예제 #1
0
        def before_request_func():
            '''
            请求前执行函数
            :return:
            '''
            request.c_method = request.method
            if request.path.startswith(api.url_prefix):
                # 只要是api请求都需要token验证

                auth_header = request.headers.get('OSR-RestToken')
                csrf_header = request.headers.get('X-CSRFToken')
                if csrf_header:
                    # 使用CSRF验证
                    csrf.protect()
                elif auth_header:
                    rest_token_auth.auth_rest_token()
                else:
                    response = current_app.make_response(
                        gettext('Token is miss, unconventional web browsing requests please provide "OSR-RestToken",'
                                ' otherwise provide "X-CSRFToken"'))

                    raise OsrTokenError(response.get_data(as_text=True), response=response)

            request.argget = Request()

            '''
            兼容前端某些js框架或浏览器不能使用DELETE, PUT, PATCH等请求时,
            可以在参数中使用_method'
            '''
            if request.argget.all("_method"):
                request.c_method = request.argget.all("_method").upper()
            if not "site_global" in g:
                g.site_global = {}
                g.site_global["language"] = {"all_language": get_config('babel', 'LANGUAGES'),
                                             "current": self.get_current_lang()}
예제 #2
0
        def before_request_func():
            """
            请求前执行函数
            :return:
            """
            request.c_method = request.method
            if app.config["CLIENT_TOKEN_AUTH_ENABLED"] and \
                    request.path.startswith(api.url_prefix):
                # 如果已开启客户端验证CLIENT_TOKEN_AUTH_ENABLED,
                # 那只要是api请求都需要token验证
                auth_header = request.headers.get('OSR-RestToken')
                csrf_header = request.headers.get('X-CSRFToken')
                if csrf_header:
                    g.site_global["language"]["current"] = session.get(
                        "language",
                        request.accept_languages.best_match(
                            list(get_config('babel', 'LANGUAGES').keys())
                        )
                    )
                    # 使用CSRF验证
                    csrf.protect()
                else:
                    if not rest_token_auth.is_exempt():
                        # 没有免除验证, 使用安全Rest Token验证
                        if auth_header:
                            rest_token_auth.auth_rest_token()
                        else:
                            response = current_app.make_response(
                                gettext(
                                    'Token is miss, unconventional web browsing requests please provide "OSR-RestToken",'
                                    ' otherwise provide "X-CSRFToken"'))

                            raise OsrTokenError(
                                response.get_data(as_text=True), response=response)

            request.argget = Request()

            """
            兼容前端某些js框架或浏览器不能使用DELETE, PUT, PATCH等请求时,
            可以在参数中使用_method'
            """
            if request.argget.all("_method"):
                request.c_method = request.argget.all("_method").upper()
            if "site_global" not in g:
                g.site_global = {
                    "language": {
                        "all_language": get_config('babel', 'LANGUAGES'),
                        "current": self.get_current_lang()
                    }
                }
            get_conf = GetConfig()
            g.get_config = get_conf.get_config