1.认证和安全
import tornado. ioloop
import tornado. web
from pycket. session import SessionMixin
class BaseHandler ( tornado. web. RequestHandler, SessionMixin) :
'''
实现用户认证, 重写 get_current_user() 方法来判断当前用户,比如可以基于cookie的值
'''
def get_current_user ( self) :
return self. session. get( 't_cookie' )
class MainHandler ( BaseHandler) :
'''
如果存在cookie才会执行这个get请求,不存在就会跳转到登录页面
'''
@tornado. web. authenticated
def get ( self) :
user = self. session. get( 't_cookie' )
return self. write( '欢迎{}' . format ( user) )
class FormsHandler ( BaseHandler) :
def get ( self) :
user = self. session. get( 't_cookie' )
return self. render( 'forms.html' , user= user, e= '' )
def post ( self) :
username = self. get_argument( 'username' , '' )
password = self. get_argument( 'password' , '' )
if username and password:
if username == '123' and password == '456' :
self. session. set ( 't_cookie' , username)
next = self. get_argument( 'next' , '/' )
return self. redirect( next )
else :
return self. render( 'forms.html' , e= '用户名或密码错误' , user= '' )
else :
return self. render( 'forms.html' , e= '用户名或密码不能为空' , user= '' )
def make_app ( ) :
return tornado. web. Application( [
( r"/" , MainHandler) ,
( r"/f" , FormsHandler) ,
] ,
debug= True ,
cookie_secret= 'sadhdjh' ,
xsrf_cookies= True ,
pycket= {
'engine' : 'redis' ,
'storage' : {
'host' : '127.0.0.1' ,
'port' : 6379 ,
'db_sessions' : 10 ,
'max_connections' : 2 ** 31 ,
} ,
'cookies' : {
'expires_days' : 2 ,
} ,
} ,
login_url= '/f' ,
static_path= '../static' ,
template_path= '../template' ,
)
if __name__ == "__main__" :
app = make_app( )
app. listen( 8888 )
tornado. ioloop. IOLoop. current( ) . start( )
2.HTML页面
< !DOCTYPE html>
< html lang= "en" >
< head>
< meta charset= "UTF-8" >
< title> 登录< / title>
< / head>
< body>
{ % if e % }
< h3> { { e } } < / h3>
{ % end % }
< br>
{ % if user % }
< h2> 欢迎{ { user } } < / h2>
{ % else % }
< form action= "" method= "post" >
{ % module xsrf_form_html( ) % } < !- - 跨站请求伪造( 防护) - - >
账号:< input type = "text" name= "username" > < br>
密码:< input type = "password" name= "password" > < br>
< button type = "submit" > 登录< / button>
< / form>
{ % end % }
< / body>
< / html>