来自同一台服务器的TastyPie认证 [英] TastyPie Authentication from the same server

问题描述

我在一个TastyPie中有一个在同一个域上使用的API。我只想允许请求来自我的服务器。

TastyPie有许多不同的认证选项，但是我无法使用会话认证，因为没有人登录一个 API密钥可以在我的脚本中查看。

所以我在想，我可以用某种方式验证一个与 Django csrf令牌。这是可能的任何例子（我搜索）还是有一个我错过的选项？

解决方案

此答案提供以下获取请求IP地址的方法：

  def get_client_ip（request）：
 x_forwarded_for = request.META.get（'HTTP_X_FORWARDED_FOR'）
如果x_forwarded_for ：
 ip = x_forwarded_for.split（'，'）[0] 
 else：
 ip = request.META.get（'REMOTE_ADDR'）
 return ip 
  

您可以尝试将它与自定义的认证类相关联，如下所示：

  class IpAuthentication（Authentication）：
 def is_authenticated（self，request，** kwargs）：
在SETTINGS.ALLOWED_IPS中返回get_client_ip（请求）：
  

您必须填充自己的设置搜索GS.ALLOWED_IPS 列表。然而，这是不是一个万无一失的方法 IP地址可以伪造。

I have an API in TastyPie thats consumed on the same domain. I only want to allow requests to come from my server.

TastyPie has a number of different Authentication options, however I cannot use Session Authentication because no one logs in and a API Key could be view in my script.

So I was thinking that I could somehow validate the post with a with Django csrf token. Is this possible any examples (I've search) or is there an option I have missed?

解决方案

This answer provides the following method to getting the request IP address:

def get_client_ip(request):
    x_forwarded_for = request.META.get('HTTP_X_FORWARDED_FOR')
    if x_forwarded_for:
        ip = x_forwarded_for.split(',')[0]
    else:
        ip = request.META.get('REMOTE_ADDR')
    return ip

You could try coupling this with a custom Authentication class as follows:

class IpAuthentication(Authentication):
    def is_authenticated(self, request, **kwargs):
        return get_client_ip(request) in SETTINGS.ALLOWED_IPS:

You would have to populate your own SETTINGS.ALLOWED_IPS list. This however is not a foolproof method as IP addresses can be faked.

这篇关于来自同一台服务器的TastyPie认证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！