refactor: replace HTTPBasicAuth with custom authentication decorator; update routes to use new auth method

2025-05-19 18:25:07 +08:00
parent 5721d26fae
commit 98829a226e
1 changed files with 30 additions and 18 deletions
--- a/app.py
+++ b/app.py
@@ -1,23 +1,35 @@
 from flask import Flask, request, jsonify, send_file
 from flask_sqlalchemy import SQLAlchemy
-from flask_httpauth import HTTPBasicAuth
+from flask_cors import CORS
 from datetime import datetime
 import os
 import shutil
 import json
+from functools import wraps
+import base64

 app = Flask(__name__)
-auth = HTTPBasicAuth()
+CORS(app)

-# 配置认证信息
-USERS = {
-    "admin": "your-secure-password"  # 请修改为安全的密码
-}
+# 认证配置
+USERNAME = 'admin'
+PASSWORD = 'admin'

-@auth.verify_password
-def verify_password(username, password):
-    if username in USERS and USERS[username] == password:
-        return username
+def auth_required(f):
+    @wraps(f)
+    def decorated(*args, **kwargs):
+        auth = request.authorization
+        if not auth or auth.username != USERNAME or auth.password != PASSWORD:
+            response = jsonify({
+                'code': 1,
+                'message': 'Invalid username or password'
+            })
+            response.status_code = 401
+            # 移除 WWW-Authenticate 头
+            response.headers.pop('WWW-Authenticate', None)
+            return response
+        return f(*args, **kwargs)
+    return decorated

 # 配置数据库
 app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///media.db'
@@ -53,7 +65,7 @@ def backup_database():
    return backup_file

@app.route('/api/backup', methods=['POST'])
-@auth.login_required
+@auth_required
 def create_backup():
    try:
        backup_file = backup_database()
@@ -69,7 +81,7 @@ def create_backup():
        return jsonify({"code": 1, "data": {}, "message": str(e)}), 500

@app.route('/api/backup/list', methods=['GET'])
-@auth.login_required
+@auth_required
 def list_backups():
    try:
        backup_dir = 'backups'
@@ -99,7 +111,7 @@ def list_backups():
        return jsonify({"code": 1, "data": {}, "message": str(e)}), 500

@app.route('/api/backup/restore/<filename>', methods=['POST'])
-@auth.login_required
+@auth_required
 def restore_backup(filename):
    try:
        backup_file = os.path.join('backups', filename)
@@ -125,7 +137,7 @@ def restore_backup(filename):

 # API 路由
@app.route('/api/media/list', methods=['GET'])
-@auth.login_required
+@auth_required
 def get_all_media():
    try:
        media_list = Media.query.all()
@@ -149,7 +161,7 @@ def get_all_media():
        return jsonify({"code": 1, "data": {}, "message": str(e)}), 500

@app.route('/api/media/create', methods=['POST'])
-@auth.login_required
+@auth_required
 def create_media():
    try:
        data = request.json
@@ -185,7 +197,7 @@ def create_media():
        return jsonify({"code": 2, "data": {}, "message": str(e)}), 500

@app.route('/api/media/updateById/<int:media_id>', methods=['PUT'])
-@auth.login_required
+@auth_required
 def update_media(media_id):
    try:
        media = Media.query.get_or_404(media_id)
@@ -222,7 +234,7 @@ def update_media(media_id):
        return jsonify({"code": 2, "data": {}, "message": str(e)}), 500

@app.route('/api/media/deleteById/<int:media_id>', methods=['DELETE'])
-@auth.login_required
+@auth_required
 def delete_media(media_id):
    try:
      media = Media.query.get_or_404(media_id)
@@ -234,7 +246,7 @@ def delete_media(media_id):
        return jsonify({"code": 2, "data": {}, "message": str(e)}), 500

@app.route('/api/media/page', methods=['GET'])
-@auth.login_required
+@auth_required
 def get_media_page():
    try:
        type = request.args.get('type')