[英]Python / Flask - Using flask_restless with flask_httpauth
my objective in this question is to secure my API. 我在这个问题上的目标是保护我的API。
in my application, I'm using Flask and flask_restless
's APIManager
to provide CRUD API to my Person
object. 在我的应用程序中,我正在使用Flask和flask_restless
的APIManager
为我的Person
对象提供CRUD API。
code sample: 代码示例:
manager = APIManager(app, flask_sqlalchemy_db=db)
manager.create_api(Person, methods=['GET', 'POST', 'PATCH', 'DELETE'])
and also using flask_httpauth
to protect my other routes like this: 并使用flask_httpauth
保护我的其他路线,如下所示:
@app.route('/auth/get-token')
@auth.login_required
def get_auth_token():
token = g.user.generate_auth_token()
return jsonify({'token': token.decode('ascii'), 'fullname': g.user.fullname})
I could not figure out how to use @auth.login_required
with the apimanager
to not make it respond to anonymous requests, I read in the documentation something about preprocessors but also couldn't find a way to use it with @auth.login_required
decorator. 我无法弄清楚如何在apimanager
使用@auth.login_required
使其无法响应匿名请求,我在文档中读到了有关预处理器的内容,但也无法找到与@auth.login_required
装饰器一起使用它的方法。
any help will be appreciated. 任何帮助将不胜感激。
Unfortunately, it looks like Flask-Restless currently does not officially support attaching view decorators to the routes it manages. 不幸的是,看起来Flask-Restless目前还没有正式支持将视图装饰器附加到它管理的路线上。 There is an open issue to add this feature, and there is also another issue specifically requesting support for Flask-HTTPAuth. 添加此功能存在一个未解决的问题 ,另外还有一个问题是专门请求支持Flask-HTTPAuth。
There is yet a third issue , in which a user shows the technique to manually inject the decorators after Flask-Restless created its endpoints. 还有第三个问题 ,用户在Flask-Restless创建其端点后显示手动注入装饰器的技术。 The snippet from that user's example that adds a get_cache
decorator is below: 该用户示例中添加get_cache
装饰器的片段如下:
manager = flask.ext.restless.APIManager(app, flask_sqlalchemy_db=db)
manager.create_api(Person, methods=['GET', 'POST', 'DELETE'])
manager.create_api(Person2, methods=['GET', 'POST', 'DELETE'])
# hackish view decoration:
for model in [Person, Person2]:
model_route = '{0}api0.{0}api'.format(model.__name__.lower())
app.view_functions[model_route] = get_cache(app.view_functions[model_route])
In your case, you would replace get_cache
with auth.login_required
. 在您的情况下,您将使用auth.login_required
替换get_cache
。
Update: As discussed below in the comments, the argument in '{0}api0.{0}api'
is the table name, so the above code will only work if table names are left for Flask-SQLAlchemy to generate. 更新:如下面评论中所讨论的, '{0}api0.{0}api'
是表名,因此上述代码仅在表名留给Flask-SQLAlchemy生成时才有效。 If the model has a custom table name, then use that instead of model.__name__.lower()
. 如果模型具有自定义表名,则使用该model.__name__.lower()
而不是model.__name__.lower()
。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.