Tastypie自动注销 [英] Tastypie auto log out

问题描述

我是基于Django的1.4.3与Tastypie创建API。我用ApiKey来验证用户身份。作为默认ApiKey不能过期。但是，随着apikey表datetime列创建。甚至当我将其更改为 2010 的一年，关键是仍然有效。

I am creating API based on Django 1.4.3 with Tastypie. I use ApiKey to authenticate users. As default ApiKey cannot be expired. But there is column created with datetime in apikey table. Even when I change it to 2010 year, the key is still valid.

我的问题是如何使创建有用列，禁止访问键超过我们说24小时，以最简单的方式和是否有意义旧的？

My question is how can I make the column created useful and forbid access for keys older than let say 24 hours, in easiest way and does it make sense?

目前，我不知道我怎么能甚至尝试实现这一点。

At the moment I have no idea how I could even try to achieve that.

我不指望现成的解决方案。一些有用的提示。

I don't expect ready solution. Some useful hints.

推荐答案

我找到解决方案通过在ApiKeyAuthentication覆盖方法 get_key 。

I found solution by overriding method get_key in ApiKeyAuthentication.

class MyApiKeyAuthentication(ApiKeyAuthentication):
    def get_key(self, user, api_key):
        """
        Attempts to find the API key for the user. Uses ``ApiKey`` by default
        but can be overridden.
        """
        from tastypie.models import ApiKey

        try:
            api_key = ApiKey.objects.get(user=user, key=api_key)
            current_time = datetime.utcnow()
            current_time = current_time.replace(tzinfo=pytz.utc)

            week = timedelta(7)

            if not (current_time - api_key.created) < week:
                api_key.delete()
                return self._unauthorized()
            else:
                api_key.created = current_time
                api_key.save()

        except ApiKey.DoesNotExist:
            return self._unauthorized()

        return True

这篇关于Tastypie自动注销的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！