如何在 Flask 中重定向用户/请求
在 API 处理程序函数中抛出错误会将您的用户重定向到可以处理重定向的错误处理程序。或者,您可以redirect
像其他人所说的那样打电话,但这是重定向未授权用户的另一种方式。为了说明我的意思,我在下面提供了一个示例。
在用户应该被授权的情况下
首先让我们假设您有一条受保护的路线,您像这样保护它。
def handle_api_auth(func):
"""
**handle_api_auth**
wrapper to handle public api calls authentications
:param func: a function to be wrapped
:return: wrapped function
"""
@functools.wraps(func)
def auth_wrapper(*args, **kwargs):
api_key: Optional[str] = request.headers.get('x-api-key')
secret_token: Optional[str] = request.headers.get('x-secret-token')
domain: Optional[str] = request.base_url
if is_request_valid(api_key=api_key, secret=secret_token, domain=domain):
return func(*args, **kwargs)
# NOTE: throwing an Error Here will redirect your user to an error handler or alteratively you can just call redirect like everyone else is saying, but this is another way of redirecting unathorized users
message: str = "request not authorized"
raise UnAuthenticatedError(status=error_codes.un_auth_error_code, description=message)
return auth_wrapper
is_request_valid的定义如下
@app_cache.cache.memoize(timeout=15 * 60, cache_none=False) # timeout equals fifteen minutes // 900 seconds
def is_request_valid(api_key: str, secret: str, domain: str) -> bool:
"""
**is_api_key_valid**
validates api keys on behalf of client api calls
:param api_key: str -> api_key to check
:param secret: str -> secret token
:param domain: str -> domain registered for the api_key and secret_token
:return: bool -> True if api_key is valid
"""
organization_id: str = config_instance.ORGANIZATION_ID
# NOTE: lets assumy api_keys_view.get_api_key will return the api keys from some database somewhere
response = api_keys_view.get_api_key(api_key=api_key, organization_id=organization_id)
response_data, status_code = response
response_dict = response_data.get_json()
if not response_dict.get('status'):
return False
api_instance: dict = response_dict.get('payload')
if not isinstance(api_instance, dict):
return False
domain: str = domain.lower().strip()
# NOTE accessing the keys this way will throw ValueError if keys are not available which is what we want
# Any Error which gets thrown Ridirects the Users from the path the user is on to an error handler.
is_secret_valid: bool = hmac.compare_digest(api_instance['secret_token'], secret)
is_domain_valid: bool = hmac.compare_digest(api_instance['domain'], domain)
_request_valid: bool = is_secret_valid and is_domain_valid
return not not api_instance.get('is_active') if _request_valid else False
像这样定义您的错误处理程序
from flask import Blueprint, jsonify, request, redirect
from werkzeug.exceptions Unauthorized
error_handler = BluePrint('error_handlers', __name__)
@error_handler.app_errorhandler(Unauthorized)
def handle_error(e : Unauthorized) -> tuple:
"""default unath handler"""
return jsonify(dict(message=e.description)), e.code if request.headers.get('content-type') == 'application/json' else redirect('/login')
以同样的方式处理其他错误,并注意如果请求是
不是 json 用户将被重定向到登录页面如果 json 用户收到未处理的响应然后它到前端来处理 Unath 错误..