jac*_*cob 5 django-rest-framework
在太多身份验证失败后,是否存在锁定IP地址的库存方式?我没有看到内置限制将如何实现这一点,因为限制仅在身份验证和权限成功后启动.
谢谢汤姆.我用以下代码继承了身份验证:
def authenticate(self, request):
#
# first check to see that IP address is not locked out
# due to too many failed authentication requests.
#
auth_failure_key = 'LOGIN_FAILURES_AT_%s' % request.META.get('REMOTE_ADDR')
auth_failures = cache.get(auth_failure_key) or 0
# allow up to 3 failures per hour
if auth_failures >= 3:
raise exceptions.AuthenticationFailed('Locked out: too many authentication failures')
try:
return super(TokenAuthentication, self).authenticate(request)
except exceptions.AuthenticationFailed as e:
# update cache
cache.set(auth_failure_key, auth_failures + 1, 3600)
raise e
| 归档时间: |
|
| 查看次数: |
1407 次 |
| 最近记录: |