## 1.限制访问频率 - self.check_throttles()
    
    对于未登录用户，可以通过ip地址，对其访问频率进行控制
    流程与用户认证、权限认证相似：
    1.获取节流类
    2.遍历节流类，执行其allow_request()方法（需自行定义）,执行结果由两种：
        倘若允许访问，则返回True
        倘若不允许访问，则返回False，之后系统会自行调用节流类的wait()方法（需自行定义,返回距离下次访问所需时间,单位为秒）。
    

#### self.check_throttles()源码

In [1]:
    def check_throttles(self, request):
        """
        Check if request should be throttled.
        Raises an appropriate exception if the request is throttled.
        """
        throttle_durations = []
        for throttle in self.get_throttles():
            if not throttle.allow_request(request, self):
                throttle_durations.append(throttle.wait())

        if throttle_durations:
            # Filter out `None` values which may happen in case of config / rate
            # changes, see #1438
            durations = [
                duration for duration in throttle_durations
                if duration is not None
            ]

            duration = max(durations, default=None)
            self.throttled(request, duration)

#### 自定义节流类
    由以上源码可以看出，若想自定义一个节流类，只需实现allow_request以及wait方法即可。当然更好的方式为继承BaseThrottle类，其已经实现了一个生成用户唯一标识的方法self.get_ident()（根据用户的ip地址）。

#### 为方便理解，以内置SimpleRateThrottle为例

    SimpleRateThrottle的allow_request方法中调用了get_cache_key方法，该方法需要开发者重写。而在SimpleRateThrottle的子类 -- ScopedRateThrottle中，实现了get_cache_key方法。
    allow_request节流的原理为：
    1.当用户未登录时，以ip地址为key,当用户登录时，则以用户的pk为key。
    2.访问记录保存在默认的缓存系统（可自行配置）中,根据key尝试从缓存中读取浏览记录列表history（列表中保存着最近一次访问及其往前合法时间间隔内的访问记录，这些记录是一个time.time()对象，表示访问时的时间点）。如果缓存中不存在key对应的内容，则返回一个空列表。
    3.将history的最后一个元素（代表距离当前最远的一次访问）与当前时间进行对比，如果超过合法时间间隔，那就删除掉最后一个元素，再将倒数第二个元素与当前时间进行对比。直到与当前时间的间隔小于或等于合法时间间隔，此时history中剩下的元素就是在合法时间间隔内访问的时间点。
    4.计算history的长度，如果大于或等于最大次数，则说明访问过于频繁，应该限制访问，allow_request返回False；如果小于最大限制次数，则允许访问，allow_request返回True

In [None]:
class SimpleRateThrottle(BaseThrottle):
    """
    A simple cache implementation, that only requires `.get_cache_key()`
    to be overridden.

    The rate (requests / seconds) is set by a `rate` attribute on the View
    class.  The attribute is a string of the form 'number_of_requests/period'.

    Period should be one of: ('s', 'sec', 'm', 'min', 'h', 'hour', 'd', 'day')

    Previous request information used for throttling is stored in the cache.
    """
    cache = default_cache
    timer = time.time
    cache_format = 'throttle_%(scope)s_%(ident)s'
    scope = None
    THROTTLE_RATES = api_settings.DEFAULT_THROTTLE_RATES

    def __init__(self):
        if not getattr(self, 'rate', None):
            self.rate = self.get_rate()
        self.num_requests, self.duration = self.parse_rate(self.rate)

    def get_cache_key(self, request, view):
        """
        Should return a unique cache-key which can be used for throttling.
        Must be overridden.

        May return `None` if the request should not be throttled.
        """
        raise NotImplementedError('.get_cache_key() must be overridden')

    def get_rate(self):
        """
        Determine the string representation of the allowed request rate.
        """
        if not getattr(self, 'scope', None):
            msg = ("You must set either `.scope` or `.rate` for '%s' throttle" %
                   self.__class__.__name__)
            raise ImproperlyConfigured(msg)

        try:
            return self.THROTTLE_RATES[self.scope]
        except KeyError:
            msg = "No default throttle rate set for '%s' scope" % self.scope
            raise ImproperlyConfigured(msg)

    def parse_rate(self, rate):
        """
        Given the request rate string, return a two tuple of:
        <allowed number of requests>, <period of time in seconds>
        """
        if rate is None:
            return (None, None)
        num, period = rate.split('/')
        num_requests = int(num)
        duration = {'s': 1, 'm': 60, 'h': 3600, 'd': 86400}[period[0]]
        return (num_requests, duration)

    def allow_request(self, request, view):
        """
        Implement the check to see if the request should be throttled.

        On success calls `throttle_success`.
        On failure calls `throttle_failure`.
        """
        if self.rate is None:
            return True

        self.key = self.get_cache_key(request, view)
        if self.key is None:
            return True

        self.history = self.cache.get(self.key, [])
        self.now = self.timer()

        # Drop any requests from the history which have now passed the
        # throttle duration
        while self.history and self.history[-1] <= self.now - self.duration:
            self.history.pop()
        if len(self.history) >= self.num_requests:
            return self.throttle_failure()
        return self.throttle_success()

    def throttle_success(self):
        """
        Inserts the current request's timestamp along with the key
        into the cache.
        """
        self.history.insert(0, self.now)
        self.cache.set(self.key, self.history, self.duration)
        return True

    def throttle_failure(self):
        """
        Called when a request to the API has failed due to throttling.
        """
        return False

    def wait(self):
        """
        Returns the recommended next request time in seconds.
        """
        if self.history:
            remaining_duration = self.duration - (self.now - self.history[-1])
        else:
            remaining_duration = self.duration

        available_requests = self.num_requests - len(self.history) + 1
        if available_requests <= 0:
            return None

        return remaining_duration / float(available_requests)

#### SimpleRateThrottle频率表示方式

    n/t  表示t单位时间内最多可以访问n次。
    
    n为正整数
    
    t为时间单位，不能含有数字。分别为 s:秒，m:分, h:小时, d: 天。这些单位会统一转换为秒表示。
    
    例如 10/m 表示每分钟最多能访问10次。
    
    如果想完全控制访问频率，则可以继承BaseThrottle，自定义节流控制类。
    
    由上方源码可知，SimpleRateThrottles实例化时会先寻找self.rate属性，倘若没有，则由self.scope属性进行全局获取，并将值赋予self.rate。
    也就是说，self.rate代表频率控制。理解程序如何解析self.rate，需查看self.parse_rate方法：
    def parse_rate(self, rate):
        if rate is None:
            return (None, None)
        num, period = rate.split('/')
        num_requests = int(num)
        duration = {'s': 1, 'm': 60, 'h': 3600, 'd': 86400}[period[0]]
        return (num_requests, duration)
    其通过'/'对self.rate进行分隔，前者为次数，后者为时间范围。

## 2.demo实例

#### 2.1 局部配置

    只需要在节流类中定义一个rate属性即可
    

In [None]:
class UserThrottles(SimpleRateThrottle):

    #  表示每秒只能访问一次
    rate = '1/s'

    def get_cache_key(self, request, view):

        return self.get_ident(request)
    
    
    
class ShowInfo(APIView):

    authentication_classes = [UserAuthentication]
    permission_classes = [UserPermission]
    throttle_classes = [UserThrottles]

    def get(self, request):
        username = request.user.username
        return JsonResponse({"name": username,
                             "info": '有权查看'})

#### 2.2 全局配置
    
    1.在节流类中定义scope属性，该属性为节流名称。具有相同scope属性的节流类，应用同一节流规则。
    2.在settings.py中进行配置，见下方

In [None]:
# settings.py

REST_FRAMEWORK = {
    # 认证配置
    'DEFAULT_AUTHENTICATION_CLASSES': ['api.utils.auth.UserAuthentication',]，
    
    # 权限配置
    'DEFAULT_PERMISSION_CLASSES': ['api.utils.auth.UserPermission']
    
    # 节流配置
    'DEFAULT_THROTTLE_RATES': {
        'user_throttle': '1/s'
    }
}


# views.py

class UserThrottles(SimpleRateThrottle):
    
    # 将会加载settings.py中'user_throttle'对应的值
    scope = 'user_throttle'

    def get_cache_key(self, request, view):

        return self.get_ident(request)
    

class ShowInfo(APIView):

    authentication_classes = [UserAuthentication]
    permission_classes = [UserPermission]
    throttle_classes = [UserThrottles]

    def get(self, request):
        username = request.user.username
        return JsonResponse({"name": username,
                             "info": '有权查看'})