python装饰器处理被保护的请求,token验证是否成功。
编程装饰器笔记页面

python装饰器处理被保护的请求,token验证是否成功。

添加token_verify.py页面(文件命名需注意不应与导入的包重名):使用python装饰器处理被保护的请求,token验证是否成功。

添加token_verify.py页面

添加token_verify.py页面(文件命名需注意不应与导入的包重名):使用python装饰器处理被保护的请求,token验证是否成功。

#token_verify.py
import jwt
from functools import wraps
from flask import request, jsonify
import datetime

secret_key = "your_secret_key"


def generate_token(user_id):
    expiration_time = datetime.datetime.utcnow() + datetime.timedelta(hours=24)
    token = jwt.encode({"user_id": user_id, "exp": expiration_time}, secret_key, algorithm="HS256")
    return token


def verify_token(token):
    try:
        decoded_data = jwt.decode(token, secret_key, algorithms=["HS256"])
        return decoded_data
    except jwt.ExpiredSignatureError:
        return None
    except jwt.InvalidTokenError:
        return None


def token_required(func):
    @wraps(func)
    def decorated_func(*args, **kwargs):
        token = request.headers.get('Authorization')

        if not token:
            return jsonify({"error": "Token is missing"}), 401

        decoded_data = verify_token(token)

        if not decoded_data:
            return jsonify({"error": "Token is invalid or expired"}), 401
        else:
             return func(*args, **kwargs)
            
    return decorated_func

笔记页面的验证token的功能

加装饰器前

@app.route('/get_diaries', methods=['GET'])
def get_diaries():
    
    token = request.headers.get('Authorization')

    if not token:xxx
        return jsonify({"error": "Token is missing"}), 401

    decoded_data = verify_token(token)

    if not decoded_data:
        return jsonify({"error": "Token is invalid or expired"}), 401
    
    从文件中读取所有日记
    with open(CONF.DIARY_TXT_DIR, 'r', encoding='utf-8') as f:
        diaries = [{'content': line} for line in f]

    with open(CONF.DIARY_CSV_DIR, 'r+', newline='',encoding='utf-8') as file:
        reader = csv.reader(file, delimiter=',')  
        diaries = list(reader)
        diaries = [{'content': line[0], 'lineNumber': index+1}
                   for index, line in enumerate(diaries[1:])]
    # 返回日记列表
    return jsonify(diaries)

加装饰器后

@app.route('/get_diaries', methods=['GET'])
@token_required
def get_diaries():
    with open(CONF.DIARY_CSV_DIR, 'r+', newline='',encoding='utf-8') as file:
        reader = csv.reader(file, delimiter=',')  
        diaries = list(reader)
        diaries = [{'content': line[0], 'lineNumber': index+1}
                   for index, line in enumerate(diaries[1:])]
    # 返回日记列表
    return jsonify(diaries)

删除按钮加入token验证

在delete_diary前加装饰器token_required

#houtai.py
@token_required
def delete_diary(diary_id):
    # 从 CSV 文件中删除日记条目
    with open(CONF.DIARY_CSV_DIR, 'r', newline='', encoding='utf-8') as file:
        reader = csv.reader(file, delimiter=',')
        data = []
        for i, row in enumerate(reader):
            if i != diary_id:
                data.append(row)
    with open(CONF.DIARY_CSV_DIR, 'w', newline='', encoding='utf-8') as file:
        writer = csv.writer(file, delimiter=',')
        writer.writerows(data)

    # 返回成功消息
    return jsonify({'status': 'success'})

删除请求携带token到后台处理

#index.js
 // 创建删除按钮
            const delButton = document.createElement('button');
            delButton.textContent = '删除';
            delButton.style.marginLeft = '10px';
            delButton.onclick = () => {
                // 发送删除请求到后台
                fetch(`/delete_diary/${index}`, { 
                    method: 'DELETE' , 
                    headers: {
                        'Authorization': token}})
                    .then(() => {
                        // 从页面上删除该日记
                        diaryList.removeChild(pre);
                        alert('删除成功!');
                        location.reload();
                    })
                    .catch(error => console.error('删除失败:', error));
            };
            pre.appendChild(delButton);
LICENSED UNDER CC BY-NC-SA 4.0
Comment