August 2018
Intermediate to advanced
230 pages
6h 42m
Chinese
Content preview from Flask Web开发:基于Python的Web应用开发实战(第2版)
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
158
|
第
14
章
现在,
API
蓝本中的所有路由都能自动验证身份。此外,
before_request 处理程序还会拒
绝已通过身份验证但还没有确认账户的用户。
14.2.4
基于令牌的身份验证
每次请求,客户端都要发送身份验证凭据。为了避免总是发送敏感信息(例如密码),我
们可以使用一种基于令牌的身份验证方案。
在基于令牌的身份验证方案中,客户端先发送一个包含登录凭据的请求,通过身份验证
后,得到一个访问令牌。这个令牌可以代替登录凭据对请求进行身份验证。出于安全考
虑,令牌有过期时间。令牌过期后,客户端必须重新发送登录凭据,获取新的令牌。令牌
短暂的使用期限,可以降低令牌落入他人之手所导致的安全隐患。为了生成和核查身份验
证令牌,我们要在 User 模型中定义两个新方法。这两个新方法用到了 itsdangerous 包,
如示例
14-9
所示。
示例
14-9
app/models.py
:支持基于令牌的身份验证
class User(db.Model):
# ...
def generate_auth_token(self, expiration):
s = Serializer(current_app.config['SECRET_KEY'],
expires_in=expiration)
return s.dumps({'id': self.id}).decode('utf-8')
@staticmethod
def verify_auth_token(token):
s = Serializer(current_app.config['SECRET_KEY']) ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.