今天給大家獻(xiàn)上登錄注冊接口開發(fā)��,是基于token驗(yàn)證的���。咱們閑言少敘�,進(jìn)入正題��!
首先看一下數(shù)據(jù)庫模型:
#pip install passlib
from passlib.apps import custom_app_context as pwd_context
class Shop_list(db.Model):
__tablename__ = "shop_list"
userName = db.Column(db.BigInteger,primary_key = True) #手機(jī)號(hào)
passWord = db.Column(db.Text,nullable=False)
def hash_password(self, password): #給密碼加密方法
self.passWord = pwd_context.encrypt(password)
def verify_password(self, password): #驗(yàn)證密碼方法
return pwd_context.verify(password, self.passWord)
?結(jié)構(gòu)非常簡單,給大家做個(gè)demo����,下面的兩個(gè)方法是加密和驗(yàn)證密碼的,記住就行
接下來看一下注冊接口:
@app.route("/api/v1/admin/register",methods=["POST"])
def register():
username = request.form.get("username")
password = request.form.get("password")
save = Shop_list(userName=username)
save.hash_password(password) #調(diào)用密碼加密方法
db.session.add(save)
db.session.commit()
return "success"
這個(gè)也沒啥可解釋的��,先介紹數(shù)據(jù)在保存就完事了
?接下來是登錄接口
@app.route("/api/v1/admin/login",methods=["POST"])
def login():
username = request.form.get("username")
password = request.form.get("password")
obj = Shop_list.query.filter_by(userName=username).first()
if not obj:
return res_json(201,"","未找到該用戶")
if obj.verify_password(password):
token = generate_token(username)
return res_json(200,{"token":token},"登錄成功")
else:
return res_json(201,"","密碼錯(cuò)誤")
解釋:res_json是我封裝的返回json數(shù)據(jù)的函數(shù) ��,generate_token是生成token的函數(shù)
重頭戲:token的生成與驗(yàn)證方法
import time
import base64
import hmac
#生成token 入?yún)ⅲ河脩鬷d
def generate_token(key, expire=3600):
ts_str = str(time.time() + expire)
ts_byte = ts_str.encode("utf-8")
sha1_tshexstr = hmac.new(key.encode("utf-8"),ts_byte,"sha1").hexdigest()
token = ts_str+":"+sha1_tshexstr
b64_token = base64.urlsafe_b64encode(token.encode("utf-8"))
return b64_token.decode("utf-8")
#驗(yàn)證token 入?yún)ⅲ河脩鬷d 和 token
def certify_token(key, token):
token_str = base64.urlsafe_b64decode(token).decode("utf-8")
token_list = token_str.split(":")
if len(token_list) != 2:
return False
ts_str = token_list[0]
if float(ts_str) < time.time():
# token expired
return False
known_sha1_tsstr = token_list[1]
sha1 = hmac.new(key.encode("utf-8"),ts_str.encode("utf-8"),"sha1")
calc_sha1_tsstr = sha1.hexdigest()
if calc_sha1_tsstr != known_sha1_tsstr:
# token certification failed
return False
# token certification success
return True
就是這么簡單����,你學(xué)會(huì)了嗎?
文章版權(quán)歸作者所有�����,未經(jīng)允許請(qǐng)勿轉(zhuǎn)載,若此文章存在違規(guī)行為���,您可以聯(lián)系管理員刪除��。
轉(zhuǎn)載請(qǐng)注明本文地址:http://systransis.cn/yun/42706.html
