Flask API认证 #

import secrets

def generate_token():
    return secrets.token_hex(32)

class User(db.Model):
    id = db.Column(db.Integer, primary_key=True)
    username = db.Column(db.String(80))
    token = db.Column(db.String(64), unique=True)

from functools import wraps
from flask import request, jsonify

def token_required(f):
    @wraps(f)
    def decorated(*args, **kwargs):
        token = request.headers.get('Authorization')
        if not token:
            return jsonify({'error': '缺少Token'}), 401
        
        user = User.query.filter_by(token=token).first()
        if not user:
            return jsonify({'error': '无效Token'}), 401
        
        return f(user, *args, **kwargs)
    return decorated

pip install pyjwt

import jwt
from datetime import datetime, timedelta

app.config['SECRET_KEY'] = 'your-secret-key'

def create_token(user_id):
    payload = {
        'user_id': user_id,
        'exp': datetime.utcnow() + timedelta(hours=1)
    }
    return jwt.encode(payload, app.config['SECRET_KEY'], algorithm='HS256')

def verify_token(token):
    try:
        payload = jwt.decode(token, app.config['SECRET_KEY'], algorithms=['HS256'])
        return payload['user_id']
    except jwt.ExpiredSignatureError:
        return None
    except jwt.InvalidTokenError:
        return None