refactor: replace HTTPBasicAuth with custom authentication decorator; update routes to use new auth method
This commit is contained in:
ethan.chen
48
app.py
48
app.py
@@ -1,23 +1,35 @@
|
|||||||
from flask import Flask, request, jsonify, send_file
|
from flask import Flask, request, jsonify, send_file
|
||||||
from flask_sqlalchemy import SQLAlchemy
|
from flask_sqlalchemy import SQLAlchemy
|
||||||
from flask_httpauth import HTTPBasicAuth
|
from flask_cors import CORS
|
||||||
from datetime import datetime
|
from datetime import datetime
|
||||||
import os
|
import os
|
||||||
import shutil
|
import shutil
|
||||||
import json
|
import json
|
||||||
|
from functools import wraps
|
||||||
|
import base64
|
||||||
|
|
||||||
app = Flask(__name__)
|
app = Flask(__name__)
|
||||||
auth = HTTPBasicAuth()
|
CORS(app)
|
||||||
|
|
||||||
# 配置认证信息
|
# 认证配置
|
||||||
USERS = {
|
USERNAME = 'admin'
|
||||||
"admin": "your-secure-password" # 请修改为安全的密码
|
PASSWORD = 'admin'
|
||||||
}
|
|
||||||
|
|
||||||
@auth.verify_password
|
def auth_required(f):
|
||||||
def verify_password(username, password):
|
@wraps(f)
|
||||||
if username in USERS and USERS[username] == password:
|
def decorated(*args, **kwargs):
|
||||||
return username
|
auth = request.authorization
|
||||||
|
if not auth or auth.username != USERNAME or auth.password != PASSWORD:
|
||||||
|
response = jsonify({
|
||||||
|
'code': 1,
|
||||||
|
'message': 'Invalid username or password'
|
||||||
|
})
|
||||||
|
response.status_code = 401
|
||||||
|
# 移除 WWW-Authenticate 头
|
||||||
|
response.headers.pop('WWW-Authenticate', None)
|
||||||
|
return response
|
||||||
|
return f(*args, **kwargs)
|
||||||
|
return decorated
|
||||||
|
|
||||||
# 配置数据库
|
# 配置数据库
|
||||||
app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///media.db'
|
app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///media.db'
|
||||||
@@ -53,7 +65,7 @@ def backup_database():
|
|||||||
return backup_file
|
return backup_file
|
||||||
|
|
||||||
@app.route('/api/backup', methods=['POST'])
|
@app.route('/api/backup', methods=['POST'])
|
||||||
@auth.login_required
|
@auth_required
|
||||||
def create_backup():
|
def create_backup():
|
||||||
try:
|
try:
|
||||||
backup_file = backup_database()
|
backup_file = backup_database()
|
||||||
@@ -69,7 +81,7 @@ def create_backup():
|
|||||||
return jsonify({"code": 1, "data": {}, "message": str(e)}), 500
|
return jsonify({"code": 1, "data": {}, "message": str(e)}), 500
|
||||||
|
|
||||||
@app.route('/api/backup/list', methods=['GET'])
|
@app.route('/api/backup/list', methods=['GET'])
|
||||||
@auth.login_required
|
@auth_required
|
||||||
def list_backups():
|
def list_backups():
|
||||||
try:
|
try:
|
||||||
backup_dir = 'backups'
|
backup_dir = 'backups'
|
||||||
@@ -99,7 +111,7 @@ def list_backups():
|
|||||||
return jsonify({"code": 1, "data": {}, "message": str(e)}), 500
|
return jsonify({"code": 1, "data": {}, "message": str(e)}), 500
|
||||||
|
|
||||||
@app.route('/api/backup/restore/<filename>', methods=['POST'])
|
@app.route('/api/backup/restore/<filename>', methods=['POST'])
|
||||||
@auth.login_required
|
@auth_required
|
||||||
def restore_backup(filename):
|
def restore_backup(filename):
|
||||||
try:
|
try:
|
||||||
backup_file = os.path.join('backups', filename)
|
backup_file = os.path.join('backups', filename)
|
||||||
@@ -125,7 +137,7 @@ def restore_backup(filename):
|
|||||||
|
|
||||||
# API 路由
|
# API 路由
|
||||||
@app.route('/api/media/list', methods=['GET'])
|
@app.route('/api/media/list', methods=['GET'])
|
||||||
@auth.login_required
|
@auth_required
|
||||||
def get_all_media():
|
def get_all_media():
|
||||||
try:
|
try:
|
||||||
media_list = Media.query.all()
|
media_list = Media.query.all()
|
||||||
@@ -149,7 +161,7 @@ def get_all_media():
|
|||||||
return jsonify({"code": 1, "data": {}, "message": str(e)}), 500
|
return jsonify({"code": 1, "data": {}, "message": str(e)}), 500
|
||||||
|
|
||||||
@app.route('/api/media/create', methods=['POST'])
|
@app.route('/api/media/create', methods=['POST'])
|
||||||
@auth.login_required
|
@auth_required
|
||||||
def create_media():
|
def create_media():
|
||||||
try:
|
try:
|
||||||
data = request.json
|
data = request.json
|
||||||
@@ -185,7 +197,7 @@ def create_media():
|
|||||||
return jsonify({"code": 2, "data": {}, "message": str(e)}), 500
|
return jsonify({"code": 2, "data": {}, "message": str(e)}), 500
|
||||||
|
|
||||||
@app.route('/api/media/updateById/<int:media_id>', methods=['PUT'])
|
@app.route('/api/media/updateById/<int:media_id>', methods=['PUT'])
|
||||||
@auth.login_required
|
@auth_required
|
||||||
def update_media(media_id):
|
def update_media(media_id):
|
||||||
try:
|
try:
|
||||||
media = Media.query.get_or_404(media_id)
|
media = Media.query.get_or_404(media_id)
|
||||||
@@ -222,7 +234,7 @@ def update_media(media_id):
|
|||||||
return jsonify({"code": 2, "data": {}, "message": str(e)}), 500
|
return jsonify({"code": 2, "data": {}, "message": str(e)}), 500
|
||||||
|
|
||||||
@app.route('/api/media/deleteById/<int:media_id>', methods=['DELETE'])
|
@app.route('/api/media/deleteById/<int:media_id>', methods=['DELETE'])
|
||||||
@auth.login_required
|
@auth_required
|
||||||
def delete_media(media_id):
|
def delete_media(media_id):
|
||||||
try:
|
try:
|
||||||
media = Media.query.get_or_404(media_id)
|
media = Media.query.get_or_404(media_id)
|
||||||
@@ -234,7 +246,7 @@ def delete_media(media_id):
|
|||||||
return jsonify({"code": 2, "data": {}, "message": str(e)}), 500
|
return jsonify({"code": 2, "data": {}, "message": str(e)}), 500
|
||||||
|
|
||||||
@app.route('/api/media/page', methods=['GET'])
|
@app.route('/api/media/page', methods=['GET'])
|
||||||
@auth.login_required
|
@auth_required
|
||||||
def get_media_page():
|
def get_media_page():
|
||||||
try:
|
try:
|
||||||
type = request.args.get('type')
|
type = request.args.get('type')
|
||||||
|
|||||||
Reference in New Issue
Block a user