Securing RESTapi in flask

前端 未结 1 772
伪装坚强ぢ
伪装坚强ぢ 2021-02-03 13:17

The app I\'m deving uses a lot of ajax calls. Unfortunately I hit a snag when researching on how to restrict access to the api. For example:

  • i have table that does
1条回答
  •  小鲜肉
    小鲜肉 (楼主)
    2021-02-03 13:38

    The thousand-foot view is you need to authenticate the user either with:

    A) HTTP-Auth (either basic or digest) on each request.

    B) Server-side sessions. (The user authenticates and receives a session key - their user information is stored in the session backend on the server, attached to that key Once they have a session they can make requests passing their session key back to you (either in the URL or in a cookie) and the information they have access to is returned to them.)

    Flask has a pair of useful extensions that deal with a large part of this sort of thing - check out Flask-Login and Flask-Principal to see examples of how authorization can be added to a Flask application.

    0 讨论(0)
提交回复
热议问题