#!/usr/bin/env python
# encoding: utf-8
#pip install flask-login
import datetime
from flask import Flask, Blueprint,session, redirect, url_for, render_template, request
from flask_login import LoginManager,current_user, login_user, login_required, logout_user
from flask_login import UserMixin
from werkzeug.security import generate_password_hash, check_password_hash
class User(UserMixin):
username = None
def __init__(self,id,username,password_hash):
self.id = id
self.username = username
self.set_password(password_hash)
def get_id(self):
return self.id
def set_password(self, password):
self.password_hash = generate_password_hash(password)
def validate_password(self, password):
return check_password_hash(self.password_hash, password)
UserData = {
1 : User(
id=1,
username='admin',
password_hash = 'admin'
)
}
app = Flask(__name__)
app.secret_key = 's3cr3t'
login_manager = LoginManager()
# 設定不同的安全等級防止使用者會話遭篡改,屬性可以設為None、basic或strong
# 設為 strong 時,Flask-Login 會記錄客戶端 IP 地址和瀏覽器的使用者代理資訊,如果發現異動就登出使用者
login_manager.session_protection = 'strong'
# 如果未登入,返回的頁面
login_manager.login_view = 'auth.login'
login_manager.init_app(app)
# Flask-Login 要求程式實現一個回撥函式,使用指定的識別符號載入使用者
@login_manager.user_loader
def load_user(user_id):
return UserData.get(user_id)
auth = Blueprint('auth', __name__)
# 登入
@auth.get('/login')
def login():
if current_user.is_authenticated: #判斷當前使用者是否是登入狀態
return redirect(url_for('auth.index'))
html ='''<!DOCTYPE html><html><head>
<meta charset="utf-8">
<title>登入頁面</title>
</head><body>
<form action="/auth/login" method="post">
<!-- 文字輸入框 -->
<label for="username">使用者名稱:</label>
<input type="text" id="username" name="username" required><br>
<!-- 密碼輸入框 -->
<label for="password">密碼:</label>
<input type="password" id="password" name="password" required><br>
<!-- 提交按鈕 -->
<input type="submit" value="提交">
</form>
</body>
</html>'''
return html
# 登入
@auth.post('/login')
def login_post():
try:
req = request.form
username = req.get('username')
password = req.get('password')
user = UserData.get(1)
print(username,password)
if not user:return '不存在的使用者'
if username == user.username and user.validate_password(password):
duration = datetime.timedelta(seconds=30*60) # 30*60秒
remember = True
# login_user(user, remember=remember) # 登入
login_user(user) # 建立使用者 Session
# return "ok"
return redirect(request.args.get('next') or url_for('auth.index'))
else:
return "密碼不正確"
except Exception as e:
print(e)
return "error"
# 透過Flask-Login提供的login_required裝飾器來增加路由保護,如果未認證使用者訪問這個路由,Flask-Login會將這個請求發往登入頁面
@auth.route('/logout', methods=['GET', 'POST'])
@login_required
def logout():
logout_user()
return redirect(url_for('auth.login'))
# test method
@app.get('/')
@auth.get('/index')
@login_required
def index():
return "<h1>This is the first page</h1><h4><a href='/auth/login'>登入</a></h4><a href='/auth/logout'>退出登入</a>"
if __name__ == "__main__":
app.register_blueprint(auth, url_prefix='/auth')
app.run(debug=True,host='0.0.0.0',port=8080)
