flask before request - add exception for specific

2019-01-17 03:25发布

问题:

In the before_request() function (below), I want to redirect the user to /login if they are not yet logged in. Is there a special variable that will give me the current URL that will work as the below example does?

@app.before_request
def before_request():
    # the variable current_url does not exist
    # but i want something that works like it
    if (not 'logged_in' in session) and (current_url != '/login'):
        return redirect(url_for('login'))

I need to check that the current URL is /login, because if I don't the server goes into an infinite loop.

回答1:

There are a couple of properties on the request object you can check, documented here, request.path is probably what you want. Can I suggest request.endpoint though, so you'll be covered should you decide to route your view to another url, or multiple urls

@app.before_request
def before_request():
    if 'logged_in' not in session and request.endpoint != 'login':
        return redirect(url_for('login'))


回答2:

You can use a decorator. Here's an example that shows how to check an API key before specific requests:

from functools import wraps

def require_api_key(api_method):
    @wraps(api_method)

    def check_api_key(*args, **kwargs):
        apikey = request.headers.get('ApiKey')
        if apikey and apikey == SECRET_KEY:
            return api_method(*args, **kwargs)
        else:
            abort(401)

    return check_api_key

And you can use it with:

@require_api_key


回答3:

Here's an implementation of the accepted answer with flask-login:

@app.before_request
def require_authorization():
    from flask import request
    from flask.ext.login import current_user

    if not (current_user.is_authenticated or request.endpoint == 'login'):
        return login_manager.unauthorized()


标签: python flask