时间戳

首页 > 解决方案 > 如何知道用户是否在 Pyrebase 和 Flask 中登录?

python - 如何知道用户是否在 Pyrebase 和 Flask 中登录?

问题描述

app = Flask(__name__)
firebase = pyrebase.initialize_app(config)
auth = firebase.auth()
db = firebase.database()

@app.route('/login', methods=["POST", "GET"])
    def login():
        message = ""
        if request.method == "POST":
            email = request.form["login_email"]
            password = request.form["login_password"]
            try:
                user = auth.sign_in_with_email_and_password(email, password)
                user = auth.refresh(user['refreshToken'])
                user_id = user['idToken']
                return redirect(url_for('admin'))
            except:
                message = "Incorrect Password!"
        return render_template("login.html", message=message)

@app.route('/admin')
def admin():
    return render_template("admin.html")

if __name__ == '__main__':
    app.run()

如何仅/admin在用户登录时加载页面?我知道它与用户令牌有关,但我仍然不确定如何使用令牌来识别用户是否登录。此外,useranduser_id没有定义在admin()并且仅在中定义,login()因为它们在函数中。

那么我需要在我的代码中进行哪些更改才能仅/admin在用户登录时加载页面?

标签: pythonfirebaseflaskfirebase-authenticationpyrebase

解决方案

使用烧瓶会话来存储您的密钥,如果密钥存在则用户被记录,

您还可以为单个会话全局访问所有会话变量

from flask import Flask, session, request
import requests
import os

app = Flask(__name__)
app.secret_key = os.urandom(24)
firebase = pyrebase.initialize_app(config)
auth = firebase.auth()
db = firebase.database()

@app.route('/login', methods=["POST", "GET"])
def login():
    message = ""
    try:
        print(session['usr'])
        return redirect(url_for('admin'))
    except KeyError:
        if request.method == "POST":
            email = request.form["login_email"]
            password = request.form["login_password"]
            try:
                user = auth.sign_in_with_email_and_password(email, password)
                user = auth.refresh(user['refreshToken'])
                user_id = user['idToken']
                session['usr'] = user_id
                return redirect(url_for('admin'))
            except:
                message = "Incorrect Password!"
        return render_template("login.html", message=message)

@app.route('/admin')
def admin():
    try:
        print(session['usr'])
        return render_template("admin.html")
    except KeyError:
        return redirect(url_for('login'))


if __name__ == '__main__':
    app.run()

如果session['usr']未分配,则会给出关键错误,这意味着 usr 未登录。但请注意,在注销过程中,您需要删除该 usr 的会话。

推荐阅读