问题

I have a service that generates a license key, and that provides an API to verify the key is valid, e.g. curl api-url -d "license_key=xxxx" -X post returns json that says if the key is valid or not.

我有一个生成许可证密钥的服务，并提供一个API来验证密钥是否有效，例如，curl api-url -d "license_key=xxxx" -X post 返回JSON，说明密钥是否有效。

I want to use this for authentication in a flask app, where the user enters their key to login, and the app does the check above to authenticate if they have access. The users don't need a username, the license key is unique to them, and should be all that is needed.

我想在Flask应用程序中使用这个来进行身份验证，用户输入他们的密钥来登录，应用程序执行上述检查以验证他们是否有访问权限。用户不需要用户名，许可证密钥对他们来说是唯一的，应该是唯一需要的。

I have not found anything that (at least to my understanding) suggests how to go about this in either https://flask-security-too.readthedocs.io/en/stable/ or https://flask-login.readthedocs.io/en/latest/.

我在https://flask-security-too.readthedocs.io/en/stable/或https://flask-login.readthedocs.io/en/latest/中没有找到任何关于如何处理这个问题的信息（至少根据我的理解）。

I guess it isn't crucial it is done in Flask, if there is another way to do this with a regular web server.

我猜在Flask中完成这个工作并不是至关重要的，如果有其他方法可以在常规Web服务器上完成这个任务。

Does this kind of authentication have a name? I feel like I am not looking for the right information so far.

这种身份验证方式有一个名称吗？我觉得我迄今为止还没有找到正确的信息。

答案1

得分: 0

这可以通过Flask中的会话来完成。您可以使用requests模块进行POST请求。

from flask import Flask, redirect, url_for, render_template, flash, session
from flask_wtf import FlaskForm
from wtforms import StringField, SubmitField
from wtforms.validators import DataRequired
import requests

app = Flask(__name__)
app.config["SECRET_KEY"] = "secret-key-goes-here"

class LoginForm(FlaskForm):
    license_key = StringField("License key", validators=[DataRequired()])
    submit = SubmitField("Submit")

@app.route("/login", methods=["GET", "POST"])
def login():
    if session.get("authenticated"):
        return redirect(url_for("index"))
    form = LoginForm()
    if form.validate_on_submit():
        req = requests.post("api-url", {"license_key": form.license_key.data})
        if not req.json()["valid"]:
            flash("Invalid username or password")
            return redirect(url_for("login"))
        session["authenticated"] = True
        return redirect(url_for("index"))
    return render_template("login.html", title="Sign In", form=form)

这假设JSON响应的格式为{"valid": true/false}。

from flask import Flask, redirect, url_for, render_template, flash, session
from flask_wtf import FlaskForm
from wtforms import StringField, SubmitField
from wtforms.validators import DataRequired
import requests

app = Flask(__name__)
app.config["SECRET_KEY"] = "secret-key-goes-here"  

class LoginForm(FlaskForm):
    license_key = StringField("License key", validators = [DataRequired()])
    submit = SubmitField("Submit")

@app.route("/login", methods=["GET", "POST"])
def login():
    if session.get("authenticated"):
        return redirect(url_for("index"))
    form = LoginForm()
    if form.validate_on_submit():
        req = requests.post("api-url", {"license_key": form.license_key.data})
        if not req.json()["valid"]:
            flash("Invalid username or password")
            return redirect(url_for("login"))
        session["authenticated"] = True
        return redirect(url_for("index"))
    return render_template("login.html", title="Sign In", form=form)