Simple User management example for Google App Engine?

前端 未结 3 446
隐瞒了意图╮
隐瞒了意图╮ 2021-01-30 05:03

I am newbie in Google App Engine. While I was going through the tutorial, I found several things that we do in php-mysql is not available in GAE. For example in dataStore auto i

3条回答
  •  有刺的猬
    2021-01-30 05:29

    I tend to use my own user and session manangement

    For my web handlers I will attach a decorator called session and one called authorize. The session decorator will attach a session to every request, and the authorize decorator will make sure that the user is authorised.

    (A word of caution, the authorize decorator is specific to how I develop my applications - the username being the first parameter in most requests).

    So for example a web handler may look like:

    class UserProfile(webapp.RequestHandler):
      @session
      @authorize
      def get(self, user):
         # Do some funky stuff
         # The session is attached to the self object.
         someObjectAttachedToSession = self.SessionObj.SomeStuff
         self.response.out.write("hello %s" % user)
    

    In the above code, the session decorator attaches some session stuff that I need based on the cookies that are present on the request. The authorize header will make sure that the user can only access the page if the session is the correct one.

    The decorators code are below:

    import functools
    from model import Session
    import logging
    
    def authorize(redirectTo = "/"):
        def factory(method):
            'Ensures that when an auth cookie is presented to the request that is is valid'
            @functools.wraps(method)
            def wrapper(self, *args, **kwargs):
    
                #Get the session parameters
                auth_id = self.request.cookies.get('auth_id', '')
                session_id = self.request.cookies.get('session_id', '')
    
                #Check the db for the session
                session = Session.GetSession(session_id, auth_id)           
    
                if session is None:
                    self.redirect(redirectTo)
                    return
                else:
                    if session.settings is None:
                        self.redirect(redirectTo)
                        return
    
                    username = session.settings.key().name()
    
                    if len(args) > 0:               
                        if username != args[0]:
                            # The user is allowed to view this page.
                            self.redirect(redirectTo)
                            return
    
                result = method(self, *args, **kwargs)
    
                return result
            return wrapper
        return factory
    
    def session(method):
        'Ensures that the sessions object (if it exists) is attached to the request.'
        @functools.wraps(method)
        def wrapper(self, *args, **kwargs):
    
            #Get the session parameters
            auth_id = self.request.cookies.get('auth_id', '')
            session_id = self.request.cookies.get('session_id', '')
    
            #Check the db for the session
            session = Session.GetSession(session_id, auth_id)           
    
            if session is None:
                session = Session()
                session.session_id = Session.MakeId()
                session.auth_token = Session.MakeId()
                session.put()
    
            # Attach the session to the method
            self.SessionObj = session           
    
            #Call the handler.          
            result = method(self, *args, **kwargs)
    
            self.response.headers.add_header('Set-Cookie', 'auth_id=%s; path=/; HttpOnly' % str(session.auth_token))
            self.response.headers.add_header('Set-Cookie', 'session_id=%s; path=/; HttpOnly' % str(session.session_id))
    
            return result
        return wrapper
    
    def redirect(method, redirect = "/user/"):
        'When a known user is logged in redirect them to their home page'
        @functools.wraps(method)
        def wrapper(self, *args, **kwargs):
            try:    
                if self.SessionObj is not None:
                    if self.SessionObj.settings is not None:
                        # Check that the session is correct
                        username = self.SessionObj.settings.key().name()
    
                        self.redirect(redirect + username)
                        return
            except:
                pass
            return method(self, *args, **kwargs)
        return wrapper
    

提交回复
热议问题