Flask Header Auth

[xxleyi]

Minimal Flask-Login Example - G B

依照上文思路，自己动手实践了 Flask 中 Header Auth 的整体流程，简单优化一点点，假如密码 hash 功能。

# -*- coding: utf-8 -*-

from flask import Flask, jsonify
from flask_login import LoginManager, UserMixin, login_required
from http_basic_auth import parse_header
from werkzeug.security import generate_password_hash, check_password_hash

app = Flask(__name__)
login_manager = LoginManager()
login_manager.init_app(app)

class User(UserMixin):
    # proxy for a database of users
    user_database = {"aaa": ("aaa", generate_password_hash("bbb"))}

    def __init__(self, username, password):
        self.id = username
        self.password = password

    @classmethod
    def get(cls, id):
        return cls.user_database.get(id)

@login_manager.request_loader
def load_header_user(request):
    auth_header = request.headers.get("Authorization")

    if auth_header is not None:
        username, password = parse_header(auth_header)
        user_entry = User.get(username)
        if user_entry is not None:
            user = User(user_entry[0], user_entry[1])
            if check_password_hash(user.password, password):
                return user
    return None

@app.route("/", methods=["GET", "POST"])
def index():
    return jsonify({1: 2})

@app.route("/protected/", methods=["GET", "POST"])
@login_required
def protected():
    return jsonify({1: 2})

if __name__ == "__main__":
    app.config["SECRET_KEY"] = "ITSASECRET"
    app.run(port=5000, debug=True)

[xxleyi]

无需 http_basic_auth，flask werkzeug 底层已经做好了。

使用 request.authorization 可以直接拿到一个处理好的认证字典，如果是 basic auth，则字典内部会包含 password 和 username 这俩 key。