session權限限制

當flask基於session限制用戶訪問頁面時，有三種實現方式；固然，咱們從最low的版本開始：

from datetime import timedelta
class Config(object):
    DEBUG = False
    TESTING = False
    SECRET_KEY = "asdfasdfas23"
    DATABASE_URI = 'sqlite://:memory:'

    SESSION_COOKIE_NAME = 'session'
    SESSION_COOKIE_DOMAIN = None
    SESSION_COOKIE_PATH = None
    SESSION_COOKIE_HTTPONLY = True
    SESSION_COOKIE_SECURE = False
    SESSION_REFRESH_EACH_REQUEST = True
    PERMANENT_SESSION_LIFETIME = timedelta(hours=1)


class ProductionConfig(Config):
    DATABASE_URI = 'mysql://user@localhost/foo'


class DevelopmentConfig(Config):
    DEBUG = True


class TestingConfig(Config):
    TESTING = True

settings配置文件

from flask import Flask,render_template,request,redirect,session,url_for,jsonify,make_response

app = Flask(__name__)

app.config.from_object("settings.DevelopmentConfig")

# app.secret_key = 'xxxxxxxx'

STUDENT_DICT = {
    1:{'name':'王龍泰','age':38,'gender':'中'},
    2:{'name':'小東北','age':73,'gender':'男'},
    3:{'name':'田碩','age':84,'gender':'男'},
}

@app.route('/login',methods=["GET","POST"])
def login():
    if request.method == 'GET':
        return render_template('login.html')
    user = request.form.get('user')
    pwd = request.form.get('pwd')
    if user == 'test' and pwd == '666':
        session['user'] = user
        return redirect('/index')
    return render_template('login.html',error='用戶名或密碼錯誤')

@app.route('/index')
def index():
     user = session.get('user')
     if not user:
          return redirect('/login')
    return render_template('index.html',stu_dic=STUDENT_DICT)

@app.route('/delete/<int:nid>')
def delete(nid):
    user = session.get('user')
    if not user:
        return redirect('/login')
    del STUDENT_DICT[nid]
    return redirect(url_for('index'))

@app.route('/detail/<int:nid>')
def detail(nid):
    user = session.get('user')
    if not user:
        return redirect('/login')
    info = STUDENT_DICT[nid]
    return render_template('detail.html',info=info)


if __name__ == '__main__':
    app.run()    

View Code

使用裝飾器版本：

from flask import Flask,render_template,request,redirect,session,url_for,jsonify,make_response

app = Flask(__name__)

app.config.from_object("settings.DevelopmentConfig")

# app.secret_key = 'xxxxxxxx' 已在配置文件中設置，再也不在這裏進行加鹽

def func1(func):
    def inner(*args,**kwargs):
        user = session.get('user')
        if not user:
            return redirect('/login')
        ret = func(*args,**kwargs)
        return ret
    return inner

STUDENT_DICT = {
    1:{'name':'王龍泰','age':38,'gender':'中'},
    2:{'name':'小東北','age':73,'gender':'男'},
    3:{'name':'田碩','age':84,'gender':'男'},
}

@app.route('/login',methods=["GET","POST"])
def login():
    if request.method == 'GET':
        return render_template('login.html')
    user = request.form.get('user')
    pwd = request.form.get('pwd')
    if user == 'test' and pwd == '666':
        session['user'] = user
        return redirect('/index')
    return render_template('login.html',error='用戶名或密碼錯誤')

@app.route('/index')
func1
def index():
    return render_template('index.html',stu_dic=STUDENT_DICT)

@app.route('/delete/<int:nid>')
@func1
def delete(nid):
    del STUDENT_DICT[nid]
    return redirect(url_for('index'))

@app.route('/detail/<int:nid>')
@func1
def detail(nid):
    info = STUDENT_DICT[nid]
    return render_template('detail.html',info=info)


if __name__ == '__main__':
    app.run()

View Code

此時運行程序會出現以下錯誤：

AssertionError: View function mapping is overwriting an existing endpoint function: inner

出現此錯誤是由於視圖index、delete、detail都使用了裝飾器，此時這三個視圖函數都指向inner函數，致使此報錯。

解決方法以下：

import functools

def func1(func):
    @functools.wraps(func)
    def inner(*args,**kwargs):
        user = session.get('user')
        if not user:
            return redirect('/login')
        ret = func(*args,**kwargs)
        return ret
    return inner

版本3:

@app.before_request
def xzxx():
    if request.path == '/login':
        return None
    if session.get('user'):
        return None
    return redirect('/login')

 補充：關於多個函數使用裝飾器時指向inner函數示例：

def auth(func):
    def inner(*args,**kwargs):
        ret = func(*args,**kwargs)
        return ret
    return inner

@auth
def index():
    print('index')

@auth
def detail():
    print('detail')

print(index.__name__)
print(detail.__name__)

__name__都指向inner

import functools

def auth(func):
    @functools.wraps(func)
    def inner(*args,**kwargs):
        ret = func(*args,**kwargs)
        return ret
    return inner

@auth
def index():
    print('index')

@auth
def detail():
    print('detail')

print(index.__name__)
print(detail.__name__)

__name__指向各自的函數名