JWT在flask中的demo
import jwt
import datetime
from jwt import exceptions
JWT_SALT = "FDAER#$$FGSIOD*DSF*)#*$$^ERFA"
def create_token(payload,timeout=20):
headers = {
"typ":"jwt",
"alg":"HS256",
}
payload['exp'] = datetime.datetime.utcnow() + datetime.timedelta(minutes=timeout)
result = jwt.encode(payload=payload,key=JWT_SALT,algorithm="HS256",headers=headers).decode("utf-8")
return result
def parse_payload(token):
result = {"status":False,"data":None,"error":None}
try:
verified_payload = jwt.decode(token,JWT_SALT,True)
result['status'] = True
result['data'] = verified_payload
except exceptions.ExpiredSignatureError:
result['error'] = "token已失效"
except jwt.DecodeError:
result['error'] = "token认证失败"
except jwt.InvalidTokenError:
result['error'] = "非法的token"
return result
from flask import Flask,request,jsonify,views,g
from utils.jwt_auth import create_token,parse_payload
app = Flask(__name__)
@app.before_request
def jwt_authorization_auth():
"""每次请求进入视图函数之前会执行此函数,验证token"""
if request.path == '/login/':
return
authorization = request.headers.get('Authorization', '')
print(authorization)
auth = authorization.split()
if not auth:
return jsonify({'error': '未获取到Authorization请求头', 'status': False})
if auth[0].lower() != 'jwt':
return jsonify({'error': 'Authorization请求头中认证方式错误', 'status': False})
if len(auth) == 1:
return jsonify({'error': "非法Authorization请求头", 'status': False})
elif len(auth) > 2:
return jsonify({'error': "非法Authorization请求头", 'status': False})
token = auth[1]
result = parse_payload(token)
if not result['status']:
return jsonify(result)
g.user_info = result['data']
@app.route("/login/",methods=['POST'])
def login():
"""登陆,密码正确返回token"""
user = request.form.get("username")
pwd = request.form.get("password")
if user == "xjk" and pwd == "123":
token = create_token({"username":"xjk"})
return jsonify({"status":True,"token":token})
return jsonify({"status":False,"error":"用户名密码错误"})
@app.route('/order/',methods=['GET','POST','PUT','DELETE'])
def order():
"""假设是个订单页面"""
print(g.user_info)
if request.method == "GET":
return "订单列表"
return "订单信息"
if __name__ == '__main__':
app.run(debug=True)
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· Linux系列:如何用 C#调用 C方法造成内存泄露
· AI与.NET技术实操系列(二):开始使用ML.NET
· 记一次.NET内存居高不下排查解决与启示
· 探究高空视频全景AR技术的实现原理
· 理解Rust引用及其生命周期标识(上)
· 物流快递公司核心技术能力-地址解析分单基础技术分享
· .NET 10首个预览版发布:重大改进与新特性概览!
· 单线程的Redis速度为什么快?
· 展开说说关于C#中ORM框架的用法!
· Pantheons:用 TypeScript 打造主流大模型对话的一站式集成库