<ruby id="bdb3f"></ruby>

    <p id="bdb3f"><cite id="bdb3f"></cite></p>

      <p id="bdb3f"><cite id="bdb3f"><th id="bdb3f"></th></cite></p><p id="bdb3f"></p>
        <p id="bdb3f"><cite id="bdb3f"></cite></p>

          <pre id="bdb3f"></pre>
          <pre id="bdb3f"><del id="bdb3f"><thead id="bdb3f"></thead></del></pre>

          <ruby id="bdb3f"><mark id="bdb3f"></mark></ruby><ruby id="bdb3f"></ruby>
          <pre id="bdb3f"><pre id="bdb3f"><mark id="bdb3f"></mark></pre></pre><output id="bdb3f"></output><p id="bdb3f"></p><p id="bdb3f"></p>

          <pre id="bdb3f"><del id="bdb3f"><progress id="bdb3f"></progress></del></pre>

                <ruby id="bdb3f"></ruby>

                合規國際互聯網加速 OSASE為企業客戶提供高速穩定SD-WAN國際加速解決方案。 廣告
                # Day 10 - 用戶注冊和登錄 用戶管理是絕大部分Web網站都需要解決的問題。用戶管理涉及到用戶注冊和登錄。 用戶注冊相對簡單,我們可以先通過API把用戶注冊這個功能實現了: ``` _RE_EMAIL = re.compile(r'^[a-z0-9\.\-\_]+\@[a-z0-9\-\_]+(\.[a-z0-9\-\_]+){1,4}$') _RE_SHA1 = re.compile(r'^[0-9a-f]{40}$') @post('/api/users') def api_register_user(*, email, name, passwd): if not name or not name.strip(): raise APIValueError('name') if not email or not _RE_EMAIL.match(email): raise APIValueError('email') if not passwd or not _RE_SHA1.match(passwd): raise APIValueError('passwd') users = yield from User.findAll('email=?', [email]) if len(users) > 0: raise APIError('register:failed', 'email', 'Email is already in use.') uid = next_id() sha1_passwd = '%s:%s' % (uid, passwd) user = User(id=uid, name=name.strip(), email=email, passwd=hashlib.sha1(sha1_passwd.encode('utf-8')).hexdigest(), image='http://www.gravatar.com/avatar/%s?d=mm&s=120' % hashlib.md5(email.encode('utf-8')).hexdigest()) yield from user.save() # make session cookie: r = web.Response() r.set_cookie(COOKIE_NAME, user2cookie(user, 86400), max_age=86400, httponly=True) user.passwd = '******' r.content_type = 'application/json' r.body = json.dumps(user, ensure_ascii=False).encode('utf-8') return r ``` 注意用戶口令是客戶端傳遞的經過SHA1計算后的40位Hash字符串,所以服務器端并不知道用戶的原始口令。 接下來可以創建一個注冊頁面,讓用戶填寫注冊表單,然后,提交數據到注冊用戶的API: ``` {% extends '__base__.html' %} {% block title %}注冊{% endblock %} {% block beforehead %} <script> function validateEmail(email) { var re = /^[a-z0-9\.\-\_]+\@[a-z0-9\-\_]+(\.[a-z0-9\-\_]+){1,4}$/; return re.test(email.toLowerCase()); } $(function () { var vm = new Vue({ el: '#vm', data: { name: '', email: '', password1: '', password2: '' }, methods: { submit: function (event) { event.preventDefault(); var $form = $('#vm'); if (! this.name.trim()) { return $form.showFormError('請輸入名字'); } if (! validateEmail(this.email.trim().toLowerCase())) { return $form.showFormError('請輸入正確的Email地址'); } if (this.password1.length < 6) { return $form.showFormError('口令長度至少為6個字符'); } if (this.password1 !== this.password2) { return $form.showFormError('兩次輸入的口令不一致'); } var email = this.email.trim().toLowerCase(); $form.postJSON('/api/users', { name: this.name.trim(), email: email, passwd: CryptoJS.SHA1(email + ':' + this.password1).toString() }, function (err, r) { if (err) { return $form.showFormError(err); } return location.assign('/'); }); } } }); $('#vm').show(); }); </script> {% endblock %} {% block content %} <div class="uk-width-2-3"> <h1>歡迎注冊!</h1> <form id="vm" v-on="submit: submit" class="uk-form uk-form-stacked"> <div class="uk-alert uk-alert-danger uk-hidden"></div> <div class="uk-form-row"> <label class="uk-form-label">名字:</label> <div class="uk-form-controls"> <input v-model="name" type="text" maxlength="50" placeholder="名字" class="uk-width-1-1"> </div> </div> <div class="uk-form-row"> <label class="uk-form-label">電子郵件:</label> <div class="uk-form-controls"> <input v-model="email" type="text" maxlength="50" placeholder="your-name@example.com" class="uk-width-1-1"> </div> </div> <div class="uk-form-row"> <label class="uk-form-label">輸入口令:</label> <div class="uk-form-controls"> <input v-model="password1" type="password" maxlength="50" placeholder="輸入口令" class="uk-width-1-1"> </div> </div> <div class="uk-form-row"> <label class="uk-form-label">重復口令:</label> <div class="uk-form-controls"> <input v-model="password2" type="password" maxlength="50" placeholder="重復口令" class="uk-width-1-1"> </div> </div> <div class="uk-form-row"> <button type="submit" class="uk-button uk-button-primary"><i class="uk-icon-user"></i> 注冊</button> </div> </form> </div> {% endblock %} ``` 這樣我們就把用戶注冊的功能完成了: ![awesomepy-register](https://box.kancloud.cn/2016-01-15_56988a2b195d5.png) 用戶登錄比用戶注冊復雜。由于HTTP協議是一種無狀態協議,而服務器要跟蹤用戶狀態,就只能通過cookie實現。大多數Web框架提供了Session功能來封裝保存用戶狀態的cookie。 Session的優點是簡單易用,可以直接從Session中取出用戶登錄信息。 Session的缺點是服務器需要在內存中維護一個映射表來存儲用戶登錄信息,如果有兩臺以上服務器,就需要對Session做集群,因此,使用Session的Web App很難擴展。 我們采用直接讀取cookie的方式來驗證用戶登錄,每次用戶訪問任意URL,都會對cookie進行驗證,這種方式的好處是保證服務器處理任意的URL都是無狀態的,可以擴展到多臺服務器。 由于登錄成功后是由服務器生成一個cookie發送給瀏覽器,所以,要保證這個cookie不會被客戶端偽造出來。 實現防偽造cookie的關鍵是通過一個單向算法(例如SHA1),舉例如下: 當用戶輸入了正確的口令登錄成功后,服務器可以從數據庫取到用戶的id,并按照如下方式計算出一個字符串: ``` "用戶id" + "過期時間" + SHA1("用戶id" + "用戶口令" + "過期時間" + "SecretKey") ``` 當瀏覽器發送cookie到服務器端后,服務器可以拿到的信息包括: * 用戶id * 過期時間 * SHA1值 如果未到過期時間,服務器就根據用戶id查找用戶口令,并計算: ``` SHA1("用戶id" + "用戶口令" + "過期時間" + "SecretKey") ``` 并與瀏覽器cookie中的MD5進行比較,如果相等,則說明用戶已登錄,否則,cookie就是偽造的。 這個算法的關鍵在于SHA1是一種單向算法,即可以通過原始字符串計算出SHA1結果,但無法通過SHA1結果反推出原始字符串。 所以登錄API可以實現如下: ``` @post('/api/authenticate') def authenticate(*, email, passwd): if not email: raise APIValueError('email', 'Invalid email.') if not passwd: raise APIValueError('passwd', 'Invalid password.') users = yield from User.findAll('email=?', [email]) if len(users) == 0: raise APIValueError('email', 'Email not exist.') user = users[0] # check passwd: sha1 = hashlib.sha1() sha1.update(user.id.encode('utf-8')) sha1.update(b':') sha1.update(passwd.encode('utf-8')) if user.passwd != sha1.hexdigest(): raise APIValueError('passwd', 'Invalid password.') # authenticate ok, set cookie: r = web.Response() r.set_cookie(COOKIE_NAME, user2cookie(user, 86400), max_age=86400, httponly=True) user.passwd = '******' r.content_type = 'application/json' r.body = json.dumps(user, ensure_ascii=False).encode('utf-8') return r # 計算加密cookie: def user2cookie(user, max_age): # build cookie string by: id-expires-sha1 expires = str(int(time.time() + max_age)) s = '%s-%s-%s-%s' % (user.id, user.passwd, expires, _COOKIE_KEY) L = [user.id, expires, hashlib.sha1(s.encode('utf-8')).hexdigest()] return '-'.join(L) ``` 對于每個URL處理函數,如果我們都去寫解析cookie的代碼,那會導致代碼重復很多次。 利用middle在處理URL之前,把cookie解析出來,并將登錄用戶綁定到`request`對象上,這樣,后續的URL處理函數就可以直接拿到登錄用戶: ``` @asyncio.coroutine def auth_factory(app, handler): @asyncio.coroutine def auth(request): logging.info('check user: %s %s' % (request.method, request.path)) request.__user__ = None cookie_str = request.cookies.get(COOKIE_NAME) if cookie_str: user = yield from cookie2user(cookie_str) if user: logging.info('set current user: %s' % user.email) request.__user__ = user return (yield from handler(request)) return auth # 解密cookie: @asyncio.coroutine def cookie2user(cookie_str): ''' Parse cookie and load user if cookie is valid. ''' if not cookie_str: return None try: L = cookie_str.split('-') if len(L) != 3: return None uid, expires, sha1 = L if int(expires) < time.time(): return None user = yield from User.find(uid) if user is None: return None s = '%s-%s-%s-%s' % (uid, user.passwd, expires, _COOKIE_KEY) if sha1 != hashlib.sha1(s.encode('utf-8')).hexdigest(): logging.info('invalid sha1') return None user.passwd = '******' return user except Exception as e: logging.exception(e) return None ``` 這樣,我們就完成了用戶注冊和登錄的功能。 ## 參考源碼 [day-10](https://github.com/michaelliao/awesome-python3-webapp/tree/day-10)
                  <ruby id="bdb3f"></ruby>

                  <p id="bdb3f"><cite id="bdb3f"></cite></p>

                    <p id="bdb3f"><cite id="bdb3f"><th id="bdb3f"></th></cite></p><p id="bdb3f"></p>
                      <p id="bdb3f"><cite id="bdb3f"></cite></p>

                        <pre id="bdb3f"></pre>
                        <pre id="bdb3f"><del id="bdb3f"><thead id="bdb3f"></thead></del></pre>

                        <ruby id="bdb3f"><mark id="bdb3f"></mark></ruby><ruby id="bdb3f"></ruby>
                        <pre id="bdb3f"><pre id="bdb3f"><mark id="bdb3f"></mark></pre></pre><output id="bdb3f"></output><p id="bdb3f"></p><p id="bdb3f"></p>

                        <pre id="bdb3f"><del id="bdb3f"><progress id="bdb3f"></progress></del></pre>

                              <ruby id="bdb3f"></ruby>

                              哎呀哎呀视频在线观看