用户验证----jwt生成token,及token解析 Python Flask

参考链接:https://www.cnblogs.com/lowmanisbusy/p/10930856.html

1. 能使,但不规范

from flask import Flask, request
import jwt
import time

app = Flask(__name__)

account = {
    "username": 'li',
    "pwd": '123456'
}


# 定义token生成
def get_token(username):
    token_dict = {'iat': int(time.time()),  # token的生成时间
                  'username': username,  # 自定义参数,用户名
                  'exp': int(time.time()) + 20000  # token的有效截至时间
                  }
    headers = {'alg': "HS256"}
    jwt_token = jwt.encode(token_dict,
                           "zkjy_label_data_platform123",
                           algorithm='HS256',
                           headers=headers
                           )  # .decode('ascii')
    return jwt_token


# 定义解析token
def parse_token():
    data = 'token 错误!'
    try:
        token = request.form['token']
        data = jwt.decode(token, 'zkjy_label_data_platform123', algorithms=['HS256'])
        return data
    except:
        return data


def decorator_parse_token(func):
    def new_func():
        token_info = parse_token()
        if token_info == 'token 错误!':
            return token_info
        else:
            return func()

    return new_func


@app.route('/login', methods=['POST'])
def login():
    username = request.form['username']
    pwd = request.form['pwd']

    if username == account['username'] and pwd == account['pwd']:
        token = get_token(username)
        return '登陆成功!' + str(token)
    else:
        return '登陆失败!'


@app.route('/register', methods=['POST'])
def register():
    username = request.form['username']
    pwd = request.form['pwd']

    account['username'] = username
    account['pwd'] = pwd
    return '注册成功!'


@app.route('/func', methods=['POST'])
@decorator_parse_token
def func():
    return 'token验证成功,返回有效信息 --> 123456789!'


if __name__ == '__main__':
    app.run(host='127.0.0.1', port=5000, debug=True)

2. 规范

后端代码

# -*- coding: utf-8 -*-
from flask import Flask, g, request
from flask_httpauth import HTTPTokenAuth
from itsdangerous import TimedJSONWebSignatureSerializer as Serializer

app = Flask(__name__)
app.config['SECRET_KEY'] = 'secret key here'
auth = HTTPTokenAuth(scheme='Bearer')
# 实例化一个签名序列化对象 serializer,有效期 10 分钟
serializer = Serializer(app.config['SECRET_KEY'], expires_in=600)
users = ['john', 'susan']
# 生成 token
for user in users:
    token = serializer.dumps({'username': user})
    print('Token for {}: {}\n'.format(user, token))


# 回调函数,对 token 进行验证
@auth.verify_token
def verify_token(token):
    g.user = None
    try:
        data = serializer.loads(token)
    except:
        return False
    if 'username' in data:
        g.user = data['username']
        return True
    return False


# 对视图进行认证
@app.route('/')
@auth.login_required
def index():
    return "Hello, %s!" % g.user



@app.route('/get_uid', methods=['POST'])
@auth.login_required
def get_uid():
    name = request.form['name']
    return "Hello, %s!" % g.user + str(info_dict[name])

info_dict = {"li":1}
if __name__ == '__main__':
    app.run()

postman请求测试

未完待续…

评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值