我有一个基本的烧瓶应用程序,我向客户收费以查看页面
from flask import Flask, render_template, request, redirect, url_for
import stripe
app = Flask(__name__)
pub_key = 'pk_test_999999999'
secret_key = 'sk_test_999999'
stripe.api_key = secret_key
@app.route('/')
def index():
return render_template('index.html', pub_key=pub_key)
@app.route('/thank_you')
def thanks():
return render_template('thanks.html')
@app.route('/pay', methods=['POST'])
def pay():
customer = stripe.Customer.create(
email=request.form['stripeEmail'],
source=request.form['stripeToken']
)
charge = stripe.Charge.create(
customer=customer.id,
amount=19900,
currency='usd',
description='The Product'
)
return redirect(url_for('thanks'))
if __name__ == '__main__':
app.run(debug=True)
我想做的是限制对“谢谢”页面的访问我不希望任何人通过在浏览器中键入整个URL来访问thank_you,只有付费的客户才能看到“感谢”页面,即使有人键入了整个URL www.example.com/thank_you,它将重定向到您尚未付款的地方,请付款
我曾考虑过要添加一个登录页面,并让装饰者仅登录客户,我不喜欢这样的想法:我不希望创建这样的障碍,我不希望任何客户信息仅用于付费和访问页面
关于如何做到这一点的任何想法?
答案 0 :(得分:0)
尝试类似这样的方法。请记住,这并不完全安全。我不知道您的ID和令牌是如何生成的。但这只是为了简单起见。
如果您想要更安全的信息,请检查flask会话或flask登录软件包。
customers_payed = []
@app.route('/pay', methods=['POST'])
def pay():
customer = stripe.Customer.create(
email=request.form['stripeEmail'],
source=request.form['stripeToken']
)
charge = stripe.Charge.create(
customer=customer.id,
amount=19900,
currency='usd',
description='The Product'
)
# add customer id to list maybe hash it with its email and token you can make this as hard to guess as you want
customers_payed.append(str(customer.id) + request.form['stripeToken'])
return redirect(url_for('thanks', customer_id=customer.id, token= request.form['stripeToken']))
@app.route('/thank_you')
def thanks():
customer_id = requests.args.get(“customer_id”)
token = requests.args.get(“token”)
# check if its in the list, maybe pop it if customer is only allowed once
if (customer_id+token) in customers_payed:
return render_template('thanks.html')
else:
return redirect(url_for(“replace with error page”))