带有烧杯会话中间件的瓶钩，并检查登录名 [英] bottle hooks with beaker session middleware and checking logins

问题描述

我正在用烧杯会话中间件编写一个瓶子应用程序。

I'm writing a bottle application with beaker session middleware.

我的代码是这样的：

@bottle.route('/')
def slash():

  try:
    beaker_session = request.environ['beaker.session']
  except:
    #redirect('/login')
    abort(401, "Failed beaker_session in slash")

  try:
    name = beaker_session['name']
  except:
    redirect('/login')

用于每个路由请求（/ login除外）。我知道有一个可以在请求之前执行操作的吊钩系统，但是我不确定如何最好地使用它来检查是否有人登录。

for each route request except /login. I know there is a bottle hook system to do things before requests, but I'm not sure how best to use it to check if someone is logged in or not.

我对使用Bottle的python webapp相当陌生。并不是很多人将它与烧杯会话中间件一起使用，所以我没有很多例子。

I'm fairly new to python webapps using bottle. Not to many people are using it with beaker session middleware so I don't have a lot of examples to go by.

感谢您的帮助或指导！

PS。整个代码都在此仓库中： https://github.com/curtisgithub /labinski/blob/master/labinski.py

PS. The entire code for this is in this repo: https://github.com/curtisgithub/labinski/blob/master/labinski.py

推荐答案

我知道瓶钩系统可以在请求之前执行操作，但是我不确定如何最好地使用它来检查是否有人登录。

I know there is a bottle hook system to do things before requests, but I'm not sure how best to use it to check if someone is logged in or not.

您可以使用 before_request 钩子在每个请求之前运行代码，但是只有在您希望所有访问权限时，此处的身份验证才有意义被认证。您可以执行以下操作：

You can use the before_request hook to run code prior to each request, but checking authentication here only makes sense if you expect all access to be authenticated. You could do something like this:

@bottle.hook('before_request')
def setup_request():
    try:
        beaker_session = request.environ['beaker.session']
    except:
        #redirect('/login')
        abort(401, "Failed beaker_session in slash")

    try:
        name = beaker_session['name']
    except:
        redirect('/login')

...但如果没有一些额外的代码，当有人实际请求 /时，这将导致重定向循环登录。因此，您可以将其添加到钩子中，例如：

...but without some extra code this is going to result in a redirect loop when someone actually requests /login. So you can add this to the hook, maybe:

if request.urlparts.path == '/login':
    continue

另一种解决方案是使用Python装饰器实现类似的功能，该功能可让您控制对一种基于方法的方法。例如，您可以这样说：

Another solution is to implement similar functionality using a Python decorator, which lets you control access on a method-by-method basis. For example, you could say something like:

@route('/')
@authenticated
def index():
    return 'This is /.'

@route('/login')
def login():
    return 'This is login.'

然后您的身份验证的装饰器将看起来非常像钩子：

And then your authenticated decorator would look very much like the hook:

def authenticated(func):
    def wrapped(*args, **kwargs):
        try:
            beaker_session = request.environ['beaker.session']
        except:
            abort(401, "Failed beaker_session in slash")

        try:
            name = beaker_session['name']
            return func(*args, **kwargs)
        except:
            redirect('/login')

    return wrapped

这篇关于带有烧杯会话中间件的瓶钩，并检查登录名的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！