HTTPBasic:需要在HTTP请求的头部设置一个固定的键值对key=Authorization,value=basic base64(account:psd) 
Last updated
Was this helpful?
Was this helpful?
from sqlalchemy import inspect, Column, Integer, String, SmallInteger, orm
from werkzeug.security import generate_password_hash, check_password_hash
from app.libs.erro_code import NotFound, AuthFailed
from app.models.base import Base , db #, MixinJSONSerializer
import datetime
class User(Base):
id = Column(Integer, primary_key=True)
email = Column(String(24), unique=True, nullable=False)
nickname = Column(String(24), unique=True)
auth = Column(SmallInteger, default=1) # 做层级的标志
_password = Column('password', String(100))
def keys(self):
return ['id', 'email', 'nickname', 'auth']
@property
def password(self):
return self._password # 对密码的处理
@password.setter
def password(self, raw):
self._password = generate_password_hash(raw) # 对密码的处理
@staticmethod
def register_by_email(nickname, account, secret):
with db.auto_commit():
user = User()
user.nickname = nickname
user.email = account
user.password = secret
db.session.add(user)
@staticmethod
def verify(email, password):
user = User.query.filter_by(email=email).first_or_404() # 查询出当前用户
if not user:
raise NotFound(msg = 'user not found...')
if not user.check_password(password): # 检验密码
raise AuthFailed() #抛出异常
return {'uid': user.id} #成功,返回uid
def check_password(self, raw): # 密码检验
if not self._password:
return False
return check_password_hash(self._password, raw)from app.libs.redprint import Redprint
from flask import current_app
from app.libs.enums import ClientTypeEnum
from app.models.user import User
from app.validators.forms import ClientForm
from itsdangerous import TimedJSONWebSignatureSerializer as Serializer
from flask import jsonify
api = Redprint('token') # 实例化一个Redprint
@api.route('', methods=['POST']) # 路由注册
# 返回token的试图函数,这里稍微破坏一下REST的规则,由于登录操作密码安全性较高,使用GET的话会泄漏
def get_token():
form = ClientForm().validate_for_api() # 同注册过程,不同client 区分
promise = {
ClientTypeEnum.USER_EMAIL: User.verify, #验证 # 在 user中编写 verify
# ClientTypeEnum.USER_MINA: __register_user_by_MINA
}
# 拿到用户信息
identity = promise[form.type.data](
form.account.data,
form.secret.data
)
# 调用函数生成token
expiration = current_app.config['TOKEN_EXPIRATION'] #过期时间
token = generator_auth_token(identity['uid'],
form.type.data,
None,
expiration=expiration)
t = {
'token': token.decode('utf-8') # 因为是byte
}
return jsonify(t), 201 # 返回 json 字典
def generator_auth_token(uid, ac_type, scope=None,expiration=7200):
"""生成令牌 ,拿到uid,client类型,权限作用域,过期时间"""
s = Serializer(current_app.config['SECRET_KEY'],expires_in=expiration) # expires_in 生成令牌的有效期
return s.dumps({
'uid': uid,
'type': ac_type.value
}) # 将想写入的信息以字典形式写入令牌TOKEN_EXPIRATION = 30 * 24 * 3600from app.libs.erro import APIException
class ClientTypeErro(APIException):
code = 400
msg = 'client is invalid'
erro_code = 1006
class ParameterException(APIException):
code = 400
msg = 'invalid parameter'
erro_code = 1000
# 将成功返回也当作一中 APIException,来优化代码
class Success(APIException):
code = 201
msg = 'ok'
erro_code = 0
class ServerError(APIException):
code = 500
msg = 'sorry,we made a mistaake'
erro_code = 999
class NotFound(APIException):
code = 404
msg = 'the resource are not found O__O...'
error_code = 1001
class AuthFailed(APIException):
code = 401
error_code = 1005
msg = 'authorization failed'
class Forbidden(APIException):
code = 403
error_code = 1004
msg = 'forbidden, not in scope'from flask import Blueprint
from app.api.v1 import user, book ,client ,token
# 创建一个Bluerint,把Redprint注册到Blueprint上,并传入Redprint一个前缀'/book
def create_blueprint_v1():
bp_v1 = Blueprint('v1', __name__)
user.api.register(bp_v1) # , url_prefix='/uesr')
book.api.register(bp_v1) # ,url_prefix='/book')
client.api.register(bp_v1)
token.api.register(bp_v1)
return bp_v1from flask_httpauth import HTTPBasicAuth
auth = HTTPBasicAuth()
@auth.verify_password
def verify_password(account, password):
passfrom app.libs.redprint import Redprint
from app.libs.token_auth import auth
api = Redprint('user')
#@api.route('/get') URL中不应该包含动词
@api.route('',methods = ['GET'])
@auth.login_required
def get_user():
return 'get_user'# 编写一个验证token的装饰器
from flask_httpauth import HTTPBasicAuth
from flask import current_app, g
from itsdangerous import TimedJSONWebSignatureSerializer as Serializer, BadSignature, \
SignatureExpired
from collections import namedtuple
from app.libs.erro_code import AuthFailed
auth = HTTPBasicAuth()
User = namedtuple('User', ['uid', 'ac_type', 'scope'])
# @auth.verify_password
# def verify_password(account, password):
# # 需要在HTTP请求的头部设置一个固定的键值对
# # key=Authorization,value=basic base64(account:psd)
# # imwl@live.com:12345678 编码后 aW13bEBsaXZlLmNvbToxMjM0NTY3OA==
# # key=Authorization,value=basic aW13bEBsaXZlLmNvbToxMjM0NTY3OA==
# return True
@auth.verify_password
def verify_password(token, password):
user_info = verify_auth_token(token) # token 赋值给 user_info
if not user_info:
return False
else:
g.user = user_info # g 变量 ,代理模式
return True
def verify_auth_token(token):
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token) # 解密 token
# token不合法抛出的异常
except BadSignature:
raise AuthFailed(msg='token is valid', erro_code=1002)
# token过期抛出的异常
except SignatureExpired:
raise AuthFailed(msg='token is expired', erro_code=1003)
uid = data['uid']
ac_type = data['type'] # 生成令牌的时候写入了 uid ac_type
return User(uid, ac_type, '') # 定义对象式 接口返回回去 ,scope 先返回为空字符串from app.libs.redprint import Redprint
from app.libs.token_auth import auth
from app.models.user import User
from app.models.base import db
from flask import jsonify
api = Redprint('user')
#@api.route('/get') URL中不应该包含动词
@api.route('/<int:uid>', methods = ['GET']) # 获取到用户的uid
@auth.login_required
def get_user(uid): # 接收 uid
user = User.query.get_or_404 (uid) # 获取到用户,用get_or_404简化判断用户是否存在
# 因为get_or_404 抛出的不是APIException,所以要重写
# query 属性下的方法
r = {
'nickname':user.nickname,
'email':user.email,
'password':user.password
} # 追求更好的写法from datetime import datetime
from flask_sqlalchemy import SQLAlchemy as _SQLAlchemy, BaseQuery
from sqlalchemy import Column, Integer, SmallInteger
from contextlib import contextmanager
class SQLAlchemy(_SQLAlchemy):
@contextmanager
def auto_commit(self):
try:
yield
self.session.commit()
except Exception as e:
db.session.rollback()
raise e
from app.libs.erro_code import NotFound
class Query(BaseQuery):
def filter_by(self, **kwargs):
if 'status' not in kwargs.keys():
kwargs['status'] = 1
return super(Query, self).filter_by(**kwargs)
# 仿照源码改写get_or_404,覆盖原来的 get_or_404]
def get_or_404(self, ident):
"""Like :meth:`get` but aborts with 404 if not found instead of returning ``None``."""
rv = self.get(ident)
if rv is None:
raise NotFound()
return rv
def first_or_404(self):
rv = self.first()
if rv is None:
raise NotFound()
return rv
db = SQLAlchemy(query_class=Query)
class Base(db.Model):
__abstract__ = True
create_time = Column(Integer)
status = Column(SmallInteger, default=1)
def __init__(self):
self.create_time = int(datetime.now().timestamp())
@property
def create_datetime(self):
if self.create_time:
return datetime.fromtimestamp(self.create_time)
else:
return None
def set_attrs(self, attrs_dict):
for key, value in attrs_dict.items():
if hasattr(self, key) and key != 'id':
setattr(self, key, value)
def delete(self):
self.status = 0@api.route('/secret', methods=['POST'])
def get_token_info():
"""获取令牌信息"""
form = TokenForm().validate_for_api()
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(form.token.data, return_header=True)
except SignatureExpired:
raise AuthFailed(msg='token is expired', error_code=1003)
except BadSignature:
raise AuthFailed(msg='token is invalid', error_code=1002)
r = {
'scope': data[0]['scope'],
'create_at': data[1]['iat'],
'expire_in': data[1]['exp'],
'uid': data[0]['uid']
}
return jsonify(r)