我在烧瓶中做了以下装饰器以保护我的API:
def auth_required(f):
@wraps(f)
def decorated_function(*args, **kwargs):
if session.get('user') is None:
if 'Authorization' not in request.headers:
return jsonify({'status': 0,'message':'Unauthorized'})
else:
try:
token = request.headers.get('Authorization')
data = jwt.decode(token.split(" ")[1], app.config['SECRET_KEY'],algorithms=['HS256'])
return f(*args, **kwargs)
except Exception as e:
print(str(e))
return jsonify({'status': 0,'message':'Unauthorized'})
else:
return f(*args, **kwargs)
return decorated_function
当在Web上使用会话(而不是JWT)但在使用cURL时使用它时,这种方法工作正常:
curl -i -H "Content-Type: application/json" -H "Authorization: Bearer mytoken123" -X POST -d '{"phone":"myphonenumber","type":"send"}' http://localhost:5000/api/OTP
我收到以下答复:
400 Bad Request: The browser (or proxy) sent a request that this server could not understand.
127.0.0.1 - - [25/Dec/2018 14:00:30] "POST /api/OTP HTTP/1.1" 200 -
这是怎么回事?