Tastypie自动注销 [英] Tastypie auto log out
问题描述
我是基于Django的1.4.3与Tastypie创建API。我用ApiKey来验证用户身份。作为默认ApiKey不能过期。但是,随着apikey表datetime列创建
。甚至当我将其更改为 2010
的一年,关键是仍然有效。
I am creating API based on Django 1.4.3 with Tastypie. I use ApiKey to authenticate users. As default ApiKey cannot be expired. But there is column created
with datetime in apikey table. Even when I change it to 2010
year, the key is still valid.
我的问题是如何使创建有用列,禁止访问键超过我们说24小时,以最简单的方式和是否有意义旧的?
My question is how can I make the column created
useful and forbid access for keys older than let say 24 hours, in easiest way and does it make sense?
目前,我不知道我怎么能甚至尝试实现这一点。
At the moment I have no idea how I could even try to achieve that.
我不指望现成的解决方案。一些有用的提示。
I don't expect ready solution. Some useful hints.
推荐答案
我找到解决方案通过在ApiKeyAuthentication覆盖方法 get_key
。
I found solution by overriding method get_key
in ApiKeyAuthentication.
class MyApiKeyAuthentication(ApiKeyAuthentication):
def get_key(self, user, api_key):
"""
Attempts to find the API key for the user. Uses ``ApiKey`` by default
but can be overridden.
"""
from tastypie.models import ApiKey
try:
api_key = ApiKey.objects.get(user=user, key=api_key)
current_time = datetime.utcnow()
current_time = current_time.replace(tzinfo=pytz.utc)
week = timedelta(7)
if not (current_time - api_key.created) < week:
api_key.delete()
return self._unauthorized()
else:
api_key.created = current_time
api_key.save()
except ApiKey.DoesNotExist:
return self._unauthorized()
return True
这篇关于Tastypie自动注销的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!