使用Django Rest Framework作为安全层进行文件系统处理 [英] Using Django Rest Framework as security layer for file system processing

问题描述

我正在尝试保护远程服务器文件系统免受未经授权的用户的侵害。
我在另一台服务器上有一个远程存储，用于存储和处理来自各种进程的PDF和PNG。

I'm trying to protect my remote server file system from unauthorized users. I have a remote storage on a different server that store and process PDF's and PNG's from all kind of processes.

我在Django 1.8中使用Python 2.7和Django Rest Framework。

I'm using Python 2.7 with Django 1.8 and Django Rest Framework.

我试图实现非常基本的代理层，使我可以控制谁使用文件系统。

I trying to implement very basic, "Proxy Layer" that will give my control on who ever use file system.

这是我的 view.py ：

from django.conf import settings

from rest_framework.views import APIView
from rest_framework.response import Response
from rest_framework import permissions

import requests

class Reports(APIView):
    permission_classes = (permissions.AllowAny,)  #Thats only for now...

    def get(self, request, ssn, validity, file):
        response = requests.get(settings.PROXY_BASE_URL + "/reports/" + ssn + "/" + validity + "/" + file)
        return Response(response)

此概念适用于任何其他 GET POST PUT Delete 请求是基于文本的响应（例如，来自远程服务器的json响应）。

This concept works for any other GET POST PUT DELETE request that is text based response (For example json response from the remote server).

我的问题是当我调用此视图时，在浏览器中获得了默认值REST方法定义页面。

My problem is when I call this view, I get in the browser the default REST method definition page.

这是响应屏幕截图

推荐答案

正如@AlexMorozov在他的评论中所说，您应该恢复为 HttpResponse 。
您可以通过浏览以下 Django Snippet 来查看。

As @AlexMorozov said in his comment, you should revert back to HttpResponse. You can see by exploring this Django Snippet.

这是我看到的代码：

from django.conf import settings

from rest_framework.views import APIView
from rest_framework.response import Response
from rest_framework import permissions

from django.http import HttpResponse

import requests
import mimetypes


class Reports(APIView):
    permission_classes = (permissions.AllowAny,)

    def get(self, request, ssn, validity, file):
        response = requests.get(settings.PROXY_BASE_URL + "/reports/" + ssn + "/" + validity + "/" + file)
        mimetype = mimetypes.guess_type(settings.PROXY_BASE_URL + "/reports/" + ssn + "/" + validity + "/" + file) #Return an array
        return HttpResponse(response, content_type=mimetype[0])

尝试一下。祝你好运：）

Give it a go. Good luck :)

这篇关于使用Django Rest Framework作为安全层进行文件系统处理的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！