今天給你們獻上登陸註冊接口開發,是基於token驗證的。我們閒言少敘,進入正題!數據庫
首先看一下數據庫模型:json
#pip install passlib from passlib.apps import custom_app_context as pwd_context class Shop_list(db.Model): __tablename__ = 'shop_list' userName = db.Column(db.BigInteger,primary_key = True) #手機號 passWord = db.Column(db.Text,nullable=False) def hash_password(self, password): #給密碼加密方法 self.passWord = pwd_context.encrypt(password) def verify_password(self, password): #驗證密碼方法 return pwd_context.verify(password, self.passWord)
結構很是簡單,給你們作個demo,下面的兩個方法是加密和驗證密碼的,記住就行api
接下來看一下注冊接口:session
@app.route('/api/v1/admin/register',methods=['POST']) def register(): username = request.form.get('username') password = request.form.get('password') save = Shop_list(userName=username) save.hash_password(password) #調用密碼加密方法 db.session.add(save) db.session.commit() return 'success'
這個也沒啥可解釋的,先介紹數據在保存就完事了app
接下來是登陸接口函數
@app.route('/api/v1/admin/login',methods=['POST']) def login(): username = request.form.get('username') password = request.form.get('password') obj = Shop_list.query.filter_by(userName=username).first() if not obj: return res_json(201,'','未找到該用戶') if obj.verify_password(password): token = generate_token(username) return res_json(200,{'token':token},'登陸成功') else: return res_json(201,'','密碼錯誤')
解釋:res_json是我封裝的返回json數據的函數 ,generate_token是生成token的函數加密
重頭戲:token的生成與驗證方法url
import time import base64 import hmac #生成token 入參:用戶id def generate_token(key, expire=3600): ts_str = str(time.time() + expire) ts_byte = ts_str.encode("utf-8") sha1_tshexstr = hmac.new(key.encode("utf-8"),ts_byte,'sha1').hexdigest() token = ts_str+':'+sha1_tshexstr b64_token = base64.urlsafe_b64encode(token.encode("utf-8")) return b64_token.decode("utf-8") #驗證token 入參:用戶id 和 token def certify_token(key, token): token_str = base64.urlsafe_b64decode(token).decode('utf-8') token_list = token_str.split(':') if len(token_list) != 2: return False ts_str = token_list[0] if float(ts_str) < time.time(): # token expired return False known_sha1_tsstr = token_list[1] sha1 = hmac.new(key.encode("utf-8"),ts_str.encode('utf-8'),'sha1') calc_sha1_tsstr = sha1.hexdigest() if calc_sha1_tsstr != known_sha1_tsstr: # token certification failed return False # token certification success return True
就是這麼簡單,你學會了嗎?code