使用 Flask 后端和 React 前端登录
[英]Login with Flask Backend and React Frontend
问题描述
I am currently working on a project whose backend I will be writing using Flask (cannot change that), and the frontend will be developed using React by someone else (cannot change that too).
我目前正在开发一个项目,我将使用 Flask 编写其后端(无法更改),而前端将由其他人使用 React 开发(也无法更改)。 I am currently working on the login functionality and I have a few questions.我目前正在处理登录功能,我有几个问题。 I am really just beginning backend development, so please excuse me if I have some redundant questions or beginner-level questions.我真的刚刚开始后端开发,所以如果我有一些多余的问题或初学者级别的问题,请原谅。 I am curious as to how the login-system as a whole will be handled, not just in terms of actual login - but more so when it comes to restricting access from non-logged in users.我很好奇整个登录系统将如何处理,不仅是在实际登录方面——而且在限制未登录用户的访问方面更是如此。
The tutorials and online courses I have taken on Flask have done one of 2 approaches.我在 Flask 上学习的教程和在线课程采用了两种方法之一。 The first approach was using Flask-Login to login a user and ensure that they are logged in as they navigate to different websites.第一种方法是使用 Flask-Login 登录用户并确保他们在导航到不同网站时已登录。 This was pretty straightforward to understand and relatively easy to implement.这非常容易理解并且相对容易实现。 However, (and please correct me if I'm wrong), this would require all the navigation and redirecting to be handled server-side.但是,(如果我错了请纠正我),这将需要在服务器端处理所有导航和重定向。 Therefore, we would not be utilizing React's ability to create single-page websites (instead relying on hyperlinks from each page to the next), which is far from ideal and something that we'd like to avoid if possible.因此,我们不会利用 React 的能力来创建单页网站(而是依赖从每个页面到下一个页面的超链接),这远非理想,我们希望尽可能避免这种情况。 The second approach was using JWT tokens.第二种方法是使用 JWT 个令牌。 Again correct me if I'm wrong, but we would only be able to check that the JWT token is correct if it is included in an HTTP request, which again makes creating single-page websites not feasible.如果我错了,请再次纠正我,但如果 JWT 令牌包含在 HTTP 请求中,我们将只能检查它是否正确,这再次使得创建单页网站不可行。 Another issue with JWT is that the tokens expire fairly quickly (around 15 minutes as far as my research tells me), which is not suitable for our project because it would require users to be logged in for a longer duration. JWT 的另一个问题是令牌过期相当快(根据我的研究,大约 15 分钟),这不适合我们的项目,因为它需要用户登录更长时间。 I have read about refreshing JWT tokens, but I would like to know more about the feasibility of such a process given the short expiration time (we would have to do a lot of refreshes).我读过有关刷新 JWT 令牌的信息,但我想了解更多关于这种过程的可行性,因为到期时间很短(我们将不得不进行大量刷新)。
My main question is: How can we create single-page websites while preventing non-logged in users from accessing restricted pages?我的主要问题是:我们如何创建单页网站,同时防止未登录用户访问受限页面? But also please feel free to give me any feedback or concerns about what I have talked about.但也请随时给我任何关于我所说内容的反馈或疑虑。
Thank you in advance and sorry for the long post提前谢谢你,抱歉发了这么长的帖子
1 个解决方案
解决方案1
1 已采纳 2021-08-05 12:22:50
Just use JWT, you can add the token to the header of the HTTP request and you can set the lifetime ( JWT_EXPIRATION_DELTA ) of the token - check this link https://pythonhosted.org/Flask-JWT只需使用 JWT,您可以将令牌添加到 HTTP 请求的 header 中,您可以设置令牌的生命周期( JWT_EXPIRATION_DELTA ) - 检查此链接https://pythonhosted.org/Flask-JWT
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.