add login limit
Showing
3 changed files
with
28 additions
and
5 deletions
src/apps/account/consts.py
0 → 100644
| 1 | from common.mixins import GenericView | 1 | from common.mixins import GenericView |
| 2 | from rest_framework import status | ||
| 2 | from rest_framework_jwt.views import ObtainJSONWebToken | 3 | from rest_framework_jwt.views import ObtainJSONWebToken |
| 3 | from common import response | 4 | from common import response |
| 5 | from common.redis_cache import redis_handler as rh | ||
| 6 | from .consts import LOGIN_TIMES_LIMIT_EXPIRES, LOGIN_TIMES_LIMIT | ||
| 4 | 7 | ||
| 5 | # Create your views here. | 8 | # Create your views here. |
| 6 | 9 | ||
| ... | @@ -8,17 +11,22 @@ from common import response | ... | @@ -8,17 +11,22 @@ from common import response |
| 8 | class LoginView(ObtainJSONWebToken, GenericView): | 11 | class LoginView(ObtainJSONWebToken, GenericView): |
| 9 | 12 | ||
| 10 | def post(self, request, *args, **kwargs): | 13 | def post(self, request, *args, **kwargs): |
| 14 | user_name = request.data.get('username', '') | ||
| 15 | times = rh.get_login_times(user_name) | ||
| 16 | if isinstance(times, int) and times >= LOGIN_TIMES_LIMIT: | ||
| 17 | raise self.invalid_params(msg="重试次数限制") | ||
| 18 | |||
| 11 | res = super(LoginView, self).post(request, *args, **kwargs) | 19 | res = super(LoginView, self).post(request, *args, **kwargs) |
| 12 | self.running_log.info('[users.login] username: %s' % request.data.get('username')) | 20 | self.running_log.info('[users.login] username: {0}'.format(user_name)) |
| 13 | 21 | ||
| 14 | if res.status_code == 400: | 22 | if res.status_code == status.HTTP_400_BAD_REQUEST: |
| 23 | rh.set_login_times(user_name, LOGIN_TIMES_LIMIT_EXPIRES) | ||
| 15 | raise self.invalid_params(msg="用户名或密码错误") | 24 | raise self.invalid_params(msg="用户名或密码错误") |
| 16 | serializer = self.get_serializer(data=request.data) | 25 | serializer = self.get_serializer(data=request.data) |
| 17 | serializer.is_valid() | 26 | # serializer.is_valid() |
| 18 | user = serializer.object.get('user') | 27 | user = serializer.object.get('user') |
| 19 | user_id = user.id | ||
| 20 | data = { | 28 | data = { |
| 21 | 'user_id': user_id, | 29 | 'user_id': user.id, |
| 22 | 'user_name': user.username, | 30 | 'user_name': user.username, |
| 23 | 'token': res.data.get('token'), | 31 | 'token': res.data.get('token'), |
| 24 | } | 32 | } | ... | ... |
| ... | @@ -38,6 +38,7 @@ class RedisHandler: | ... | @@ -38,6 +38,7 @@ class RedisHandler: |
| 38 | self.session_id_key = '{0}:session_id'.format(self.prefix) | 38 | self.session_id_key = '{0}:session_id'.format(self.prefix) |
| 39 | self.cms_token_key = '{0}:cms_token'.format(self.prefix) | 39 | self.cms_token_key = '{0}:cms_token'.format(self.prefix) |
| 40 | self.ecm_token_key = '{0}:ecm_token'.format(self.prefix) | 40 | self.ecm_token_key = '{0}:ecm_token'.format(self.prefix) |
| 41 | self.login_limit_key = '{0}:login_limit'.format(self.prefix) | ||
| 41 | 42 | ||
| 42 | def enqueue(self, tasks, is_priority=False): | 43 | def enqueue(self, tasks, is_priority=False): |
| 43 | # 1 | 44 | # 1 |
| ... | @@ -71,3 +72,14 @@ class RedisHandler: | ... | @@ -71,3 +72,14 @@ class RedisHandler: |
| 71 | def set_ecm_token(self, token, expires=None): | 72 | def set_ecm_token(self, token, expires=None): |
| 72 | return self.redis.set(self.ecm_token_key, token, expires) | 73 | return self.redis.set(self.ecm_token_key, token, expires) |
| 73 | 74 | ||
| 75 | def get_login_times(self, user_name): | ||
| 76 | if user_name == '': | ||
| 77 | return None | ||
| 78 | return self.redis.get('{0}:{1}'.format(self.login_limit_key, user_name)) | ||
| 79 | |||
| 80 | def set_login_times(self, user_name, expires=None): | ||
| 81 | key = '{0}:{1}'.format(self.login_limit_key, user_name) | ||
| 82 | self.redis.incr(key) | ||
| 83 | if isinstance(expires, int): | ||
| 84 | self.redis.expire(key, expires) | ||
| 85 | ... | ... |
-
Please register or sign in to post a comment