版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
在前后端分离的趋势下,csrf防护变得越来越困难, 而jwt认证机制正好能避开这个问题。
1,实例化
from flask_jwt import JWT
jwt = JWT()
2,设置必要参数
JWT_SECRET_KEY=xxx
3,实现jwt最基本功能,authenticate 、identity,通过钩子实现
def configure_jwt(jwt):
"""
configure handlers to flask_jwt
"""
@jwt.authentication_handler
def authenticate(account, password):
"""
实现账号的验证逻辑,并返回自定义数据,该数据会在下面identity函数中通过payload['identity']
取到
"""
pass
@jwt.identity_handler
def identity(payload):
"""
接受一个 payload 对象作为参数,并返回根据payload['identity']的值查找对应的信息。返回
的数据, current_identity(from jwt import current_identiy)会用到
"""
pass
4,初始化
from flask import Flask
app = Flask(__name__)
config_jwt(jwt)
jwt.init_app(app)
5,使用
from flask_jwt import jwt_required, current_identity
api.route('api/v1/test', methods=['POST'])
@jwt_required
def api():
role = current_identity.role
pass
6, 其他可自定义功能
def _jwt_error_callback(self, error):
return self.jwt_error_callback(error)
def authentication_handler(self, callback):
"""Specifies the identity handler function. This function receives two positional
arguments. The first being the username the second being the password. It should return an
object representing an authenticated identity. Example::
@jwt.authentication_handler
def authenticate(username, password):
user = User.query.filter(User.username == username).scalar()
if bcrypt.check_password_hash(user.password, password):
return user
:param callback: the identity handler function
"""
self.authentication_callback = callback
return callback
def identity_handler(self, callback):
"""Specifies the identity handler function. This function receives one positional argument
being the JWT payload. For example::
@jwt.identity_handler
def identify(payload):
return User.query.filter(User.id == payload['identity']).scalar()
:param callback: the identity handler function
"""
self.identity_callback = callback
return callback
def jwt_error_handler(self, callback):
"""Specifies the error handler function. Example::
@jwt.error_handler
def error_handler(e):
return "Something bad happened", 400
:param callback: the error handler function
"""
self.jwt_error_callback = callback
return callback
def auth_response_handler(self, callback):
"""Specifies the authentication response handler function.
:param callable callback: the auth response handler function
"""
self.auth_response_callback = callback
return callback
def auth_request_handler(self, callback):
"""Specifies the authentication response handler function.
:param callable callback: the auth request handler function
.. deprecated
"""
warnings.warn("This handler is deprecated. The recommended approach to have control over "
"the authentication resource is to disable the built-in resource by "
"setting JWT_AUTH_URL_RULE=None and registering your own authentication "
"resource directly on your application.", DeprecationWarning, stacklevel=2)
self.auth_request_callback = callback
return callback
def request_handler(self, callback):
"""Specifieds the request handler function. This function returns a JWT from the current
request.
:param callable callback: the request handler function
"""
self.request_callback = callback
return callback
def jwt_encode_handler(self, callback):
"""Specifies the encoding handler function. This function receives a payload and signs it.
:param callable callback: the encoding handler function
"""
self.jwt_encode_callback = callback
return callback
def jwt_decode_handler(self, callback):
"""Specifies the decoding handler function. This function receives a
signed payload and decodes it.
:param callable callback: the decoding handler function
"""
self.jwt_decode_callback = callback
return callback
def jwt_payload_handler(self, callback):
"""Specifies the JWT payload handler function. This function receives the return value from
the ``identity_handler`` function
Example::
@jwt.payload_handler
def make_payload(identity):
return {'user_id': identity.id}
:param callable callback: the payload handler function
"""
self.jwt_payload_callback = callback
return callback
def jwt_headers_handler(self, callback):
"""Specifies the JWT header handler function. This function receives the return value from
the ``identity_handler`` function.
Example::
@jwt.payload_handler
def make_payload(identity):
return {'user_id': identity.id}
:param callable callback: the payload handler function
"""
self.jwt_headers_callback = callback
return callback
注: 该package 2015年最后更新,作者建议如果要用新的package 可以用flask-jwt-simple 和flask-jwt-extend