创建一个Flask公共网址装饰器

Question

我想为Flask路由创建一个装饰器，将某些路由标记为public，所以我可以这样做：

@public
@app.route('/welcome')
def welcome():
    return render_template('/welcome.html')

在其他地方，这就是我在想装饰器和检查看起来像：

_public_urls = set()

def public(route_function):
    # add route_function's url to _public_urls
    # _public_urls.add(route_function ...?.url_rule)
    def decorator(f):
        return f

def requested_url_is_public():
    from flask import request
    return request.url_rule in _public_urls

然后，当发出请求时，我有一个检查requested_url_is_public的上下文函数。

我有点难过，因为我不知道如何在public装饰器中获取给定函数的url规则。

也许这不是Flask的最佳设计选择，但我希望还有另外一个简单的＆amp;优雅的方式实现这一目标。

我以前见过这样的模式，想模仿它。例如，这与Django的login_required装饰器相对应。

我很喜欢读这个想法。

Answer 1

Flask已经有一个login_required装饰器（见view decorators）。如果您使用public_urls来决定要求身份验证的网址，那么您最好使用它。

Answer 2

我最终做了这样的事情：

def public(endpoint):
    """A decorator for endpoints that flags them as publicly accessible

    The endpoint is the Flask endpoint function. This is later tested by the
    _is_public function, which is called before every request.

    Note that @public must come AFTER route.add i.e.
    @app.route('...')
    @public
    def handler(): ...
    """
    @wraps(endpoint)
    def public_endpoint(*args, **kwargs):
        return endpoint(*args, **kwargs)
    public_endpoint._is_public = True
    return public_endpoint

和

def _is_public(endpoint):
    """Return true if the given endpoint function is public

    Tests whether the @public decorator has been applied to the url.
    """
    return getattr(endpoint, '_is_public', False) is True


@blueprint.before_app_request  # or @app.before_request
def security_check():
    """Check all incoming requests for a current user.
    """  
    if current_user.is_logged_in:  # need current_user test elsewhere
        # we don't need to check if we have a public url if the user is
        # logged in
        return

    try:
        if _is_public(current_app.view_functions[request.endpoint]):
            # we just go perform the endpoint function if it is public
            return
    except KeyError:
        # There is no endpoint matching the request
        abort(404)

    # user is not logged in and it's not a public url
    logging.info("No current user and %s is not public" % request.path[1:])

    # send the user to the welcome page
    return redirect(url_for("some_public_page"))