tornado中的身份验证及安全性
import tornado.web
---------------------------------------设置普通cookie的方式-------------------------------
class hahh(tornado.web.RequestHandler):
def get(self):
if not self.get_cookie(“mynamen”):
self.set_cookie(“myname”) #设置cookie
-----------------------------------------设置安全cookie的方式------------------------------
application = tornado.web.Application([
(r"/", MainHandler),
], cookie_secret="_TODO:GENERATE_YOUR_OWN_RANDOM_VALUE_HERE")
class MainHandler(tornado.web.RequestHandler):
def get(self):
if not self.get_secure_cookie(“mycookie”):
self.set_secure_cookie(“mycookie”, “myvalue”)
self.write(“Your cookie was not set yet!”)
else:
self.write(“Your cookie was set!”)
-----------------------------------------------用户安全验证----------------------------
class BaseHandler(tornado.web.RequestHandler):
def get_current_user(self):
return self.get_secure_cookie(“user”)
class MainHandler(BaseHandler):
def get(self):
if not self.current_user:
self.redirect("/login")
return
name = tornado.escape.xhtml_escape(self.current_user)
self.write("Hello, " + name)
class LoginHandler(BaseHandler):
def get(self):
self.write(’’
'Name: ’
‘’
‘’)
def post(self):
self.set_secure_cookie("user", self.get_argument("name"))
self.redirect("/")
application = tornado.web.Application([
(r"/", MainHandler),
(r"/login", LoginHandler),
], cookie_secret="_TODO:GENERATE_YOUR_OWN_RANDOM_VALUE_HERE")
#-------------------------------使用装饰器验证用户是否登录,如果用户未登录则直接跳转到指定的登录界面--------------------
class MainHandler(BaseHandler):
@tornado.web.authenticated
def get(self):
name = tornado.escape.xhtml_escape(self.current_user)
self.write("Hello, " + name)
settings = {
“cookie_secret”: “_TODO:GENERATE_YOUR_OWN_RANDOM_VALUE_HERE”,
“login_url”: “/login”,
}
application = tornado.web.Application([
(r"/", MainHandler),
(r"/login", LoginHandler),
], **settings)