HTTPBasic认证说明
网站开发中还有一种HTTPBasic认证的方法。它的表现形式就是在访问网站时,网站会跳出一个对话框,需要你输入相应的用户名和密码。只有在用户名和密码都正确的情况下,才能够打开该网页。
如下图,访问这个网站的时候,会跳出一个认证窗口,要求输入用户名和密码。
示意图:
代码实现
# 导入secrets用于进行字符串比较
import secrets
from fastapi import Depends,FastAPI,HTTPException,status
from fastapi.security import HTTPBasic,HTTPBasicCredentials
app = FastAPI()
# 创建HTTPBasic实例对象,作为依赖项,实现弹窗效果
security = HTTPBasic()
# HTTPBasicCredentials是HTTPBasic()返回类型,包含录入的username和password信息
def get_current_username(credentials:HTTPBasicCredentials=Depends(security)):
# 对获取的username和password进行utf8编码
current_username_bytes = credentials.username.encode("utf8")
username_in_db_bytes = b"fakeuser"
# 防止黑客攻击,利用secrets的compare_digest方法比较录入值和正确值是否一致
is_correct_username = secrets.compare_digest(username_in_db_bytes,current_username_bytes)
if is_correct_username:
current_pwd_bytes = credentials.password.encode("utf8")
pwd_in_db_bytes = b"fakepwd"
is_corrent_pwd = secrets.compare_digest(pwd_in_db_bytes,current_pwd_bytes)
if is_corrent_pwd:
return credentials.username
else:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Incorrent username or pwd",
headers={"WWW-Authenticate":"Basic"}
)
else:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Incorrent username or pwd",
headers={"WWW-Authenticate":"Basic"}
)
# 定义需要认证的路径
@app.get("/users/me")
def read_current_user(username:str=Depends(get_current_username)):
return {
"username":username
}
# 定义不需要认证的路径
@app.get("/item/{item_id}")
def get_item(item_id:int):
return{
"item_id":item_id
}
if __name__ == '__main__':
import uvicorn
uvicorn.run(app='basicAuth:app',host='127.0.0.1',port=8080,reload=True)
测试结果
当录入正确的用户名和密码时得到正确的回复。
录入错误的用户信息时,产生报错。