Simple User management example for Google App Engine?
I am newbie in Google App Engine. While I was going through the tutorial, I found several things that we do in php-mysql is not available in GAE. For example in dataStore auto i
-
I tend to use my own user and session manangement
For my web handlers I will attach a decorator called
sessionand one calledauthorize. Thesessiondecorator will attach a session to every request, and theauthorizedecorator will make sure that the user is authorised.(A word of caution, the authorize decorator is specific to how I develop my applications - the username being the first parameter in most requests).
So for example a web handler may look like:
class UserProfile(webapp.RequestHandler): @session @authorize def get(self, user): # Do some funky stuff # The session is attached to the self object. someObjectAttachedToSession = self.SessionObj.SomeStuff self.response.out.write("hello %s" % user)In the above code, the
sessiondecorator attaches some session stuff that I need based on the cookies that are present on the request. Theauthorizeheader will make sure that the user can only access the page if the session is the correct one.The decorators code are below:
import functools from model import Session import logging def authorize(redirectTo = "/"): def factory(method): 'Ensures that when an auth cookie is presented to the request that is is valid' @functools.wraps(method) def wrapper(self, *args, **kwargs): #Get the session parameters auth_id = self.request.cookies.get('auth_id', '') session_id = self.request.cookies.get('session_id', '') #Check the db for the session session = Session.GetSession(session_id, auth_id) if session is None: self.redirect(redirectTo) return else: if session.settings is None: self.redirect(redirectTo) return username = session.settings.key().name() if len(args) > 0: if username != args[0]: # The user is allowed to view this page. self.redirect(redirectTo) return result = method(self, *args, **kwargs) return result return wrapper return factory def session(method): 'Ensures that the sessions object (if it exists) is attached to the request.' @functools.wraps(method) def wrapper(self, *args, **kwargs): #Get the session parameters auth_id = self.request.cookies.get('auth_id', '') session_id = self.request.cookies.get('session_id', '') #Check the db for the session session = Session.GetSession(session_id, auth_id) if session is None: session = Session() session.session_id = Session.MakeId() session.auth_token = Session.MakeId() session.put() # Attach the session to the method self.SessionObj = session #Call the handler. result = method(self, *args, **kwargs) self.response.headers.add_header('Set-Cookie', 'auth_id=%s; path=/; HttpOnly' % str(session.auth_token)) self.response.headers.add_header('Set-Cookie', 'session_id=%s; path=/; HttpOnly' % str(session.session_id)) return result return wrapper def redirect(method, redirect = "/user/"): 'When a known user is logged in redirect them to their home page' @functools.wraps(method) def wrapper(self, *args, **kwargs): try: if self.SessionObj is not None: if self.SessionObj.settings is not None: # Check that the session is correct username = self.SessionObj.settings.key().name() self.redirect(redirect + username) return except: pass return method(self, *args, **kwargs) return wrapper
加载中...
- 热议问题