新增token鉴权

2023-05-16 14:46:57 +08:00 · 2023-05-16 14:46:57 +08:00 · df82f59297
parent 6c2a9823af
commit df82f59297
2 changed files with 21 additions and 11 deletions
--- a/app/account_service.py
+++ b/app/account_service.py
@ -1,9 +1,11 @@
 from flask import *
+
 from Login import check_username_availability, verify_user, add_user, get_expiry_date, change_password, WarningMessage

 # 初始化蓝图
 accountService = Blueprint("accountService", __name__)

+
 ### Sign-up, login, logout ###
@accountService.route("/signup", methods=['GET', 'POST'])
 def signup():
@ -34,6 +36,7 @@ def signup():
                session['logged_in'] = True
                session[username] = username
                session['username'] = username
+                session['token'] = "70620F32A9DC965FCCF0447B674AA161"
                session['expiry_date'] = get_expiry_date(username)
                session['articleID'] = None
                return render_template('signup_success.html', username=username)
@ -68,6 +71,7 @@ def login():
            session['logged_in'] = True
            session[username] = username
            session['username'] = username
+            session['token'] = "70620F32A9DC965FCCF0447B674AA161"
            user_expiry_date = get_expiry_date(username)
            session['expiry_date'] = user_expiry_date
            session['existing_articles'] = None
@ -84,6 +88,7 @@ def logout():
    '''
    # 将session标记为登出状态
    session['logged_in'] = False
+    session["token"] = None
    return redirect(url_for('mainpage'))


--- a/app/api_bp.py
+++ b/app/api_bp.py
@ -1,6 +1,6 @@
 import json

-from flask import Blueprint
+from flask import Blueprint, session

 import pickle_idea2

@ -24,7 +24,9 @@ def helper(res, result):

@api_blue.route('/json/<username>', methods=['GET'])
 def api_bp(username):
-    # 获取session里的用户名
+    # 获取session里的用户名,必须携带token
+    token = session.get("token")
+    if token == "70620F32A9DC965FCCF0447B674AA161":
        result = []
        user_freq_record = path_prefix + 'static/frequency/' + 'frequency_%s.pickle' % (username)
        s = pickle_idea2.load_record(user_freq_record)
@ -36,3 +38,6 @@ def api_bp(username):
            results[word] = len(s[word])

        return results
+
+    else:
+        print("无效的token")