将 auth 装饰器添加到 flask restx
[英]Adding auth decorators to flask restx
问题描述
I have a Flask application using flask-restx and flask-login .
我有一个使用flask-restx和flask-login的 Flask 应用程序。 I would like all routes by default to require login, and explicitly define public routes that require no authentication.我希望默认情况下所有路由都需要登录,并明确定义不需要身份验证的公共路由。 I have started using decorators following the example given in this question:我已经按照这个问题中给出的示例开始使用装饰器:
Best way to make Flask-Login's login_required the default 使 Flask-Login 的 login_required 成为默认值的最佳方法
It works for function endpoints, but not for restx resource endpoints.它适用于 function 端点,但不适用于restx资源端点。
I have tried adding the function both as a decorator, and using the method_decorators field.我尝试添加 function 作为装饰器,并使用method_decorators字段。 For example:例如:
def public_route(decorated_function):
"""
This is a decorator to specify public endpoints in our flask routes
:param decorated_function:
:return:
"""
decorated_function.is_public = True
return decorated_function
class HelloWorld(ConfigurableResource):
method_decorators = {"get": [public_route]}
@public_route
@api.doc('Welcome message')
def get(self):
return {'hello': 'world'}
And this test passes:这个测试通过了:
def test_hello_world_is_public():
api = Namespace('health', description='Health related operations')
hello = HelloWorld(api, config=None, logger=None)
is_public_endpoint = getattr(hello.get, 'is_public', False)
assert is_public_endpoint
My challenge is I can't see how to access this attribute in my auth logic:我的挑战是我看不到如何在我的身份验证逻辑中访问此属性:
@app.before_request
def check_route_access():
"""
This function decides whethere access should be granted to an endpoint.
This function runs before all requests.
:return:
"""
is_public_endpoint = getattr(app.view_functions[request.endpoint], 'is_public', False)
if person_authorized_for_path(current_user, request.path, is_public_endpoint):
return
# Otherwise access not granted
return redirect(url_for("auth.index"))
This works for plain function endpoints, but not restx resources.这适用于普通的 function 端点,但不适用于 restx 资源。
I understand that restx is wrapping my resource class in a function so that flask can do dispatch, but I can't figure out how to access the decorator from here.我知道restx将我的资源 class 包装在 function 中,以便 flask 可以进行调度,但我不知道如何从这里访问装饰器。 So I have some questions:所以我有一些问题:
- Is it possible to reach the decorator from the view_function?是否可以从 view_function 访问装饰器?
- Is it possible to know whether the endpoint is a restx resource or a plain rest function?是否可以知道端点是restx资源还是普通的rest function?
- Is there a better way to do what I'm trying to achieve?有没有更好的方法来做我想要实现的目标?
2 个解决方案
解决方案1
4 2020-08-21 15:19:30
Based on this and this , method_decorators variable should be a list of functions, so you should use it like:基于this和this , method_decorators变量应该是一个函数列表,所以你应该像这样使用它:
def _perform_auth(method):
is_public_endpoint = getattr(method, 'is_public', False)
# place the validation here
class Resource(flask_restx.Resource):
method_decorators = [_perform_auth]
解决方案2
2 2020-08-07 15:23:07
Is it possible to reach the decorator from the view_function?
Well... it is possible , but I wouldn't recommend it.嗯......这是可能的,但我不会推荐它。 Here's an example这是一个例子
Is it possible to know whether the endpoint is a restx resource or a plain rest function?
You probably can inspect the func and figure out if it's from restx, maybe looking at __qualname__ , but then again, I`d wouldn't recommend it.您可能可以检查 func 并确定它是否来自 restx,也许可以查看__qualname__ ,但话又说回来,我不会推荐它。
Is there a better way to do what I'm trying to achieve?
I would go one of these solutions:我会 go 这些解决方案之一:
- Explicitly decorate view_funcs and resources that do need authentication, instead of the other way around显式装饰需要身份验证的 view_funcs 和资源,而不是相反
- Create a blueprint for public endpoints, a blueprint for protected endpoints with the
before_requestdecorator for authorization为公共端点创建蓝图,使用before_request装饰器为受保护端点创建蓝图以进行授权
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.