From 98829a226eff8fcfd4e560a0802564dcd9381138 Mon Sep 17 00:00:00 2001 From: "ethan.chen" Date: Mon, 19 May 2025 18:25:07 +0800 Subject: [PATCH] refactor: replace HTTPBasicAuth with custom authentication decorator; update routes to use new auth method --- app.py | 48 ++++++++++++++++++++++++++++++------------------ 1 file changed, 30 insertions(+), 18 deletions(-) diff --git a/app.py b/app.py index 70afcaf..d9917ff 100644 --- a/app.py +++ b/app.py @@ -1,23 +1,35 @@ from flask import Flask, request, jsonify, send_file from flask_sqlalchemy import SQLAlchemy -from flask_httpauth import HTTPBasicAuth +from flask_cors import CORS from datetime import datetime import os import shutil import json +from functools import wraps +import base64 app = Flask(__name__) -auth = HTTPBasicAuth() +CORS(app) -# 配置认证信息 -USERS = { - "admin": "your-secure-password" # 请修改为安全的密码 -} +# 认证配置 +USERNAME = 'admin' +PASSWORD = 'admin' -@auth.verify_password -def verify_password(username, password): - if username in USERS and USERS[username] == password: - return username +def auth_required(f): + @wraps(f) + def decorated(*args, **kwargs): + auth = request.authorization + if not auth or auth.username != USERNAME or auth.password != PASSWORD: + response = jsonify({ + 'code': 1, + 'message': 'Invalid username or password' + }) + response.status_code = 401 + # 移除 WWW-Authenticate 头 + response.headers.pop('WWW-Authenticate', None) + return response + return f(*args, **kwargs) + return decorated # 配置数据库 app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///media.db' @@ -53,7 +65,7 @@ def backup_database(): return backup_file @app.route('/api/backup', methods=['POST']) -@auth.login_required +@auth_required def create_backup(): try: backup_file = backup_database() @@ -69,7 +81,7 @@ def create_backup(): return jsonify({"code": 1, "data": {}, "message": str(e)}), 500 @app.route('/api/backup/list', methods=['GET']) -@auth.login_required +@auth_required def list_backups(): try: backup_dir = 'backups' @@ -99,7 +111,7 @@ def list_backups(): return jsonify({"code": 1, "data": {}, "message": str(e)}), 500 @app.route('/api/backup/restore/', methods=['POST']) -@auth.login_required +@auth_required def restore_backup(filename): try: backup_file = os.path.join('backups', filename) @@ -125,7 +137,7 @@ def restore_backup(filename): # API 路由 @app.route('/api/media/list', methods=['GET']) -@auth.login_required +@auth_required def get_all_media(): try: media_list = Media.query.all() @@ -149,7 +161,7 @@ def get_all_media(): return jsonify({"code": 1, "data": {}, "message": str(e)}), 500 @app.route('/api/media/create', methods=['POST']) -@auth.login_required +@auth_required def create_media(): try: data = request.json @@ -185,7 +197,7 @@ def create_media(): return jsonify({"code": 2, "data": {}, "message": str(e)}), 500 @app.route('/api/media/updateById/', methods=['PUT']) -@auth.login_required +@auth_required def update_media(media_id): try: media = Media.query.get_or_404(media_id) @@ -222,7 +234,7 @@ def update_media(media_id): return jsonify({"code": 2, "data": {}, "message": str(e)}), 500 @app.route('/api/media/deleteById/', methods=['DELETE']) -@auth.login_required +@auth_required def delete_media(media_id): try: media = Media.query.get_or_404(media_id) @@ -234,7 +246,7 @@ def delete_media(media_id): return jsonify({"code": 2, "data": {}, "message": str(e)}), 500 @app.route('/api/media/page', methods=['GET']) -@auth.login_required +@auth_required def get_media_page(): try: type = request.args.get('type')