一,安装第三方库
auth
$ pip install flask-httpauthjwt
$ pip install Authlib二,代码:
from flask import Blueprint,jsonify,render_template,request
from flask import request, Flask, redirect, url_for, render_template,abort,gfrom flask import g
from flask_httpauth import HTTPBasicAuth, HTTPTokenAuthfrom helpers.utils import failed_response, success_responsefrom authlib.jose import jwt, JoseErrorbasic_auth = HTTPBasicAuth()auth = Blueprint('auth', __name__)@basic_auth.verify_password
def verify_password(username, password):'''用于检查用户提供的用户名和密码'''key = "a1b2c3!"print("username:"+username)print("password:" + password)if password == '':token = username# 检查token是否合法try:data = jwt.decode(token, key)print(data)g.current_user = data['username']return Trueexcept JoseError:return Falseif username!='lhd' or password!='123':return Falseg.current_user = usernamereturn True@basic_auth.error_handler
def basic_auth_error():'''用于在认证失败的情况下返回错误响应'''return failed_response(500,'密码验证错误')@auth.route('/login', methods=['POST'])
@basic_auth.login_required
def login():"""用户登录"""print("当前用户:"+g.current_user)# 默认: 90天, 90*24*60*60 = 7776000 秒expired_time = 7776000data = {'token': generate_auth_token(g.current_user,operation=expired_time).decode(),'username': g.current_user}return success_response(data)@auth.route('/info', methods=['GET'])
@basic_auth.login_required
def info():print("当前用户:"+g.current_user)data = {'username': g.current_user}return success_response(data)def generate_auth_token(username, operation):# 签名算法header = {'alg': 'HS256'}# 用于签名的密钥key = "a1b2c3!"# 待签名的数据负载data = {'username': username, 'operation': operation}return jwt.encode(header=header, payload=data, key=key)三,测试 效果 :
得到token
注意此处的basic后面的字符串是lhd:123做了base64编码
用token访问info
注意此处Basic后面的字符串是token加上: 做了base64编码
)
