Python / Flask - 使用flask_restless和flask_httpauth
[英]Python / Flask - Using flask_restless with flask_httpauth
问题描述
my objective in this question is to secure my API. 
我在这个问题上的目标是保护我的API。
in my application, I'm using Flask and flask_restless 's APIManager to provide CRUD API to my Person object. 在我的应用程序中,我正在使用Flask和flask_restless的APIManager为我的Person对象提供CRUD API。
code sample: 代码示例:
manager = APIManager(app, flask_sqlalchemy_db=db)
manager.create_api(Person, methods=['GET', 'POST', 'PATCH', 'DELETE'])
and also using flask_httpauth to protect my other routes like this: 并使用flask_httpauth保护我的其他路线,如下所示:
@app.route('/auth/get-token')
@auth.login_required
def get_auth_token():
token = g.user.generate_auth_token()
return jsonify({'token': token.decode('ascii'), 'fullname': g.user.fullname})
I could not figure out how to use @auth.login_required with the apimanager to not make it respond to anonymous requests, I read in the documentation something about preprocessors but also couldn't find a way to use it with @auth.login_required decorator. 我无法弄清楚如何在apimanager使用@auth.login_required使其无法响应匿名请求,我在文档中读到了有关预处理器的内容,但也无法找到与@auth.login_required装饰器一起使用它的方法。
any help will be appreciated. 任何帮助将不胜感激。
2 个解决方案
解决方案1
2 已采纳 2017-03-02 16:01:52
Unfortunately, it looks like Flask-Restless currently does not officially support attaching view decorators to the routes it manages. 不幸的是,看起来Flask-Restless目前还没有正式支持将视图装饰器附加到它管理的路线上。 There is an open issue to add this feature, and there is also another issue specifically requesting support for Flask-HTTPAuth. 添加此功能存在一个未解决的问题 ,另外还有一个问题是专门请求支持Flask-HTTPAuth。
There is yet a third issue , in which a user shows the technique to manually inject the decorators after Flask-Restless created its endpoints. 还有第三个问题 ,用户在Flask-Restless创建其端点后显示手动注入装饰器的技术。 The snippet from that user's example that adds a get_cache decorator is below: 该用户示例中添加get_cache装饰器的片段如下:
manager = flask.ext.restless.APIManager(app, flask_sqlalchemy_db=db)
manager.create_api(Person, methods=['GET', 'POST', 'DELETE'])
manager.create_api(Person2, methods=['GET', 'POST', 'DELETE'])
# hackish view decoration:
for model in [Person, Person2]:
model_route = '{0}api0.{0}api'.format(model.__name__.lower())
app.view_functions[model_route] = get_cache(app.view_functions[model_route])
In your case, you would replace get_cache with auth.login_required . 在您的情况下,您将使用auth.login_required替换get_cache 。
Update: As discussed below in the comments, the argument in '{0}api0.{0}api' is the table name, so the above code will only work if table names are left for Flask-SQLAlchemy to generate. 更新:如下面评论中所讨论的, '{0}api0.{0}api'是表名,因此上述代码仅在表名留给Flask-SQLAlchemy生成时才有效。 If the model has a custom table name, then use that instead of model.__name__.lower() . 如果模型具有自定义表名,则使用该model.__name__.lower()而不是model.__name__.lower() 。
解决方案2
1 2017-03-01 16:45:15
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.