Python / Flask - 使用flask_restless和flask_httpauth [英] Python / Flask - Using flask_restless with flask_httpauth
问题描述
在我的应用程序中,我使用Flask和 flask_restless
' APIManager
来为我的 Person
对象提供CRUD API。
代码示例:
manager = APIManager(app,flask_sqlalchemy_db = db)
manager.create_api (Person,methods = ['GET','POST','PATCH','DELETE'])
<
使用 flask_httpauth
来保护我的其他路线。 > @ app.route('/ auth / get-token')
@ auth.login_required
get get_auth_token():
token = g.user.generate_auth_token()
return jsonify({'token':token.decode('ascii'),'fullname':g.user.fullname})
我找不到如何使用 @ auth.login_required
与 apimanager
它回应匿名的请求,我在文件中读到有些预处理器,但也找不到与 @ auth.login_required
装饰器一起使用它的方法。
任何帮助将不胜感激。
不幸的是,Flask-Restless目前不支持将视图装饰器附加到路由它管理。有一个公开问题添加此功能,也有另一个问题,特别要求支持Flask-HTTPAuth。
还有一个第三期,其中用户展示了在Flask-Restless创建其端点之后手动注入装饰器的技术。
该用户示例的代码片段添加了一个 get_cache
> manager = flask.ext.restless.APIManager(app,flask_sqlalchemy_db = db)
manager.create_api(Person,methods = ['GET','POST','DELETE'])
manager.create_api (Person2,methods = ['GET','POST','DELETE'])
#hackish view decoration:
[Person,Person2]中的模型:
model_route ='{0} api0。{0} api'.format(model .__ name __。lower())
app.view_functions [model_route] = get_cache(app.view_functions [model_route])
在你的情况下,你可以用替换
。 get_cache
auth.login_required
更新:如下面的评论中所讨论的,在 {0} api0中的参数。 {0} api'
是表名,所以上面的代码只有在为Flask-SQLAlchemy生成表名的情况下才能工作。如果模型有一个自定义的表名,那么使用它来代替 model .__ name __。lower()
。
my objective in this question is to secure my API.
in my application, I'm using Flask and flask_restless
's APIManager
to provide CRUD API to my Person
object.
code sample:
manager = APIManager(app, flask_sqlalchemy_db=db)
manager.create_api(Person, methods=['GET', 'POST', 'PATCH', 'DELETE'])
and also using flask_httpauth
to protect my other routes like this:
@app.route('/auth/get-token')
@auth.login_required
def get_auth_token():
token = g.user.generate_auth_token()
return jsonify({'token': token.decode('ascii'), 'fullname': g.user.fullname})
I could not figure out how to use @auth.login_required
with the apimanager
to not make it respond to anonymous requests, I read in the documentation something about preprocessors but also couldn't find a way to use it with @auth.login_required
decorator.
any help will be appreciated.
Unfortunately, it looks like Flask-Restless currently does not officially support attaching view decorators to the routes it manages. There is an open issue to add this feature, and there is also another issue specifically requesting support for Flask-HTTPAuth.
There is yet a third issue, in which a user shows the technique to manually inject the decorators after Flask-Restless created its endpoints. The snippet from that user's example that adds a get_cache
decorator is below:
manager = flask.ext.restless.APIManager(app, flask_sqlalchemy_db=db)
manager.create_api(Person, methods=['GET', 'POST', 'DELETE'])
manager.create_api(Person2, methods=['GET', 'POST', 'DELETE'])
# hackish view decoration:
for model in [Person, Person2]:
model_route = '{0}api0.{0}api'.format(model.__name__.lower())
app.view_functions[model_route] = get_cache(app.view_functions[model_route])
In your case, you would replace get_cache
with auth.login_required
.
Update: As discussed below in the comments, the argument in '{0}api0.{0}api'
is the table name, so the above code will only work if table names are left for Flask-SQLAlchemy to generate. If the model has a custom table name, then use that instead of model.__name__.lower()
.
这篇关于Python / Flask - 使用flask_restless和flask_httpauth的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!