Python Flask框架入门_3.通过token认证验证API的访问权限(数据库版本)
在MySQL数据库day20中创建user表,表结构如下所示:
将用户的token和name写入到数据库表user中:
安装连接mysql数据库的支持包pymysql:
(.venv) PS D:\PythonProject2> pip install pymysql
Looking in indexes: https://pypi.tuna.tsinghua.edu.cn/simple
Requirement already satisfied: pymysql in d:\pythonproject2\.venv\lib\site-packages (1.1.2)
[notice] A new release of pip is available: 25.1.1 -> 25.2
[notice] To update, run: python.exe -m pip install --upgrade pip
(.venv) PS D:\PythonProject2>
(.venv) PS D:\PythonProject2> 将原本代码迭代为从数据库中读取授权码,验证API的访问权限:
import hashlib
import pymysql
from flask import Flask, request, jsonify
app = Flask(__name__)
# 连接MySQL,执行SQL查询语句,返回结果
def fetch_one(sql,params):
conn = pymysql.connect(host='127.0.0.1', port=3306, user='root', passwd='rootpassword', charset="utf8", db='day20')
cursor = conn.cursor()
#cursor.execute("select * from user where token=%s", [token, ])
cursor.execute(sql, params)
result = cursor.fetchone()
cursor.close()
conn.close()
print("result", result)
return result
@app.route("/bili", methods=["POST"])
def bili():
"""
请求URL中携带/bili?token=...
请求的数据格式要求:{ "ordered_string":"......" }
:return:
"""
# 1.token是否为空
token = request.args.get("token")
print("token", token)
if not token:
return jsonify({"status":False , 'error':"认证失败"})
# 从数据库表中读取授权码的情况
# 连接MYSQL执行命令,验证token是否合法
result = fetch_one("select * from user where token=%s", [token, ])
if not result:
return jsonify({"status": False, "error": "认证失败"})
ordered_string = request.json.get("ordered_string")
if not ordered_string:
return jsonify({"status": False, "error": "参数错误"})
# 调用核心算法,生成sign签名
encrypt_string = ordered_string + "560c52ccd288fed045859ed18bffd973"
obj = hashlib.md5(encrypt_string.encode('utf-8'))
sign = obj.hexdigest()
# 返回签名
return jsonify({"status": True, "data": sign})
if __name__ == '__main__':
app.run(host="127.0.0.1",port=5000)通过postman调用带token认证的bili方法示例:
浙公网安备 33010602011771号