def verify_token(token, secret): ua = request.headers.get('User-Agent', '') if ua != WHITELIST_UA: timestamp = int(request.headers.get('Timestamp', 0)) if abs(timestamp - int(time.time())) > 100: raise AuthFailed() my_secret = md5(token + str(timestamp)) if my_secret != secret: raise AuthFailed() s = Serializer(current_app.config['SECRET_KEY']) try: data = s.loads(token) except BadSignature: raise AuthFailed(msg='token is invalid', error_code=1002) except SignatureExpired: raise AuthFailed(msg='token is expired', error_code=1003) uid = data['uid'] user = User.get_by_id(uid) if not user: raise NotFound() allow = is_in_scope(user.scope, request.endpoint) if not allow: raise Forbidden() g.user = user return True
def verify_auth_token(token): """ 验证 token :param token: :return: """ s = Serializer(current_app.config.get('SECRET_KEY')) try: data = s.loads(token) except BadSignature: # 令牌无效 raise AuthFailed(msg='token is invalid', error_code=1002) except SignatureExpired: # 令牌过期 raise AuthFailed(msg='token is expired', error_code=1003) uid = data['uid'] ac_type = data['type'] scope = data['scope'] # 当前用户是否有权限访问视图函数 allow = is_in_scope(scope, request.endpoint) if not allow: raise Forbidden() return User(uid, ac_type, scope)
def load_user(uid): user = User.query.get(int(uid)) if user: scope = 'UserScope' if user.auth == 1 else 'AdminScope' allow = is_in_scope(scope, request.endpoint) if not allow: raise Forbidden() return user
def verify_token(token): user_info = verify_auth_token(token) if not user_info: return False else: g.user = user_info # 存入当前user信息进flask g变量,方便后续api相关操作 allow = is_in_scope(g.user.scopes, request.endpoint) if not allow: raise Forbidden() return True
def verify_auth_token(token): s = Serializer(current_app.config['SECRET_KEY']) try: data = s.loads(token) except BadSignature: raise AuthFailed(msg='token is invalid', error_code=1002) except SignatureExpired: raise AuthFailed(msg='token is expired', error_code=1003) uid = data['uid'] scope = data['scope'] allow = is_in_scope(scope, request.endpoint) if not allow: raise Forbidden() return User(uid, scope)
def verify_auth_token(token): s = Serializer(current_app.config['SECRET_KEY']) try: data = s.loads(token) except BadSignature: raise Tokeninvalid() except SignatureExpired: raise Tokenexpired() uid =data['uid'] type = data['type'] scope = data['scope'] allow = is_in_scope(scope, request.endpoint) if not allow: raise Forbidden() return User(uid, type, scope)
def verify_token(token): s = Serializer(current_app.config['SECRET_KEY']) try: data = s.loads(token) except BadSignature: raise AuthError(msg='bad token', error_code=1002) except SignatureExpired: raise AuthError(msg='token expired', error_code=1003) # if not is_in_scope(data['scope'], request.endpoint): raise Forbidden() # uid = data['uid'] ac_type = data['ac_type'] scope = data['scope'] return User(uid, ac_type, scope)
def verify_auth_token(token): s = Serializer(current_app.config['SECRET_KEY']) try: data = s.loads(token) # token在请求头 except BadSignature: raise AuthFailed(msg='token 无效', error_code=1002) except SignatureExpired: raise AuthFailed(msg='token 过期', error_code=1003) uid = data['uid'] ac_type = data['type'] scope = data['scope'] # 可以获取要访问的视图函数 allow = is_in_scope(scope, request.endpoint) if not allow: raise ForbiddenException() return UserTuple(uid, ac_type, scope)
def verify_auth_token(token): #获取token中的信息。验证token合法性 s = Serializer(current_app.config['SECRET_KEY']) try: data = s.loads(token) #解密的方法 except BadSignature: #验证合法性。如果是BadSignature异常,则抛出自定义的AuthFailed raise AuthFailed(msg='token is invalid', error_code=1002) except SignatureExpired: #验证是否过期 raise AuthFailed(msg='token is expired', error_code=1003) uid = data['uid'] ac_type = data['type'] scope = data['scope'] allow = is_in_scope(scope, request.endpoint) #endpoint表示要访问的视图函数,类似于url_for if not allow: raise Forbidden() return User(uid, ac_type, scope)
def verify_auth_token(token): s = Serializer(current_app.config['SECRET_KEY']) try: data = s.loads(token) except BadSignature: raise AuthFailed(msg='Token不合法', error_code=4011) except SignatureExpired: raise AuthFailed(msg='Token过期', error_code=4012) uid = data['uid'] ac_type = data['ac_type'] scope = data['scope'] allow = is_in_scope(scope, request.endpoint) if not allow: raise Forbidden() return UserInSession(uid, ac_type, scope, False)
def verify_auth_token(token): s = Serializer(current_app.config['SECRET_KEY']) try: data = s.loads(token) except BadSignature: raise AuthFailed(msg='token is invalid', error_code=1002) except SignatureExpired: raise AuthFailed(msg='token is expired', error_code=1003) uid = data['uid'] ac_type = data['type'] scope = data['scope'] # 可以获取要访问的视图函数 allow = is_in_scope(scope, request.endpoint) if not allow: raise ForbiddenException() return User(uid, ac_type, scope)
def verify_auth_token(token): s = Serializer(current_app.config["SECRET_KEY"]) try: data = s.loads(token) except BadSignature: raise AuthFailed(msg="token is invalid", error_code=1002) except SignatureExpired: raise AuthFailed(msg="token is expired", error_code=1003) uid = data.get("uid") ac_type = data.get("type") scope = data.get("scope") allow = is_in_scope(scope) if not allow: raise Forbidden() return User(uid, ac_type, scope)
def verify_auth_token(token): s = Serializer(current_app.config['SECRET_KEY']) try: data = s.loads(token) except BadSignature: raise AuthFailed(msg='非法token', error_code=1002) except SignatureExpired: raise AuthFailed(msg='token过期', error_code=1003) uid = data['uid'] ac_type = data['type'] scope = data['scope'] # request 访问的接口在这里也能确定 allow = is_in_scope(scope, request.endpoint) if not allow: raise Forbidden() # request.endpoint返回当前请求要访问的视图函数 return User(uid, ac_type, scope)
def verify_auth_token(token): s = Serializer(current_app.config['SECRET_KEY']) try: data = s.loads(token) # data {id:'',type:''} except BadSignature: raise AuthFailed(msg='token is invalid') except SignatureExpired: raise AuthFailed(msg='token is expired') uid = data['uid'] ac_type = data['type'] scope = data['scope'] # 调用 is_in_scope 函数判断能否访问对应视图函数 allowed = is_in_scope(scope, request.endpoint) if not allowed: raise Forbidden() return User(uid, ac_type, scope)
def verigy_auth_token(token): s = Serializer(current_app.config['SECRET_KEY']) try: data = s.loads(token) except BadSignature: # 无效token raise AuthFailedException(msg='无效token') except SignatureExpired: # token已失效 raise AuthFailedException(msg='token已失效') uid = data['uid'] ac_type = data['type'] scope = data['scope'] # 可以得到对应的scope和用户请求的接口: 通过配置libs/scope.py进行判断 allow = is_in_scope(scope, request.endpoint) if not allow: raise ForbiddenException() return User(uid, ac_type, scope)
def verify_auth_token(token): """验证token""" serializer = Serializer(current_app.config['SECRET_KEY']) try: data = serializer.loads(token) except BadSignature: raise AuthFailed(msg='token is invalid', error_code=1002) except SignatureExpired: raise AuthFailed(msg='token is expired', error_code=1003) uid = data['uid'] ac_type = data['type'] scope = data['scope'] # request 可以确认视图函数 if not is_in_scope(scope, request.endpoint): raise Forbidden() return User(uid, ac_type, scope)
def verify_auth_token(token): # 验证token是否合法 s = Serializer(current_app.config['SECRET_KEY']) try: # 载入token data = s.loads(token) except BadSignature: raise AuthFailed(msg='token is invalid', error_code=1002) except SignatureExpired: raise AuthFailed(msg='token was expired', error_code=1003) uid = data['uid'] ac_type = data['type'] scope = data['scope'] # 如果用户的权限不够则吗,返回认证失败 allow = is_in_scope(scope, request.endpoint) if not allow: raise Forbidden() # 返回结果以对象式的形式返回 return User(uid, ac_type, scope)
def verify_auth_token(token): # header: # key=Authorization # value=basic base64(username:password) s = Serializer(current_app.config['SECRET_KEY']) try: data = s.loads(token) except BadSignature: raise AuthFailed(msg='token is invalid', error_code=1002) except SignatureExpired: raise AuthFailed(msg='token is expired', error_code=1003) uid = data['uid'] ac_type = data['type'] scope = data['scope'] # request 视图函数 allow = is_in_scope(scope, request.endpoint) if not allow: raise Forbidden() return User(uid, ac_type, scope)
def verify_auth_token(token): s = Serializer(current_app.config['SECRET_KEY']) try: data = s.loads(token) # 解密 token # token不合法抛出的异常 except BadSignature: raise AuthFailed(msg='token is valid', erro_code=1002) # token过期抛出的异常 except SignatureExpired: raise AuthFailed(msg='token is expired', erro_code=1003) uid = data['uid'] ac_type = data['type'] # 生成令牌的时候写入了 uid ac_type scope = data['scope'] # 也可在这拿到当前request的视图函数 allow = is_in_scope( scope, request.endpoint) # request.endpoint 拿到当前视图函数的endpoint if not allow: raise Forbidden() return User(uid, ac_type, scope) # 定义对象式 接口返回回去 ,scope 先返回为空字符串
def verify_auth_token(token): """ 验证token信息和所拥有的权限 :param token: :return: """ s = Serializer(current_app.config['SECRET_KEY']) try: data = s.loads(token) except BadSignature: raise AuthFailed(message="无效的Token", error_code=10008) except SignatureExpired: raise AuthFailed(message="Token已过期", error_code=10002) uid = data['uid'] ac_type = data['type'] scope = data['scope'] allow = is_in_scope(scope, request.endpoint) if not allow: raise Forbidden() return User(uid, ac_type, scope)
def verify_auth_token(token): s = Serializer(current_app["SECRET_KEY"]) try: data = s.loads(token) except BadSignature: raise AuthFailed(msg="token is invalid", error_code=1002) except SignatureExpired: raise AuthFailed(msg="token is expired", error_code=1003) uid = data["uid"] ac_type = data["type"] scope = data["is_admin"] allow = is_in_scope(scope, request.endpoint) if not allow: raise Forbidden() return User(uid, ac_type, scope)
def verify_auth_token(token): # 实例化序列化器 s = Serializer(current_app.config['SECRET_KEY']) try: # 解密 data = s.loads(token) # 是否合法,捕捉特定异常 except BadSignature: raise AuthFailed(msg='token is invalid', error_code=1002) # 是否过期,捕捉特定异常 except SignatureExpired: raise AuthFailed(msg='token is expired', error_code=1003) # 读取数据,字典形式 uid = data['uid'] ac_type = data['type'] scope = data['scope'] # request 视图函数.判断对应的权限和视图函数 allow = is_in_scope(scope, request.endpoint) if not allow: raise Forbidden() # 返回信息,实例化,优势? return User(uid, ac_type, scope)
def verify_auth_token(token): """ 解密Token 若未抛出异常,则解密成功,校验通过 若抛出BadSignature异常,则说明Token不合法 :param token: :return: """ s = Serializer(current_app.config['SECRET_KEY']) try: data = s.loads(token) # 解密Token except BadSignature: raise AuthFailed(msg='token is invalid', error_code=1002) except SignatureExpired: raise AuthFailed(msg='token is expired', error_code=1003) uid = data['uid'] ac_type = data['type'] scope = data['scope'] allow = is_in_scope(scope, request.endpoint) if not allow: raise Forbidden() return User(uid, ac_type, scope)
def check_access(scope: 'str'): # 检测访问权限,是否越级访问 allow = is_in_scope(scope, request.endpoint) if not allow: raise Forbidden()