参考链接:https://www.cnblogs.com/lowmanisbusy/p/10930856.html
1. 能使,但不规范
from flask import Flask, request
import jwt
import time
app = Flask(__name__)
account = {
"username": 'li',
"pwd": '123456'
}
# 定义token生成
def get_token(username):
token_dict = {'iat': int(time.time()), # token的生成时间
'username': username, # 自定义参数,用户名
'exp': int(time.time()) + 20000 # token的有效截至时间
}
headers = {'alg': "HS256"}
jwt_token = jwt.encode(token_dict,
"zkjy_label_data_platform123",
algorithm='HS256',
headers=headers
) # .decode('ascii')
return jwt_token
# 定义解析token
def parse_token():
data = 'token 错误!'
try:
token = request.form['token']
data = jwt.decode(token, 'zkjy_label_data_platform123', algorithms=['HS256'])
return data
except:
return data
def decorator_parse_token(func):
def new_func():
token_info = parse_token()
if token_info == 'token 错误!':
return token_info
else:
return func()
return new_func
@app.route('/login', methods=['POST'])
def login():
username = request.form['username']
pwd = request.form['pwd']
if username == account['username'] and pwd == account['pwd']:
token = get_token(username)
return '登陆成功!' + str(token)
else:
return '登陆失败!'
@app.route('/register', methods=['POST'])
def register():
username = request.form['username']
pwd = request.form['pwd']
account['username'] = username
account['pwd'] = pwd
return '注册成功!'
@app.route('/func', methods=['POST'])
@decorator_parse_token
def func():
return 'token验证成功,返回有效信息 --> 123456789!'
if __name__ == '__main__':
app.run(host='127.0.0.1', port=5000, debug=True)
2. 规范
后端代码
# -*- coding: utf-8 -*-
from flask import Flask, g, request
from flask_httpauth import HTTPTokenAuth
from itsdangerous import TimedJSONWebSignatureSerializer as Serializer
app = Flask(__name__)
app.config['SECRET_KEY'] = 'secret key here'
auth = HTTPTokenAuth(scheme='Bearer')
# 实例化一个签名序列化对象 serializer,有效期 10 分钟
serializer = Serializer(app.config['SECRET_KEY'], expires_in=600)
users = ['john', 'susan']
# 生成 token
for user in users:
token = serializer.dumps({'username': user})
print('Token for {}: {}\n'.format(user, token))
# 回调函数,对 token 进行验证
@auth.verify_token
def verify_token(token):
g.user = None
try:
data = serializer.loads(token)
except:
return False
if 'username' in data:
g.user = data['username']
return True
return False
# 对视图进行认证
@app.route('/')
@auth.login_required
def index():
return "Hello, %s!" % g.user
@app.route('/get_uid', methods=['POST'])
@auth.login_required
def get_uid():
name = request.form['name']
return "Hello, %s!" % g.user + str(info_dict[name])
info_dict = {"li":1}
if __name__ == '__main__':
app.run()
postman请求测试
未完待续…