[英]is this way of using current_user from Flask-Login safe?
[英]Passing current_user from Flask-Login to Plotly Dash app
我正在尝试构建一个集成在 Flask 应用程序中的 Dash 应用程序。 一切似乎都运行良好,但是当我尝试在 Dash 应用程序中显示登录用户时,它显示为“无”。
我的应用程序结构如下:
example/
example/
dashapp/
static/
custom-css.css
templates/
base.html
home.html
login.html
__init__.py
app1.py
forms.py
models.py
routes.py
application.py
config.py
users.db
我的 Dash 应用程序位于app1.py
中。 我尝试了几种方法来传递current_user
但没有成功。 在家中效果很好。不过home.html
。 我想问题在于我的应用程序位于单独的文件中,而不是在routes.py
中。
这是app.py
的代码:
import dash
import dash_html_components as html
from dashapp import application
from flask_login import login_required, current_user
app1 = dash.Dash(__name__, server = application, routes_pathname_prefix = '/app1/', assets_folder = 'static', assets_url_path = '/static')
app1.scripts.config.serve_locally = True
app1.css.config.serve_locally = True
app1.layout = html.Div(
children = '{}'.format(current_user)
)
for view_func in app1.server.view_functions:
if view_func.startswith('/app1/'):
app1.server.view_functions[view_func] = login_required(app1.server.view_functions[view_func])
routes.py
代码:
from flask import render_template, flash, redirect, url_for, request
from flask_login import login_user, logout_user, current_user, login_required
from werkzeug.urls import url_parse
from dashapp import application, db
from dashapp.forms import LoginForm
from dashapp.models import User
from dashapp import app1
@application.route('/')
@application.route('/home')
@login_required
def home():
return render_template('home.html')
@application.route('/login', methods=['GET', 'POST'])
def login():
if current_user.is_authenticated:
return redirect(url_for('home'))
form = LoginForm()
if form.validate_on_submit():
user = User.query.filter_by(username=form.username.data).first()
if user is None or not user.check_password(form.password.data):
flash('Invalid username or password')
return redirect(url_for('login'))
login_user(user, remember=form.remember_me.data)
next_page = request.args.get('next')
if not next_page or url_parse(next_page).netloc != '':
next_page = url_for('home')
return redirect(next_page)
return render_template('login.html', form=form)
@application.route('/app1/')
@application.route('/logout')
def logout():
logout_user()
return redirect(url_for('login'))
其他脚本几乎是标准的,除非真的需要它们,否则我不会将它们包含在问题中。
请建议如何克服我的问题。 谢谢!
我设法在一些帮助下解决了这个问题。 以防万一有人卡住,请参阅下面的更新代码。
添加session
行以将当前用户名存储在routes.py
中:
from flask import render_template, flash, redirect, url_for, request, session
from flask_login import login_user, logout_user, current_user, login_required
from werkzeug.urls import url_parse
from dashapp import application, db
from dashapp.forms import LoginForm
from dashapp.models import User
from dashapp import app1
@application.route('/')
@application.route('/home')
@login_required
def home():
return render_template('home.html')
@application.route('/login', methods=['GET', 'POST'])
def login():
if current_user.is_authenticated:
session['username'] = current_user.username
return redirect(url_for('home'))
form = LoginForm()
if form.validate_on_submit():
session['username'] = form.username.data
user = User.query.filter_by(username=form.username.data).first()
if user is None or not user.check_password(form.password.data):
flash('Invalid username or password')
return redirect(url_for('login'))
login_user(user, remember=form.remember_me.data)
next_page = request.args.get('next')
if not next_page or url_parse(next_page).netloc != '':
next_page = url_for('home')
return redirect(next_page)
return render_template('login.html', form=form)
@application.route('/logout')
def logout():
session.pop('username', None)
logout_user()
return redirect(url_for('login'))
和session
的回调中的app1.py
:
import dash
import dash_html_components as html
from dash.dependencies import Input, Output
from dashapp import application
from flask_login import login_required
from flask import session
app1 = dash.Dash(__name__, server = application, routes_pathname_prefix = '/app1/', assets_folder = 'static', assets_url_path = '/static')
app1.scripts.config.serve_locally = True
app1.css.config.serve_locally = True
app1.layout = html.Div(
children = [
html.Div(id='div2'),
html.Div(id='div3', children = 'xxxx'),
],
)
@app1.callback(
Output('div2', 'children'),
[Input('div3', 'children')])
def update_intervalCurrentTime(children):
return session.get('username', None)
for view_func in app1.server.view_functions:
if view_func.startswith('/app1/'):
app1.server.view_functions[view_func] = login_required(app1.server.view_functions[view_func])
面临同样的问题。 我想问题是当“应用程序”注册 Dash 应用程序时当前用户尚未初始化。 很好的解决方法,虽然似乎有点不安全,因为 Flask 会话只是被编码。
https://github.com/RafaelMiquelino/dash-flask-login/blob/master/app.py - 我认为更强大的解决方案。 它在回调中检查 current_user 并将页面的内容用作输入,因此在页面加载时调用回调。 如果用户体验不是问题,您也可以跳过对视图的保护。
这是我如何使用它的简化示例:
@app.callback(
Output('graph-wrapper', 'children'),
[Input('page-content', 'children')])
def load_graph(input1):
if current_user.is_authenticated:
return dcc.Graph() # Dash Graph populated with current_user data from db
else:
return ''
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.