flask_jwt 机制

在前后端分离的趋势下，csrf防护变得越来越困难， 而jwt认证机制正好能避开这个问题。

1,实例化

from flask_jwt import JWT
jwt = JWT()

2,设置必要参数

JWT_SECRET_KEY=xxx

3,实现jwt最基本功能，authenticate 、identity，通过钩子实现

def configure_jwt(jwt):
    """
    configure handlers to flask_jwt
    """

    @jwt.authentication_handler
    def authenticate(account, password):
        """ 
        实现账号的验证逻辑，并返回自定义数据，该数据会在下面identity函数中通过payload['identity']
        取到
        """
        pass
        

    @jwt.identity_handler
    def identity(payload):
        """ 
        接受一个 payload 对象作为参数，并返回根据payload['identity']的值查找对应的信息。返回 
        的数据, current_identity(from jwt import current_identiy)会用到
        """
        pass

4,初始化

from flask import Flask

app = Flask(__name__)
config_jwt(jwt)
jwt.init_app(app)

5,使用

from flask_jwt import jwt_required, current_identity

api.route('api/v1/test', methods=['POST'])
@jwt_required
def api():
    role = current_identity.role
    pass

6, 其他可自定义功能

    def _jwt_error_callback(self, error):
        return self.jwt_error_callback(error)

    def authentication_handler(self, callback):
        """Specifies the identity handler function. This function receives two positional
        arguments. The first being the username the second being the password. It should return an
        object representing an authenticated identity. Example::

            @jwt.authentication_handler
            def authenticate(username, password):
                user = User.query.filter(User.username == username).scalar()
                if bcrypt.check_password_hash(user.password, password):
                    return user

        :param callback: the identity handler function
        """
        self.authentication_callback = callback
        return callback

    def identity_handler(self, callback):
        """Specifies the identity handler function. This function receives one positional argument
        being the JWT payload. For example::

            @jwt.identity_handler
            def identify(payload):
                return User.query.filter(User.id == payload['identity']).scalar()

        :param callback: the identity handler function
        """
        self.identity_callback = callback
        return callback

    def jwt_error_handler(self, callback):
        """Specifies the error handler function. Example::

            @jwt.error_handler
            def error_handler(e):
                return "Something bad happened", 400

        :param callback: the error handler function
        """
        self.jwt_error_callback = callback
        return callback

    def auth_response_handler(self, callback):
        """Specifies the authentication response handler function.

        :param callable callback: the auth response handler function
        """
        self.auth_response_callback = callback
        return callback

    def auth_request_handler(self, callback):
        """Specifies the authentication response handler function.

        :param callable callback: the auth request handler function

        .. deprecated
        """
        warnings.warn("This handler is deprecated. The recommended approach to have control over "
                      "the authentication resource is to disable the built-in  resource by "
                      "setting JWT_AUTH_URL_RULE=None and registering your own authentication "
                      "resource directly on your application.", DeprecationWarning, stacklevel=2)
        self.auth_request_callback = callback
        return callback

    def request_handler(self, callback):
        """Specifieds the request handler function. This function returns a JWT from the current
        request.

        :param callable callback: the request handler function
        """
        self.request_callback = callback
        return callback

    def jwt_encode_handler(self, callback):
        """Specifies the encoding handler function. This function receives a payload and signs it.

        :param callable callback: the encoding handler function
        """
        self.jwt_encode_callback = callback
        return callback

    def jwt_decode_handler(self, callback):
        """Specifies the decoding handler function. This function receives a
        signed payload and decodes it.

        :param callable callback: the decoding handler function
        """
        self.jwt_decode_callback = callback
        return callback

    def jwt_payload_handler(self, callback):
        """Specifies the JWT payload handler function. This function receives the return value from
        the ``identity_handler`` function

        Example::

            @jwt.payload_handler
            def make_payload(identity):
                return {'user_id': identity.id}

        :param callable callback: the payload handler function
        """
        self.jwt_payload_callback = callback
        return callback

    def jwt_headers_handler(self, callback):
        """Specifies the JWT header handler function. This function receives the return value from
        the ``identity_handler`` function.

        Example::

            @jwt.payload_handler
            def make_payload(identity):
                return {'user_id': identity.id}

        :param callable callback: the payload handler function
        """
        self.jwt_headers_callback = callback
        return callback

注： 该package 2015年最后更新，作者建议如果要用新的package 可以用flask-jwt-simple 和flask-jwt-extend