如何将基本身份验证添加到Amazon Elastic Beanstalk上托管的Python REST API? [英] How to add Basic Auth to Python REST API hosted on Amazon Elastic Beanstalk?
问题描述
我使用Python烧瓶开发了一个HTTP REST API,该烧瓶托管在Amazon Elastic Beanstalk(平台:Python 3.4)上.为了保护API,我想向其添加基本身份验证.
I develop a HTTP REST API using Python flask, which is hosted on Amazon Elastic Beanstalk (platform: Python 3.4). To secure the API I want to add Basic Authentication to it.
第一种方法是直接在Python应用程序中添加基本身份验证(如此处所述).这需要通过在.ebextensions目录中添加.conf文件来启用身份验证转发:
First approach is to add the Basic Auth directly in the Python application (as described here). This requires to enable auth forwarding by adding a .conf file in the .ebextensions directory:
container_commands:
01_wsgipass:
command: 'echo "WSGIPassAuthorization On" >> ../wsgi.conf'
第二种方法是通过在.ebextensions目录中添加.config文件来配置Elastic Beanstalk容器.我从此处获得了以下配置.但是,这对我不起作用.
Second approach is to configure the Elastic Beanstalk container by adding a .config file in the .ebextensions directory. The following configuration I have from here. However this is not working for me.
files:
"/etc/httpd/conf.d/allow_override.conf":
mode: "000644"
owner: ec2-user
group: ec2-user
encoding: plain
content: |
<Directory /opt/python/current/app/>
AllowOverride AuthConfig
</Directory>
"/etc/httpd/conf.d/auth.conf":
mode: "000644"
owner: ec2-user
group: ec2-user
encoding: plain
content: |
<Directory /opt/python/current/app/>
AuthType Basic
AuthName "My Application"
AuthUserFile /etc/httpd/.htpasswd
Require valid-user
</Directory>
"/etc/httpd/.htpasswd":
mode: "000644"
owner: ec2-user
group: ec2-user
encoding: plain
content: |
appuser:pw1234
将基本身份验证添加到Python API的最佳方法是什么(在以后可能还会添加SSL的情况下).如果是第二种方法,为什么.conf文件不起作用.
What is the best approach to add Basic Auth to the Python API (under the condition that SSL may be added later on too) If the second one, why is the .conf file not working.
推荐答案
有几种方法可以解决.
Flask有一个HTTP基本身份验证的示例. http://flask.pocoo.org/snippets/8/
Flask has an example of HTTP basic auth. http://flask.pocoo.org/snippets/8/
from functools import wraps
from flask import request, Response
from sqlalchemy import create_engine # database connection for users table
from sqlalchemy.orm import sessionmaker
engine = create_engine('postgresql://username:password@localhost/dbname')
Session = sessionmaker(bind=some_engine)
session = Session()
def check_auth(username, password):
# query users table (probably want to hash the password or something)
return session.query(Users).filter_by(username=username, password=password).first() is not None
def authenticate():
"""Sends a 401 response that enables basic auth"""
return Response(
'Could not verify your access level for that URL.\n'
'You have to login with proper credentials', 401,
{'WWW-Authenticate': 'Basic realm="Login Required"'})
def requires_auth(f):
@wraps(f)
def decorated(*args, **kwargs):
auth = request.authorization # checks authorization headers -> Authorization: username="me" password="12345"
if not auth or not check_auth(auth.username, auth.password):
return authenticate()
return f(*args, **kwargs)
return decorated
这允许您在任何功能(可能只是端点)上使用@requires_auth装饰器,它将检查从客户端发送的授权标头.您不必使用sqlalchemy,但是Flask经常使用它.
This allows you to use @requires_auth decorator on any functions (probably just endpoints) and it will check the authorization header sent from the client. You don't have to use sqlalchemy but it's very frequently used with Flask.
或者... Auth0具有通过它们进行身份验证的方式.我不为他们工作,也不是为他们做广告;我过去只用过它,效果很好.
Or... Auth0 has their way of authenticating through them. I don't work for them and am not trying to advertise for them; I have just used it in the past and it worked well.
https://auth0.com/docs/server-apis/python
祝你好运!
这篇关于如何将基本身份验证添加到Amazon Elastic Beanstalk上托管的Python REST API?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
