默认的login_required，而不是添加装饰到处 [英] Default login_required rather than adding decorator everywhere

问题描述

我使用Flask-HTTPAuth来处理我的应用程序中的身份验证。我有很多意见，我不想为每一个添加 login_required 。如何在默认情况下进行登录？

I'm using Flask-HTTPAuth to handle authentication in my app. I have a lot of views, and I don't want to add login_required to every one of them. How can I make login required by default?

from flask.ext.httpauth import HTTPBasicAuth
auth = HTTPBasicAuth()

@auth.verify_password
def verify_password(username, password):
    return username == '111' and password == '222'

@app.route('/')
@app.route('/home/')
@auth.login_required
def index():
    return 'Hello'

@app.route('/route2/')
def route2():
    return 'route2'

app.secret_key = 'A0Zr98j/3yX R~XHH!jmN]LWX/,?RT'

推荐答案

<你可以添加一个 before_request 函数来默认登录，并为少数几条路由创建一个简单的 login_exempt 装饰器不要求它。

You can add a before_request function to require login by default, and create a simple login_exempt decorator for the few routes that don't require it.

确保免除静态文件，否​​则将不会加载未经身份验证的用户。

Make sure to exempt static files, otherwise they won't load for unauthenticated users.

Flask-HTTPAuth的 login_required 不是h一个方法来从视图装饰器中分离需求逻辑，你需要经过一个小舞蹈需要auth而不运行视图。

Flask-HTTPAuth's login_required doesn't have a way to separate the require logic from the view decorator, you need to go through a little dance to require auth without running a view.

def login_exempt(f):
    f.login_exempt = True
    return f

# a dummy callable to execute the login_required logic
login_required_dummy_view = auth.login_required(lambda: None)

@app.before_request
def default_login_required():
    # exclude 404 errors and static routes
    # uses split to handle blueprint static routes as well
    if not request.endpoint or request.endpoint.rsplit('.', 1)[-1] == 'static':
        return

     view = current_app.view_functions[request.endpoint]

     if getattr(view, 'login_exempt', False):
         return

     return login_required_dummy_view()

# for example, the login page shouldn't require login
@app.route('/login', methods=['GET', 'POST'])
@login_exempt
def login():
    pass

这篇关于默认的login_required，而不是添加装饰到处的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！