add authentication token_expire

Author: tcitry

README.md

@@ -43,15 +43,27 @@ set `API_PERMISSION_CONF` in your settings.py as a dict.
 
 ```python
 API_PERMISSION_CONF = {
-    'API_PREFIX': ['api/topic/'], # default is /api/
+    'API_PREFIX': ['api/topic/'], # default is /
     'PERMISSION_DENIED_CODE': 1, # default is 1
     'AUTHORIZATION_HEADER': 'HTTP_AUTHORIZATION', # default is HTTP_AUTHORIZATION
-    'ADMIN_SITE_PATH': '/admin/' # default is /admin/
+    'ADMIN_SITE_PATH': '/admin/', # default is /admin/
+    'TOKEN_EXPIRE': 15, # unit is days, default is None, which won't check token expire.
 }
 ```
 
 You can custom `API_PREFIX` as a str like `'/'` or list like `['api/account', 'api/topic']`.
 
+** When you set `TOKEN_EXPIRE`, you need add below in your `REST_FRAMEWORK` settings. **
+
+```python
+REST_FRAMEWORK = {
+    'DEFAULT_AUTHENTICATION_CLASSES': (
+        ...
+        'api_permission.authentication.ExpireTokenAuthentication',
+    ),
+}
+```
+
 ## 3. Demo
 
 ### 3.1 list

api_permission/api_settings.py

@@ -2,7 +2,8 @@
 
 API_PERMISSION_CONF = getattr(settings, "API_PERMISSION_CONF", {})
 
-API_PREFIX = API_PERMISSION_CONF.get('API_PREFIX', ['/api/'])
+API_PREFIX = API_PERMISSION_CONF.get('API_PREFIX', ['/'])
 PERMISSION_DENIED_CODE = API_PERMISSION_CONF.get('PERMISSION_DENIED_CODE', 1)
 AUTHORIZATION_HEADER = API_PERMISSION_CONF.get('AUTHORIZATION_HEADER', 'HTTP_AUTHORIZATION')
 ADMIN_SITE_PATH = API_PERMISSION_CONF.get('ADMIN_SITE_PATH', '/admin/')
+TOKEN_EXPIRE = API_PERMISSION_CONF.get('TOKEN_EXPIRE', None)

api_permission/authentication.py

@@ -0,0 +1,27 @@
+import datetime
+
+from django.conf import settings
+from django.utils import timezone
+from django.utils.translation import ugettext_lazy as _
+from rest_framework import exceptions
+from rest_framework.authentication import TokenAuthentication
+from .api_settings import TOKEN_EXPIRE
+
+
+class ExpireTokenAuthentication(TokenAuthentication):
+    def authenticate_credentials(self, key):
+        model = self.get_model()
+        try:
+            token = model.objects.select_related('user').get(key=key)
+        except model.DoesNotExist:
+            raise exceptions.AuthenticationFailed(_('Token not exists.'))
+
+        if not token.user.is_active:
+            raise exceptions.AuthenticationFailed(_('User not active or deleted.'))
+
+        if TOKEN_EXPIRE:
+            assert type(TOKEN_EXPIRE) == int, "TOKEN_EXPIRE type must be Int"
+            if timezone.now() > token.created + datetime.timedelta(days=int(TOKEN_EXPIRE)):
+                raise exceptions.AuthenticationFailed(_('Token has expired'))
+
+        return (token.user, token)