如何使用许可密钥/服务器来验证Flask应用程序?

huangapple go评论58阅读模式
英文:

How do you use a license key/server to authenticate a Flask app?

问题

I have a service that generates a license key, and that provides an API to verify the key is valid, e.g. curl api-url -d "license_key=xxxx" -X post returns json that says if the key is valid or not.

我有一个生成许可证密钥的服务,并提供一个API来验证密钥是否有效,例如,curl api-url -d "license_key=xxxx" -X post 返回JSON,说明密钥是否有效。

I want to use this for authentication in a flask app, where the user enters their key to login, and the app does the check above to authenticate if they have access. The users don't need a username, the license key is unique to them, and should be all that is needed.

我想在Flask应用程序中使用这个来进行身份验证,用户输入他们的密钥来登录,应用程序执行上述检查以验证他们是否有访问权限。用户不需要用户名,许可证密钥对他们来说是唯一的,应该是唯一需要的。

I have not found anything that (at least to my understanding) suggests how to go about this in either https://flask-security-too.readthedocs.io/en/stable/ or https://flask-login.readthedocs.io/en/latest/.

我在https://flask-security-too.readthedocs.io/en/stable/或https://flask-login.readthedocs.io/en/latest/中没有找到任何关于如何处理这个问题的信息(至少根据我的理解)。

I guess it isn't crucial it is done in Flask, if there is another way to do this with a regular web server.

我猜在Flask中完成这个工作并不是至关重要的,如果有其他方法可以在常规Web服务器上完成这个任务。

Does this kind of authentication have a name? I feel like I am not looking for the right information so far.

这种身份验证方式有一个名称吗?我觉得我迄今为止还没有找到正确的信息。

英文:

I have a service that generates a license key, and that provides an API to verify the key is valid, e.g. curl api-url -d "license_key=xxxx" -X post returns json that says if the key is valid or not.

I want to use this for authentication in a flask app, where the user enters their key to login, and the app does the check above to authenticate if they have access. The users don't need a username, the license key is unique to them, and should be all that is needed.

I have not found anything that (at least to my understanding) suggests how to go about this in either https://flask-security-too.readthedocs.io/en/stable/ or https://flask-login.readthedocs.io/en/latest/.

I guess it isn't crucial it is done in Flask, if there is another way to do this with a regular web server.

Does this kind of authentication have a name? I feel like I am not looking for the right information so far.

答案1

得分: 0

这可以通过Flask中的会话来完成。您可以使用requests模块进行POST请求。

from flask import Flask, redirect, url_for, render_template, flash, session
from flask_wtf import FlaskForm
from wtforms import StringField, SubmitField
from wtforms.validators import DataRequired
import requests

app = Flask(__name__)
app.config["SECRET_KEY"] = "secret-key-goes-here"

class LoginForm(FlaskForm):
    license_key = StringField("License key", validators=[DataRequired()])
    submit = SubmitField("Submit")

@app.route("/login", methods=["GET", "POST"])
def login():
    if session.get("authenticated"):
        return redirect(url_for("index"))
    form = LoginForm()
    if form.validate_on_submit():
        req = requests.post("api-url", {"license_key": form.license_key.data})
        if not req.json()["valid"]:
            flash("Invalid username or password")
            return redirect(url_for("login"))
        session["authenticated"] = True
        return redirect(url_for("index"))
    return render_template("login.html", title="Sign In", form=form)

这假设JSON响应的格式为{"valid": true/false}

英文:

This can be done using sessions in Flask. You can make the POST request with the requests module.

from flask import Flask, redirect, url_for, render_template, flash, session
from flask_wtf import FlaskForm
from wtforms import StringField, SubmitField
from wtforms.validators import DataRequired
import requests

app = Flask(__name__)
app.config["SECRET_KEY"] = "secret-key-goes-here"  

class LoginForm(FlaskForm):
    license_key = StringField("License key", validators = [DataRequired()])
    submit = SubmitField("Submit")

@app.route("/login", methods=["GET", "POST"])
def login():
    if session.get("authenticated"):
        return redirect(url_for("index"))
    form = LoginForm()
    if form.validate_on_submit():
        req = requests.post("api-url", {"license_key": form.license_key.data})
        if not req.json()["valid"]:
            flash("Invalid username or password")
            return redirect(url_for("login"))
        session["authenticated"] = True
        return redirect(url_for("index"))
    return render_template("login.html", title="Sign In", form=form)

This assumes the JSON response is of the form {"valid": true/false}.

huangapple
  • 本文由 发表于 2023年5月8日 02:42:10
  • 转载请务必保留本文链接:https://go.coder-hub.com/76195690.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定