mirror of
https://github.com/encode/django-rest-framework.git
synced 2025-07-11 08:42:23 +03:00
Merge branch 'master' of https://github.com/tomchristie/django-rest-framework
This commit is contained in:
commit
6a6b2c9318
|
@ -44,7 +44,7 @@ You can also set the throttling policy on a per-view or per-viewset basis,
|
||||||
using the `APIView` class based views.
|
using the `APIView` class based views.
|
||||||
|
|
||||||
class ExampleView(APIView):
|
class ExampleView(APIView):
|
||||||
throttle_classes = (UserThrottle,)
|
throttle_classes = (UserRateThrottle,)
|
||||||
|
|
||||||
def get(self, request, format=None):
|
def get(self, request, format=None):
|
||||||
content = {
|
content = {
|
||||||
|
@ -55,7 +55,7 @@ using the `APIView` class based views.
|
||||||
Or, if you're using the `@api_view` decorator with function based views.
|
Or, if you're using the `@api_view` decorator with function based views.
|
||||||
|
|
||||||
@api_view('GET')
|
@api_view('GET')
|
||||||
@throttle_classes(UserThrottle)
|
@throttle_classes(UserRateThrottle)
|
||||||
def example_view(request, format=None):
|
def example_view(request, format=None):
|
||||||
content = {
|
content = {
|
||||||
'status': 'request was permitted'
|
'status': 'request was permitted'
|
||||||
|
@ -72,22 +72,22 @@ The throttle classes provided by REST framework use Django's cache backend. You
|
||||||
|
|
||||||
## AnonRateThrottle
|
## AnonRateThrottle
|
||||||
|
|
||||||
The `AnonThrottle` will only ever throttle unauthenticated users. The IP address of the incoming request is used to generate a unique key to throttle against.
|
The `AnonRateThrottle` will only ever throttle unauthenticated users. The IP address of the incoming request is used to generate a unique key to throttle against.
|
||||||
|
|
||||||
The allowed request rate is determined from one of the following (in order of preference).
|
The allowed request rate is determined from one of the following (in order of preference).
|
||||||
|
|
||||||
* The `rate` property on the class, which may be provided by overriding `AnonThrottle` and setting the property.
|
* The `rate` property on the class, which may be provided by overriding `AnonRateThrottle` and setting the property.
|
||||||
* The `DEFAULT_THROTTLE_RATES['anon']` setting.
|
* The `DEFAULT_THROTTLE_RATES['anon']` setting.
|
||||||
|
|
||||||
`AnonThrottle` is suitable if you want to restrict the rate of requests from unknown sources.
|
`AnonRateThrottle` is suitable if you want to restrict the rate of requests from unknown sources.
|
||||||
|
|
||||||
## UserRateThrottle
|
## UserRateThrottle
|
||||||
|
|
||||||
The `UserThrottle` will throttle users to a given rate of requests across the API. The user id is used to generate a unique key to throttle against. Unauthenticated requests will fall back to using the IP address of the incoming request to generate a unique key to throttle against.
|
The `UserRateThrottle` will throttle users to a given rate of requests across the API. The user id is used to generate a unique key to throttle against. Unauthenticated requests will fall back to using the IP address of the incoming request to generate a unique key to throttle against.
|
||||||
|
|
||||||
The allowed request rate is determined from one of the following (in order of preference).
|
The allowed request rate is determined from one of the following (in order of preference).
|
||||||
|
|
||||||
* The `rate` property on the class, which may be provided by overriding `UserThrottle` and setting the property.
|
* The `rate` property on the class, which may be provided by overriding `UserRateThrottle` and setting the property.
|
||||||
* The `DEFAULT_THROTTLE_RATES['user']` setting.
|
* The `DEFAULT_THROTTLE_RATES['user']` setting.
|
||||||
|
|
||||||
An API may have multiple `UserRateThrottles` in place at the same time. To do so, override `UserRateThrottle` and set a unique "scope" for each class.
|
An API may have multiple `UserRateThrottles` in place at the same time. To do so, override `UserRateThrottle` and set a unique "scope" for each class.
|
||||||
|
@ -113,11 +113,11 @@ For example, multiple user throttle rates could be implemented by using the foll
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
`UserThrottle` is suitable if you want simple global rate restrictions per-user.
|
`UserRateThrottle` is suitable if you want simple global rate restrictions per-user.
|
||||||
|
|
||||||
## ScopedRateThrottle
|
## ScopedRateThrottle
|
||||||
|
|
||||||
The `ScopedThrottle` class can be used to restrict access to specific parts of the API. This throttle will only be applied if the view that is being accessed includes a `.throttle_scope` property. The unique throttle key will then be formed by concatenating the "scope" of the request with the unique user id or IP address.
|
The `ScopedRateThrottle` class can be used to restrict access to specific parts of the API. This throttle will only be applied if the view that is being accessed includes a `.throttle_scope` property. The unique throttle key will then be formed by concatenating the "scope" of the request with the unique user id or IP address.
|
||||||
|
|
||||||
The allowed request rate is determined by the `DEFAULT_THROTTLE_RATES` setting using a key from the request "scope".
|
The allowed request rate is determined by the `DEFAULT_THROTTLE_RATES` setting using a key from the request "scope".
|
||||||
|
|
||||||
|
|
|
@ -98,6 +98,7 @@ For example:
|
||||||
|
|
||||||
from django.contrib.auth.models import User
|
from django.contrib.auth.models import User
|
||||||
from rest_framework import viewsets
|
from rest_framework import viewsets
|
||||||
|
from rest_framework import status
|
||||||
from rest_framework.decorators import action
|
from rest_framework.decorators import action
|
||||||
from rest_framework.response import Response
|
from rest_framework.response import Response
|
||||||
from myapp.serializers import UserSerializer, PasswordSerializer
|
from myapp.serializers import UserSerializer, PasswordSerializer
|
||||||
|
|
|
@ -23,7 +23,7 @@ To guard against these type of attacks, you need to do two things:
|
||||||
|
|
||||||
If you're using `SessionAuthentication` you'll need to include valid CSRF tokens for any `POST`, `PUT`, `PATCH` or `DELETE` operations.
|
If you're using `SessionAuthentication` you'll need to include valid CSRF tokens for any `POST`, `PUT`, `PATCH` or `DELETE` operations.
|
||||||
|
|
||||||
The Django documentation describes how to [include CSRF tokens in AJAX requests][csrf-ajax].
|
In order to make AJAX requests, you need to include CSRF token in the HTTP header, as [described in the Django documentation][csrf-ajax].
|
||||||
|
|
||||||
## CORS
|
## CORS
|
||||||
|
|
||||||
|
|
|
@ -75,6 +75,7 @@ All of the blocks available in the browsable API base template that can be used
|
||||||
* `branding` - Branding section of the navbar, see [Bootstrap components][bcomponentsnav].
|
* `branding` - Branding section of the navbar, see [Bootstrap components][bcomponentsnav].
|
||||||
* `breadcrumbs` - Links showing resource nesting, allowing the user to go back up the resources. It's recommended to preserve these, but they can be overridden using the breadcrumbs block.
|
* `breadcrumbs` - Links showing resource nesting, allowing the user to go back up the resources. It's recommended to preserve these, but they can be overridden using the breadcrumbs block.
|
||||||
* `footer` - Any copyright notices or similar footer materials can go here (by default right-aligned).
|
* `footer` - Any copyright notices or similar footer materials can go here (by default right-aligned).
|
||||||
|
* `script` - JavaScript files for the page.
|
||||||
* `style` - CSS stylesheets for the page.
|
* `style` - CSS stylesheets for the page.
|
||||||
* `title` - Title of the page.
|
* `title` - Title of the page.
|
||||||
* `userlinks` - This is a list of links on the right of the header, by default containing login/logout links. To add links instead of replace, use `{{ block.super }}` to preserve the authentication links.
|
* `userlinks` - This is a list of links on the right of the header, by default containing login/logout links. To add links instead of replace, use `{{ block.super }}` to preserve the authentication links.
|
||||||
|
|
|
@ -147,6 +147,10 @@ The following people have helped make REST framework great.
|
||||||
* Rudolf Olah - [omouse]
|
* Rudolf Olah - [omouse]
|
||||||
* Gertjan Oude Lohuis - [gertjanol]
|
* Gertjan Oude Lohuis - [gertjanol]
|
||||||
* Matthias Jacob - [cyroxx]
|
* Matthias Jacob - [cyroxx]
|
||||||
|
* Pavel Zinovkin - [pzinovkin]
|
||||||
|
* Will Kahn-Greene - [willkg]
|
||||||
|
* Kevin Brown - [kevin-brown]
|
||||||
|
* Rodrigo Martell - [coderigo]
|
||||||
|
|
||||||
Many thanks to everyone who's contributed to the project.
|
Many thanks to everyone who's contributed to the project.
|
||||||
|
|
||||||
|
@ -330,3 +334,7 @@ You can also contact [@_tomchristie][twitter] directly on twitter.
|
||||||
[omouse]: https://github.com/omouse
|
[omouse]: https://github.com/omouse
|
||||||
[gertjanol]: https://github.com/gertjanol
|
[gertjanol]: https://github.com/gertjanol
|
||||||
[cyroxx]: https://github.com/cyroxx
|
[cyroxx]: https://github.com/cyroxx
|
||||||
|
[pzinovkin]: https://github.com/pzinovkin
|
||||||
|
[coderigo]: https://github.com/coderigo
|
||||||
|
[willkg]: https://github.com/willkg
|
||||||
|
[kevin-brown]: https://github.com/kevin-brown
|
||||||
|
|
|
@ -80,7 +80,7 @@ We can easily re-write our existing serializers to use hyperlinking.
|
||||||
highlight = serializers.HyperlinkedIdentityField(view_name='snippet-highlight', format='html')
|
highlight = serializers.HyperlinkedIdentityField(view_name='snippet-highlight', format='html')
|
||||||
|
|
||||||
class Meta:
|
class Meta:
|
||||||
model = models.Snippet
|
model = Snippet
|
||||||
fields = ('url', 'highlight', 'owner',
|
fields = ('url', 'highlight', 'owner',
|
||||||
'title', 'code', 'linenos', 'language', 'style')
|
'title', 'code', 'linenos', 'language', 'style')
|
||||||
|
|
||||||
|
|
|
@ -512,7 +512,7 @@ class EmailField(CharField):
|
||||||
form_field_class = forms.EmailField
|
form_field_class = forms.EmailField
|
||||||
|
|
||||||
default_error_messages = {
|
default_error_messages = {
|
||||||
'invalid': _('Enter a valid e-mail address.'),
|
'invalid': _('Enter a valid email address.'),
|
||||||
}
|
}
|
||||||
default_validators = [validators.validate_email]
|
default_validators = [validators.validate_email]
|
||||||
|
|
||||||
|
|
|
@ -690,7 +690,7 @@ class ModelSerializer(Serializer):
|
||||||
assert field_name in ret, \
|
assert field_name in ret, \
|
||||||
"Noexistant field '%s' specified in `read_only_fields` " \
|
"Noexistant field '%s' specified in `read_only_fields` " \
|
||||||
"on serializer '%s'." % \
|
"on serializer '%s'." % \
|
||||||
(self.__class__.__name__, field_name)
|
(field_name, self.__class__.__name__)
|
||||||
ret[field_name].read_only = True
|
ret[field_name].read_only = True
|
||||||
|
|
||||||
return ret
|
return ret
|
||||||
|
|
|
@ -494,7 +494,7 @@ class CustomValidationTests(TestCase):
|
||||||
}
|
}
|
||||||
serializer = self.CommentSerializerWithFieldValidator(data=wrong_data)
|
serializer = self.CommentSerializerWithFieldValidator(data=wrong_data)
|
||||||
self.assertFalse(serializer.is_valid())
|
self.assertFalse(serializer.is_valid())
|
||||||
self.assertEqual(serializer.errors, {'email': ['Enter a valid e-mail address.']})
|
self.assertEqual(serializer.errors, {'email': ['Enter a valid email address.']})
|
||||||
|
|
||||||
|
|
||||||
class PositiveIntegerAsChoiceTests(TestCase):
|
class PositiveIntegerAsChoiceTests(TestCase):
|
||||||
|
|
Loading…
Reference in New Issue
Block a user