def verify_token(token, secret):
ua = request.headers.get('User-Agent', '')
if ua != WHITELIST_UA:
timestamp = int(request.headers.get('Timestamp', 0))
if abs(timestamp - int(time.time())) > 100:
raise AuthFailed()
my_secret = md5(token + str(timestamp))
if my_secret != secret:
raise AuthFailed()
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token)
except BadSignature:
raise AuthFailed(msg='token is invalid', error_code=1002)
except SignatureExpired:
raise AuthFailed(msg='token is expired', error_code=1003)
uid = data['uid']
user = User.get_by_id(uid)
if not user:
raise NotFound()
allow = is_in_scope(user.scope, request.endpoint)
if not allow:
raise Forbidden()
g.user = user
return True
def verify_auth_token(token):
"""
验证 token
:param token:
:return:
"""
s = Serializer(current_app.config.get('SECRET_KEY'))
try:
data = s.loads(token)
except BadSignature:
# 令牌无效
raise AuthFailed(msg='token is invalid', error_code=1002)
except SignatureExpired:
# 令牌过期
raise AuthFailed(msg='token is expired', error_code=1003)
uid = data['uid']
ac_type = data['type']
scope = data['scope']
# 当前用户是否有权限访问视图函数
allow = is_in_scope(scope, request.endpoint)
if not allow:
raise Forbidden()
return User(uid, ac_type, scope)
def load_user(uid):
user = User.query.get(int(uid))
if user:
scope = 'UserScope' if user.auth == 1 else 'AdminScope'
allow = is_in_scope(scope, request.endpoint)
if not allow:
raise Forbidden()
return user
def verify_token(token):
user_info = verify_auth_token(token)
if not user_info:
return False
else:
g.user = user_info # 存入当前user信息进flask g变量,方便后续api相关操作
allow = is_in_scope(g.user.scopes, request.endpoint)
if not allow:
raise Forbidden()
return True
def verify_auth_token(token):
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token)
except BadSignature:
raise AuthFailed(msg='token is invalid', error_code=1002)
except SignatureExpired:
raise AuthFailed(msg='token is expired', error_code=1003)
uid = data['uid']
scope = data['scope']
allow = is_in_scope(scope, request.endpoint)
if not allow:
raise Forbidden()
return User(uid, scope)
def verify_auth_token(token):
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token)
except BadSignature:
raise Tokeninvalid()
except SignatureExpired:
raise Tokenexpired()
uid =data['uid']
type = data['type']
scope = data['scope']
allow = is_in_scope(scope, request.endpoint)
if not allow:
raise Forbidden()
return User(uid, type, scope)
def verify_token(token):
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token)
except BadSignature:
raise AuthError(msg='bad token', error_code=1002)
except SignatureExpired:
raise AuthError(msg='token expired', error_code=1003)
#
if not is_in_scope(data['scope'], request.endpoint):
raise Forbidden()
#
uid = data['uid']
ac_type = data['ac_type']
scope = data['scope']
return User(uid, ac_type, scope)
def verify_auth_token(token):
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token) # token在请求头
except BadSignature:
raise AuthFailed(msg='token 无效', error_code=1002)
except SignatureExpired:
raise AuthFailed(msg='token 过期', error_code=1003)
uid = data['uid']
ac_type = data['type']
scope = data['scope']
# 可以获取要访问的视图函数
allow = is_in_scope(scope, request.endpoint)
if not allow:
raise ForbiddenException()
return UserTuple(uid, ac_type, scope)
def verify_auth_token(token): #获取token中的信息。验证token合法性
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token) #解密的方法
except BadSignature: #验证合法性。如果是BadSignature异常,则抛出自定义的AuthFailed
raise AuthFailed(msg='token is invalid', error_code=1002)
except SignatureExpired: #验证是否过期
raise AuthFailed(msg='token is expired', error_code=1003)
uid = data['uid']
ac_type = data['type']
scope = data['scope']
allow = is_in_scope(scope,
request.endpoint) #endpoint表示要访问的视图函数,类似于url_for
if not allow:
raise Forbidden()
return User(uid, ac_type, scope)
def verify_auth_token(token):
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token)
except BadSignature:
raise AuthFailed(msg='Token不合法', error_code=4011)
except SignatureExpired:
raise AuthFailed(msg='Token过期', error_code=4012)
uid = data['uid']
ac_type = data['ac_type']
scope = data['scope']
allow = is_in_scope(scope, request.endpoint)
if not allow:
raise Forbidden()
return UserInSession(uid, ac_type, scope, False)
def verify_auth_token(token): s = Serializer(current_app.config['SECRET_KEY']) try: data = s.loads(token) except BadSignature: raise AuthFailed(msg='token is invalid', error_code=1002) except SignatureExpired: raise AuthFailed(msg='token is expired', error_code=1003) uid = data['uid'] ac_type = data['type'] scope = data['scope'] # 可以获取要访问的视图函数 allow = is_in_scope(scope, request.endpoint) if not allow: raise ForbiddenException() return User(uid, ac_type, scope)
def verify_auth_token(token):
s = Serializer(current_app.config["SECRET_KEY"])
try:
data = s.loads(token)
except BadSignature:
raise AuthFailed(msg="token is invalid", error_code=1002)
except SignatureExpired:
raise AuthFailed(msg="token is expired", error_code=1003)
uid = data.get("uid")
ac_type = data.get("type")
scope = data.get("scope")
allow = is_in_scope(scope)
if not allow:
raise Forbidden()
return User(uid, ac_type, scope)
def verify_auth_token(token):
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token)
except BadSignature:
raise AuthFailed(msg='非法token', error_code=1002)
except SignatureExpired:
raise AuthFailed(msg='token过期', error_code=1003)
uid = data['uid']
ac_type = data['type']
scope = data['scope']
# request 访问的接口在这里也能确定
allow = is_in_scope(scope, request.endpoint)
if not allow:
raise Forbidden()
# request.endpoint返回当前请求要访问的视图函数
return User(uid, ac_type, scope)
def verify_auth_token(token):
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token) # data {id:'',type:''}
except BadSignature:
raise AuthFailed(msg='token is invalid')
except SignatureExpired:
raise AuthFailed(msg='token is expired')
uid = data['uid']
ac_type = data['type']
scope = data['scope']
# 调用 is_in_scope 函数判断能否访问对应视图函数
allowed = is_in_scope(scope, request.endpoint)
if not allowed:
raise Forbidden()
return User(uid, ac_type, scope)
def verigy_auth_token(token):
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token)
except BadSignature:
# 无效token
raise AuthFailedException(msg='无效token')
except SignatureExpired:
# token已失效
raise AuthFailedException(msg='token已失效')
uid = data['uid']
ac_type = data['type']
scope = data['scope']
# 可以得到对应的scope和用户请求的接口: 通过配置libs/scope.py进行判断
allow = is_in_scope(scope, request.endpoint)
if not allow:
raise ForbiddenException()
return User(uid, ac_type, scope)
def verify_auth_token(token):
"""验证token"""
serializer = Serializer(current_app.config['SECRET_KEY'])
try:
data = serializer.loads(token)
except BadSignature:
raise AuthFailed(msg='token is invalid', error_code=1002)
except SignatureExpired:
raise AuthFailed(msg='token is expired', error_code=1003)
uid = data['uid']
ac_type = data['type']
scope = data['scope']
# request 可以确认视图函数
if not is_in_scope(scope, request.endpoint):
raise Forbidden()
return User(uid, ac_type, scope)
def verify_auth_token(token):
# 验证token是否合法
s = Serializer(current_app.config['SECRET_KEY'])
try:
# 载入token
data = s.loads(token)
except BadSignature:
raise AuthFailed(msg='token is invalid', error_code=1002)
except SignatureExpired:
raise AuthFailed(msg='token was expired', error_code=1003)
uid = data['uid']
ac_type = data['type']
scope = data['scope']
# 如果用户的权限不够则吗,返回认证失败
allow = is_in_scope(scope, request.endpoint)
if not allow:
raise Forbidden()
# 返回结果以对象式的形式返回
return User(uid, ac_type, scope)
def verify_auth_token(token):
# header:
# key=Authorization
# value=basic base64(username:password)
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token)
except BadSignature:
raise AuthFailed(msg='token is invalid', error_code=1002)
except SignatureExpired:
raise AuthFailed(msg='token is expired', error_code=1003)
uid = data['uid']
ac_type = data['type']
scope = data['scope']
# request 视图函数
allow = is_in_scope(scope, request.endpoint)
if not allow:
raise Forbidden()
return User(uid, ac_type, scope)
def verify_auth_token(token):
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token) # 解密 token
# token不合法抛出的异常
except BadSignature:
raise AuthFailed(msg='token is valid', erro_code=1002)
# token过期抛出的异常
except SignatureExpired:
raise AuthFailed(msg='token is expired', erro_code=1003)
uid = data['uid']
ac_type = data['type'] # 生成令牌的时候写入了 uid ac_type
scope = data['scope']
# 也可在这拿到当前request的视图函数
allow = is_in_scope(
scope, request.endpoint) # request.endpoint 拿到当前视图函数的endpoint
if not allow:
raise Forbidden()
return User(uid, ac_type, scope) # 定义对象式 接口返回回去 ,scope 先返回为空字符串
def verify_auth_token(token):
"""
验证token信息和所拥有的权限
:param token:
:return:
"""
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token)
except BadSignature:
raise AuthFailed(message="无效的Token", error_code=10008)
except SignatureExpired:
raise AuthFailed(message="Token已过期", error_code=10002)
uid = data['uid']
ac_type = data['type']
scope = data['scope']
allow = is_in_scope(scope, request.endpoint)
if not allow:
raise Forbidden()
return User(uid, ac_type, scope)
def verify_auth_token(token):
s = Serializer(current_app["SECRET_KEY"])
try:
data = s.loads(token)
except BadSignature:
raise AuthFailed(msg="token is invalid", error_code=1002)
except SignatureExpired:
raise AuthFailed(msg="token is expired", error_code=1003)
uid = data["uid"]
ac_type = data["type"]
scope = data["is_admin"]
allow = is_in_scope(scope, request.endpoint)
if not allow:
raise Forbidden()
return User(uid, ac_type, scope)
def verify_auth_token(token):
# 实例化序列化器
s = Serializer(current_app.config['SECRET_KEY'])
try:
# 解密
data = s.loads(token)
# 是否合法,捕捉特定异常
except BadSignature:
raise AuthFailed(msg='token is invalid', error_code=1002)
# 是否过期,捕捉特定异常
except SignatureExpired:
raise AuthFailed(msg='token is expired', error_code=1003)
# 读取数据,字典形式
uid = data['uid']
ac_type = data['type']
scope = data['scope']
# request 视图函数.判断对应的权限和视图函数
allow = is_in_scope(scope, request.endpoint)
if not allow:
raise Forbidden()
# 返回信息,实例化,优势?
return User(uid, ac_type, scope)
def verify_auth_token(token):
"""
解密Token
若未抛出异常,则解密成功,校验通过
若抛出BadSignature异常,则说明Token不合法
:param token:
:return:
"""
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token) # 解密Token
except BadSignature:
raise AuthFailed(msg='token is invalid',
error_code=1002)
except SignatureExpired:
raise AuthFailed(msg='token is expired',
error_code=1003)
uid = data['uid']
ac_type = data['type']
scope = data['scope']
allow = is_in_scope(scope, request.endpoint)
if not allow:
raise Forbidden()
return User(uid, ac_type, scope)
def check_access(scope: 'str'):
# 检测访问权限,是否越级访问
allow = is_in_scope(scope, request.endpoint)
if not allow:
raise Forbidden()
