flask: flask-httpauth做登录验证
一,安装第三方库
auth
$ pip install flask-httpauthjwt
$ pip install Authlib二,代码:
from flask import Blueprint,jsonify,render_template,request
from flask import request, Flask, redirect, url_for, render_template,abort,g
from flask import g
from flask_httpauth import HTTPBasicAuth, HTTPTokenAuth
from helpers.utils import failed_response, success_response
from authlib.jose import jwt, JoseError
basic_auth = HTTPBasicAuth()
auth = Blueprint('auth', __name__)
@basic_auth.verify_password
def verify_password(username, password):
'''用于检查用户提供的用户名和密码'''
key = "a1b2c3!"
print("username:"+username)
print("password:" + password)
if password == '':
token = username
# 检查token是否合法
try:
data = jwt.decode(token, key)
print(data)
g.current_user = data['username']
return True
except JoseError:
return False
if username!='lhd' or password!='123':
return False
g.current_user = username
return True
@basic_auth.error_handler
def basic_auth_error():
'''用于在认证失败的情况下返回错误响应'''
return failed_response(500,'密码验证错误')
@auth.route('/login', methods=['POST'])
@basic_auth.login_required
def login():
"""用户登录"""
print("当前用户:"+g.current_user)
# 默认: 90天, 90*24*60*60 = 7776000 秒
expired_time = 7776000
data = {
'token': generate_auth_token(g.current_user,operation=expired_time).decode(),
'username': g.current_user
}
return success_response(data)
@auth.route('/info', methods=['GET'])
@basic_auth.login_required
def info():
print("当前用户:"+g.current_user)
data = {
'username': g.current_user
}
return success_response(data)
def generate_auth_token(username, operation):
# 签名算法
header = {'alg': 'HS256'}
# 用于签名的密钥
key = "a1b2c3!"
# 待签名的数据负载
data = {'username': username, 'operation': operation}
return jwt.encode(header=header, payload=data, key=key)三,测试 效果 :
得到token
注意此处的basic后面的字符串是lhd:123做了base64编码
用token访问info
注意此处Basic后面的字符串是token加上: 做了base64编码
浙公网安备 33010602011771号