【发布时间】:2017-09-11 16:27:12
【问题描述】:
在 Python 中使用 FLASK 框架,我的应用程序需要:
- 注册和登录用户(使用 sqlite 或 postgres 数据库)
- 访问登录用户拥有的特定谷歌电子表格并以 json 格式输出该数据。 我需要拥有自己的授权和身份验证系统
我在弄清楚如何构建应用程序时遇到了很多麻烦 - 我应该拥有哪些目录和子目录?
我玩了很多次(大约 1 个月的时间)。我正在使用虚拟环境,但也不知道如何很好地测试我的代码。一般来说,我的代码可以运行,但我不知道它们是如何协同工作的。**我对烧瓶完全陌生。**
构建应用程序:
|应用程序
|----run.py
|----config.py
|----数据库
|---------数据库.db
|----应用
|---------views.py
|---------models.py
|---------forms.py
|---------extensions.py
|----模板
|---------....
|----静态
|--------....
授权/认证: 我看过 Flask-Login、Flask-Auth、Flask-Security。我了解总体思路,但不知道如何安全地实施完整的授权和身份验证系统。
app = Flask(__name__)
app.config.from_object(config)
login_manager = LoginManager()
login_manager.init_app(app)
def create_app():
db.init_app()
db.app = app
db.create_all()
return app
@app.route('/')
def index():
#needs to render the homepage template
@app.route('/signup', methods = ['GET', 'POST'])
def register():
form = SignupForm()
if request.method == 'GET':
return render_template('signup.html', form=form)
elif request.method == 'POST':
if form.validate_on_submit():
if User.query.filter_by(email=form.email.data).first():
return "email exists"
else:
newuser = User(form.email.data, form.password.data)
db.session.add(newuser)
db.session.commit()
login_user(newuser)
return "New User created"
else:
return "form didn't validate"
return "Signup"
@app.route('/login', methods = ['GET', 'POST'])
def login():
form = SignupForm()
if request.method == 'GET':
return render_template('login.html', form=form)
elif request.method == 'POST':
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data).first()
if user:
if user.password == form.password.data:
login_user(user)
return "you are logged in"
else:
return "wrong password"
else:
return "user doesnt exist"
else:
return "form did not validate"
@login_manager.user_loader
def load_user(email):
return User.query.filter_by(email = email).first()
@app.route('/protected')
@login_required
def protected():
return "protected area for logged in users only"
if __name__ == '__main__':
#app.create_app()
app.run(port=5000, host='localhost')`
from flask_security import Security, SQLAlchemyUserDatastore, UserMixin, RoleMixin, login_required
import os
# Create app
app = Flask(__name__)
#app.config['DEBUG'] = True
app.config['SECRET_KEY'] = ''
app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:////'
app.config['SECURITY_PASSWORD_HASH'] = 'sha512_crypt'
app.config['SECURITY_PASSWORD_SALT'] = str(os.urandom(24))
# Create database connection object
db = SQLAlchemy(app)
# Define models
roles_users = db.Table('roles_users',
db.Column('user_id', db.Integer(), db.ForeignKey('user.id')),
db.Column('role_id', db.Integer(), db.ForeignKey('role.id')))
class Role(db.Model, RoleMixin):
id = db.Column(db.Integer(), primary_key=True)
name = db.Column(db.String(80), unique=True)
description = db.Column(db.String(255))
class User(db.Model, UserMixin):
id = db.Column(db.Integer, primary_key=True)
email = db.Column(db.String(255), unique=True)
password = db.Column(db.String(255))
active = db.Column(db.Boolean())
confirmed_at = db.Column(db.DateTime())
roles = db.relationship('Role', secondary=roles_users, backref=db.backref('users', lazy='dynamic'))
user_datastore = SQLAlchemyUserDatastore(db, User, Role)
security = Security(app, user_datastore)
# Create a user to test with
@app.before_first_request
def create_user():
db.create_all()
user_datastore.create_user(email='', password='')
db.session.commit()
@app.route('/')
@login_required
def home():
#password = encrypt_password('mypass')
#print verify_and_update_password('mypass', password)
return "hello"
if __name__ == '__main__':
app.run(debug=True, use_reloader=False)
** 非常感谢任何指导!**
【问题讨论】:
标签: authentication flask authorization flask-security