def check_token(token):
#创建序列化器
s = Serialzier(secret_key=settings.SECRET_KEY, expires_in=3600)
#解析数据
try:
result = s.loads(token)
except BadSignature:
return None
#返回user_id
return result.get('id')
def generic_verify_url(user_id):
#创建序列化器
s = Serialzier(secret_key=settings.SECRET_KEY, expires_in=3600)
#组织数据
data = {
'id': user_id,
}
#对数据加密
token = s.dumps(data)
#拼接url
return 'http://www.meiduo.site:8080/success_verify_email.html?token=' + token.decode(
)
def check_access_token(access_token_openid):
"""
反解、反序列化access_token_openid
:param access_token_openid: openid密文
:return: openid明文
"""
# 创建序列化器对象:序列化和反序列化的对象的参数必须是一模一样的
s = Serialzier(dev.SECRET_KEY, constants.ACCESS_TOKEN_EXPIRES)
# 反序列化openid密文
try:
data = s.loads(access_token_openid)
except BadData: # openid密文过期
return None
else:
# 返回openid明文
return data.get('openid')
def generate_access_token(openid):
"""
签名、序列化openid
:param openid: openid明文
:return: token(openid密文)
"""
# 创建序列化器对象
# s = Serialzier('秘钥:越复杂越安全', '过期时间')
s = Serialzier(dev.SECRET_KEY, constants.ACCESS_TOKEN_EXPIRES)
# 准备待序列化的字典数据
data = {'openid': openid}
# 调用dumps方法进行序列化:类型是bytes
token = s.dumps(data)
# 返回序列化后的数据
return token.decode()
from itsdangerous import TimedJSONWebSignatureSerializer as Serialzier, BadSignature, SignatureExpired
# TimedJSONWebSignatureSerializer
# Timed : 时效
# JSON :处理的是类似json的数据
# Signature : 签名, 会进行加密的处理
# Serializer : 序列化,是可逆的
secret_key = '123456'
expires_in = 5
s = Serialzier(secret_key, expires_in)
access_token = s.dumps({'uid': 1})
access_token = access_token.decode()
# 正常情况
s1 = Serialzier(secret_key, expires_in)
try:
result = s1.loads(access_token)
except BadSignature:
print('签名异常')
else:
print('正常情况:')
print(result)
# 模拟别人不知道秘钥想解密 access_token
s1 = Serialzier('1234567', expires_in)
try:
result = s1.loads(access_token)
except BadSignature:
print('签名异常')
else: