Skip to main content

maxwin aiohttp security

Project description


mw-aiohttp-security
===================
maxwin 团队 aiohttp 框架下的 认证和确权


代码样例
------------------

> .app/__init__.py 生成app,初始化 auth和permission 类

.. code-block:: python

from mw_aiohttp_security import Auth,Permission
import asyncio
import aioredis
from aiohttp import web

# 认证类
auth = Auth()
# 权限类
p = Permission('maxguideweb')

def make_app():
async def make_redis_pool():
redis_address = ('192.168.101.70', '6380')
return await aioredis.create_redis_pool(redis_address, timeout=1)

async def dispose_redis_pool(app):
redis_pool.close()
await redis_pool.wait_closed()

loop = asyncio.get_event_loop()
app = web.Application()

redis_pool = loop.run_until_complete(make_redis_pool())

auth.init_app(app,redis_pool)
p.init_app(app)
app.on_cleanup.append(dispose_redis_pool)
# add router
from .router import add_router
add_router(app)
return app

> ./app/handler.py ,检查认证:@auth.valid_login,检查有无权限: @p.check('fleet','delete')

.. code-block:: python

from . import auth,p
import time
from aiohttp import web
from aiohttp_session import get_session

# 检查是否授权
@auth.valid_login
async def handler(request):
user = request['current_user']
# 没有权限raise 403
p.check_permission(user.uid, 'fleet', 'auth')
text = 'Last visited: {}'.format(time.time())
return web.Response(text=text)

# 检查是否有删除 fleet的权限
@p.check('fleet','delete')
async def say_hello(request):
# 获取session,session中有包含user信息
session = await get_session(request)
# 获取当前用户 信息
user = request['current_user']
# 动态的检查权限
if not p.has_permission(user.uid,'fleet','auth'):
return web.Response(text='没有设定授权车队的权限')
return web.Response(text='hello')

> ./app/router.py add router

.. code-block:: python

from .handler import handler,say_hello

def add_router(app):
app.router.add_get('/', handler)
app.router.add_get('/hello',say_hello)
```

> .main.py ,run app
```python
from aiohttp import web
from app import make_app

web.run_app(make_app(),port=8899)

Changes
=======

0.1.3(2018-10-31)
------------------

- redis_pool 在 app.on_startup 中初始化,在init_app时,直接取app['redis_pool']

0.1.2(2018-10-31)
------------------

- current_user.uid改为user_id,current_user.uname 改为 user_name

0.1.1(2018-10-31)
------------------

- fix gbk

0.1.0(2018-10-30)
------------------

- 增加readme
Keywords: maxwin commonlib security check_auth check_permission
Platform: UNKNOWN
Classifier: Development Status :: 3 - Alpha
Classifier: Intended Audience :: Developers
Classifier: Topic :: Software Development :: Build Tools
Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 3.5
Classifier: Programming Language :: Python :: 3.6

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for mw-aiohttp-security, version 0.1.3
Filename, size File type Python version Upload date Hashes
Filename, size mw-aiohttp-security-0.1.3.tar.gz (5.9 kB) File type Source Python version None Upload date Hashes View hashes

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN SignalFx SignalFx Supporter DigiCert DigiCert EV certificate StatusPage StatusPage Status page