访问,继续执行后续的限流类。所有的限流类执行完毕后,读取所有不允许的限流,并计算还需等待的时间。
  • 抛出异常,表示当前限流类不允许访问,后续限流类不再执行。

注意:多个限流类,scope的值不能相同。

写法一(推荐)

所有的限流类执行完后,再返回报错

  1. # views.py
  3. from rest_framework.views import APIView
  4. from rest_framework.response import Response
  5. from rest_framework import exceptions
  6. from rest_framework import status
  7. from rest_framework.throttling import SimpleRateThrottle
  8. from django.core.cache import cache as default_cache
  11. class ThrottledException(exceptions.APIException):
  12.     status_code = status.HTTP_429_TOO_MANY_REQUESTS
  13.     default_code = 'throttled'
  16. class MyRateThrottle(SimpleRateThrottle):
  17.     cache = default_cache  # 访问记录存放在django的缓存中(需设置缓存)
  18.     scope = "user"  # 构造缓存中的key
  19.     cache_format = 'throttle_%(scope)s_%(ident)s'
  21.     # 设置访问频率,例如:1分钟允许访问10次
  22.     # 其他:'s', 'sec', 'm', 'min', 'h', 'hour', 'd', 'day'
  23.     THROTTLE_RATES = {"user": "10/m"}
  25.     def get_cache_key(self, request, view):
  26.         if request.user:
  27.             ident = request.user.pk  # 用户ID
  28.         else:
  29.             ident = self.get_ident(request)  # 获取请求用户IP(去request中找请求头)
  31.         # throttle_u # throttle_user_11.11.11.11ser_2
  33.         return self.cache_format % {'scope': self.scope, 'ident': ident}
  36. class MyRateThrottleB(SimpleRateThrottle):
  37.     cache = default_cache  # 访问记录存放在django的缓存中(需设置缓存)
  38.     scope = "xx"  # 构造缓存中的key
  39.     cache_format = 'throttle_%(scope)s_%(ident)s'
  41.     # 设置访问频率,例如:1分钟允许访问3次
  42.     # 其他:'s', 'sec', 'm', 'min', 'h', 'hour', 'd', 'day'
  43.     THROTTLE_RATES = {"xx": "3/m"}
  45.     def get_cache_key(self, request, view):
  46.         if request.user:
  47.             ident = request.user.pk  # 用户ID
  48.         else:
  49.             ident = self.get_ident(request)  # 获取请求用户IP(去request中找请求头)
  51.         # throttle_u # throttle_user_11.11.11.11ser_2
  53.         return self.cache_format % {'scope': self.scope, 'ident': ident}
  56. class OrderView(APIView):
  57.     throttle_classes = [MyRateThrottle, ]
  59.     def get(self, request):
  60.         return Response({"code": 0, "data": "数据..."})
  62.     def throttled(self, request, wait):
  63.         detail = {
  64.             "code": 1005,
  65.             "data": "访问频率",
  66.             'detail': "需等待{}s才能访问".format(int(wait))
  67.         }
  68.         raise ThrottledException(detail)

写法二

前面的限流类执行完后,马上返回报错

  1. class ThrottledException(exceptions.APIException):
  2.     status_code = status.HTTP_429_TOO_MANY_REQUESTS
  3.     default_code = 'throttled'
  6. class MyRateThrottle(SimpleRateThrottle):
  7.     cache = default_cache  # 访问记录存放在django的缓存中(需设置缓存)
  8.     scope = "user"  # 构造缓存中的key
  9.     cache_format = 'throttle_%(scope)s_%(ident)s'
  11.     # 设置访问频率,例如:1分钟允许访问10次
  12.     # 其他:'s', 'sec', 'm', 'min', 'h', 'hour', 'd', 'day'
  13.     THROTTLE_RATES = {"user": "10/m"}
  15.     def get_cache_key(self, request, view):
  16.         if request.user:
  17.             ident = request.user.pk  # 用户ID
  18.         else:
  19.             ident = self.get_ident(request)  # 获取请求用户IP(去request中找请求头)
  21.         # throttle_u # throttle_user_11.11.11.11ser_2
  23.         return self.cache_format % {'scope': self.scope, 'ident': ident}
  25.     def throttle_failure(self):
  26.         wait = self.wait()
  27.         detail = {
  28.             "code": 1005,
  29.             "data": "访问频率限制",
  30.             'detail': "需等待{}s才能访问".format(int(wait))
  31.         }
  32.         raise ThrottledException(detail)
  35. class MyRateThrottleB(SimpleRateThrottle):
  36.     cache = default_cache  # 访问记录存放在django的缓存中(需设置缓存)
  37.     scope = "xx"  # 构造缓存中的key
  38.     cache_format = 'throttle_%(scope)s_%(ident)s'
  40.     # 设置访问频率,例如:1分钟允许访问10次
  41.     # 其他:'s', 'sec', 'm', 'min', 'h', 'hour', 'd', 'day'
  42.     THROTTLE_RATES = {"xx": "20/h"}
  44.     def get_cache_key(self, request, view):
  45.         if request.user:
  46.             ident = request.user.pk  # 用户ID
  47.         else:
  48.             ident = self.get_ident(request)  # 获取请求用户IP(去request中找请求头)
  50.         # throttle_u # throttle_user_11.11.11.11ser_2
  52.         return self.cache_format % {'scope': self.scope, 'ident': ident}
  54.     def throttle_failure(self):
  55.         wait = self.wait()
  56.         detail = {
  57.             "code": 1005,
  58.             "data": "访问频率限制",
  59.             'detail': "需等待{}s才能访问".format(int(wait))
  60.         }
  61.         raise ThrottledException(detail)
  64. class OrderView(APIView):
  65.     throttle_classes = [MyRateThrottle, MyRateThrottleB]
  67.     def get(self, request):
  68.         return Response({"code": 0, "data": "数据..."})

image.png

全局配置

  1. REST_FRAMEWORK = {
  2.     "DEFAULT_THROTTLE_CLASSES":["xxx.xxx.xx.限流类", ],
  3.     "DEFAULT_THROTTLE_RATES": {
  4.         "user": "10/m",
  5.         "xx":"100/h"
  6.     }
  7. }