1.JWT认证
from datetime import datetime, timedelta
from passlib.context import CryptContext
from jose import JWTError, jwt
SECRET_KEY = "60a633523fb43587dc02f6bd0f22a73a1d5d0b69f9de489de39523da92a7d2da"
ALGORITHM = "HS256"
ACCESS_TOKEN_EXPIRE_MINUTES = 30
class Token(BaseModel):
access_token: str
token_type: str
pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
jwt_schema = OAuth2PasswordBearer(tokenUrl="/jwt")
def verify_password(plain_password, hashed_password):
"""对密码进行校验"""
return pwd_context.verify(plain_password, hashed_password)
def jwt_get_user(db, username: str):
if username in db:
user_dict = db[username]
return UserInDB(**user_dict)
def jwt_authenticate_user(db, username: str, password: str):
user = jwt_get_user(db, username)
if not user:
return False
if not verify_password(password, user.hashed_password):
return False
return user
def create_access_token(data: dict, expire_delta: Optional[timedelta] = None):
"""创建Token"""
to_encode = data.copy()
if expire_delta:
expire = datetime.utcnow() + expire_delta
else:
expire = datetime.utcnow() + timedelta(minutes=15)
to_encode.update({"exp": expire})
encode_jwt = jwt.encode(claims=to_encode, key=SECRET_KEY, algorithm=ALGORITHM)
return encode_jwt
@tokens.post("/jwt", response_model=Token, summary="JWT获取token")
async def login_jwt(form_data: OAuth2PasswordRequestForm = Depends()):
user = jwt_authenticate_user(db=fake_users_db, username=form_data.username, password=form_data.password)
if not user:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Incorrect username or password",
headers={"WWW-Authenticate": "Bearer"}
)
access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
assess_token = create_access_token(data={"sub": form_data.username}, expire_delta=access_token_expires)
return {"access_token": assess_token, "token_type": "Bearer"}
def jwt_get_user(db, username: str):
if username in db:
user_dict = db[username]
return UserInDB(**user_dict)
async def jwt_get_current_user(token: str = Depends(jwt_schema)):
"""获取当前用户"""
credentials_exception = HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Can not validate credentials",
headers={"WWW-Authenticate": "Bearer"}
)
try:
payload = jwt.decode(token=token, key=SECRET_KEY, algorithms=[ALGORITHM])
username = payload.get("sub")
if not username:
raise credentials_exception
except JWTError:
raise credentials_exception
user = jwt_get_user(db=fake_users_db, username=username)
if not user:
raise credentials_exception
return user
async def jwt_get_current_activate_user(current_user: User = Depends(jwt_get_current_user)):
"""获取当前活跃的用户"""
if current_user.disabled:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail="Inactive user"
)
return current_user
@tokens.get("/jwt_current_user", summary="获取活跃用户")
async def jwt_read_user_info(current_user: User = Depends(jwt_get_current_activate_user)):
"""获取活跃的用户"""
return current_user
2.JWT加权限认证
from typing import Optional, List
from datetime import datetime, timedelta
from dynaconf import ValidationError
from fastapi import APIRouter, Depends, HTTPException, Security
from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm, SecurityScopes
from pydantic import BaseModel
from starlette import status
from passlib.context import CryptContext
from jose import JWTError, jwt
tokens = APIRouter()
fake_users_db = {
"jack": {
"username": "jack",
"full_name": "Jack",
"email": "jack@qq.com",
"hashed_password": "d2h3k2n4h23bn4b23h53mbn3bm24mmn43",
"disabled": True
},
"lucy": {
"username": "lucy",
"full_name": "Lucy",
"email": "lucy@qq.com",
"hashed_password": "9d34lk2n6h23le4b23h53mbn3bm24mg2nhk",
"disabled": False
}
}
class User(BaseModel):
username: str
email: Optional[str] = None
full_name: Optional[str] = None
disabled: Optional[bool] = None
class UserInDB(User):
hashed_password: str
SECRET_KEY = "60a633523fb43587dc02f6bd0f22a73a1d5d0b69f9de489de39523da92a7d2da"
ALGORITHM = "HS256"
ACCESS_TOKEN_EXPIRE_MINUTES = 30
class Token(BaseModel):
access_token: str
token_type: str
class TokenData(BaseModel):
username: Optional[str] = None
scopes: List[str] = []
pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
jwt_schema = OAuth2PasswordBearer(
tokenUrl="/token/jwt",
scopes={
"get_admin_info": "获取管理员用户信息",
"del_admin_info": "删除管理员用户信息",
"get_user_info": "获取用户信息",
"get_user_role": "获取用户所属角色信息",
"get_user_permission": "获取用户相关的权限信息",
})
def verify_password(plain_password, hashed_password):
"""对密码进行校验"""
return True
def jwt_get_user(db, username: str):
if username in db:
user_dict = db[username]
return UserInDB(**user_dict)
def jwt_authenticate_user(db, username: str, password: str):
user = jwt_get_user(db, username)
if not user:
return False
if not verify_password(password, user.hashed_password):
return False
return user
def create_access_token(data: dict, expire_delta: Optional[timedelta] = None):
to_encode = data.copy()
if expire_delta:
expire = datetime.utcnow() + expire_delta
else:
expire = datetime.utcnow() + timedelta(minutes=15)
to_encode.update({"exp": expire})
encode_jwt = jwt.encode(claims=to_encode, key=SECRET_KEY, algorithm=ALGORITHM)
return encode_jwt
@tokens.post("/jwt", response_model=Token, summary="获取token")
async def login_jwt(form_data: OAuth2PasswordRequestForm = Depends()):
user = jwt_authenticate_user(db=fake_users_db, username=form_data.username, password=form_data.password)
if not user:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Incorrect username or password",
headers={"WWW-Authenticate": "Bearer"}
)
access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
assess_token = create_access_token(data={"sub": form_data.username, "scopes": form_data.scopes},
expire_delta=access_token_expires)
return {"access_token": assess_token, "token_type": "Bearer"}
async def jwt_get_current_user(security_scopes: SecurityScopes, token: str = Depends(jwt_schema)):
"""获取当前用户"""
print("当前认证方案里面的作用域:", security_scopes.scope_str)
if security_scopes.scopes:
authenticate_value = f'Bearer scope="{security_scopes.scope_str}"'
else:
authenticate_value = f"Bearer"
credentials_exception = HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Can not validate credentials",
headers={"WWW-Authenticate": "Bearer"}
)
try:
payload = jwt.decode(token=token, key=SECRET_KEY, algorithms=[ALGORITHM])
username = payload.get("sub")
if not username:
raise credentials_exception
token_scopes = payload.get("scopes", [])
print("当前用户所属的token信息里面包含的scopes信息有:", token_scopes)
token_data = TokenData(scopes=token_scopes, username=username)
print("token_data", token_data)
except (JWTError, ValidationError):
raise credentials_exception
user = jwt_get_user(db=fake_users_db, username=username)
if not user:
raise credentials_exception
print("当前认证方案里面所有security_scopes信息有:", security_scopes.scopes)
for scope in security_scopes.scopes:
if scope not in token_data.scopes:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Not enough permissions",
headers={"WWW-Authenticate": authenticate_value},
)
return user
async def jwt_get_current_activate_user(current_user: User = Depends(jwt_get_current_user)):
"""获取当前活跃的用户"""
if current_user.disabled:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail="Inactive user"
)
return current_user
@tokens.get("/jwt_current_user_info", response_model=User, summary="获取用户信息")
async def get_admin_info(current_user: User = Security(jwt_get_current_activate_user, scopes=["get_user_info"])):
"""获取活跃的用户"""
return current_user
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 无需6万激活码!GitHub神秘组织3小时极速复刻Manus,手把手教你使用OpenManus搭建本
· C#/.NET/.NET Core优秀项目和框架2025年2月简报
· 什么是nginx的强缓存和协商缓存
· 一文读懂知识蒸馏
· Manus爆火,是硬核还是营销?