A Django api permission manager that helps you custom api url in regular expression and control access.
pip install django-api-permission
INSTALLED_APPS = [
...
'api_permission',
...
]
MIDDLEWARE = [
'django.contrib.sessions.middleware.SessionMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
...
'api_permission.middleware.APIPermCheckMiddleware',
]./manage.py migrate api_permission
set API_PERMISSION_CONF in your settings.py as a dict.
API_PERMISSION_CONF = {
'API_PREFIX': ['api/topic/'], # default is /
'PERMISSION_DENIED_CODE': 1, # default is 1
'AUTHORIZATION_HEADER': 'HTTP_AUTHORIZATION', # default is HTTP_AUTHORIZATION
'ADMIN_SITE_PATH': '/admin/', # default is /admin/
'TOKEN_EXPIRE': 15, # unit is days, default is None, which won't check token expire.
}You can custom API_PREFIX as a str like '/' or list like ['api/account', 'api/topic'].
When you set TOKEN_EXPIRE, you need add below in your REST_FRAMEWORK settings.
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
...
'api_permission.authentication.ExpireTokenAuthentication',
),
}
