Python库 | sanic-security-0.8.2.8.tar.gz

<!-- PROJECT SHIELDS --> <!-- *** I'm using markdown "reference style" links for readability. *** Reference links are enclosed in brackets [ ] instead of parentheses ( ). *** See the bottom of this document for the declaration of the reference variables *** for contributors-url, forks-url, etc. This is an optional, concise syntax you may use. *** https://www.markdownguide.org/basic-syntax/#reference-style-links --> [![Contributors][contributors-shield]][contributors-url] [![Forks][forks-shield]][forks-url] [![Stargazers][stars-shield]][stars-url] [![Issues][issues-shield]][issues-url] <!-- PROJECT LOGO --> <br /> <p align="center"> <h3 align="center">Sanic Security</h3> <p align="center"> A powerful, simple, and async security library for Sanic. <br /> <a href="http://security.sunsetdeveloper.com/">Documentation</a> · <a href="https://github.com/sunset-developer/Amy-Rose/issues">Report Bug</a> · <a href="https://github.com/sunset-developer/asyncauth/pulls">Request Feature</a> </p> </p> <!-- TABLE OF CONTENTS --> ## Table of Contents * [About the Project](#about-the-project) * [Getting Started](#getting-started) * [Prerequisites](#prerequisites) * [Installation](#installation) * [Usage](#usage) * [Initial Setup](#initial-setup) * [Authentication](#authentication) * [Recovery](#recovery) * [Captcha](#captcha) * [Verification](#verification) * [Authorization](#authorization) * [IP2Proxy](#ip2proxy) * [Error Handling](#error-handling) * [Middleware](#Middleware) * [Roadmap](#roadmap) * [Contributing](#contributing) * [License](#license) * [Contact](#contact) * [Acknowledgements](#acknowledgements) <!-- ABOUT THE PROJECT --> ## About The Project Sanic Security is an authentication and authorization library made easy, designed for use with [Sanic](https://github.com/huge-success/sanic). This library is intended to be easy, convenient, and contains a variety of features: * Easy login and registering * Captcha * SMS and email verification * JWT * Password recovery * Wildcard permissions * Role permissions * IP2Proxy support * Easy database integration * Completely async This repository has been starred by Sanic's core maintainer:  <!-- GETTING STARTED --> ## Getting Started In order to get started, please install pip. ### Prerequisites * pip ```sh sudo apt-get install python3-pip ``` ### Installation * Install pip packages ```sh pip3 install sanic-security ``` ## Usage Once Sanic Security is configured and good to go, implementing is easy as pie. ### Initial Setup Familiarity with [Sanic](https://github.com/huge-success/sanic) and [Tortoise ORM](https://tortoise-orm.readthedocs.io/en/latest/index.html) is recommended. First you have to create a configuration file called auth.ini in the project directory. Make sure Python's working directory is the project directory. Below is an example of its contents: WARNING: You must set a custom secret, or you will compromise your encoded sessions. ``` [AUTH] name=ExampleProject secret=05jF8cSMAdjlXcXeS2ZJUHg7Tbyu captcha_font=source-sans-pro.light.ttf [TORTOISE] username=admin password=8UVbijLUGYfUtItAi endpoint=website.cweAenuBY6b.us-north-1.rds.amazonaws.com schema=webschema models=sanic_security.core.models engine=mysql generate=true [TWILIO] from=12058469963 token=1bcioi878ygO8fi766Fb34750e82a5ab sid=AC6156Jg67OOYe75c26dgtoTICifIe51cbf [SMTP] host=smtp.gmail.com port=465 [email protected] [email protected] password=wfrfouwiurhwlnj tls=true start_tls=false [IP2PROXY] key=iohuyg87UGYOFijoTYG8HOuhuZJsdXwjqbhuyghuiBUYG8yvo6J code=PX1LITEBIN bin=IP2PROXY-LITE-PX1.BIN ``` You may remove each section in the configuration you aren't using. For example, if you're not utilizing Twillio you can delete the TWILLIO section. Once you've configured Sanic Security, you can initialize Sanic with the example below: ```python if __name__ == '__main__': initialize_security(app) app.run(host='0.0.0.0', port=8000, debug=True) ``` All request bodies must be sent as `form-data`. For my below examples, I use my own custom json method: ```python from sanic.response import json as sanic_json def json(message, content, status_code=200): payload = { 'message': message, 'status_code': status_code, 'content': content } return sanic_json(payload, status=status_code) ``` ## Authentication * Registration (With all verification requirements) Phone can be null or empty. A captcha request must be made. Key | Value | --- | --- | **username** | test **email** | [email protected] **phone** | 19811354186 **password** | testpass **captcha** | Aj8HgD ```python @app.post('api/register') @requires_captcha() async def on_register(request, captcha_session): verification_session = await register(request) await verification_session.text_code() # Text verification code. await verification_session.email_code() # Or email verification code. response = json('Registration successful', verification_session.account.json()) verification_session.encode(response) return response ``` * Registration (Without verification requirements) Phone can be null or empty. Key | Value | --- | --- | **username** | test **email** | [email protected] **phone** | 19811354186 **password** | testpass ```python @app.post('api/register') async def on_register(request): account = await register(request, verified=True) return json('Registration Successful!', account.json()) ``` * Login Key | Value | --- | --- | **email** | [email protected] **password** | testpass ```python @app.post('api/login') async def on_login(request): authentication_session = await login(request) response = json('Login successful!', authentication_session.account.json()) authentication_session.encode(response) return response ``` * Logout ```python @app.post('api/logout') async def on_logout(request): authentication_session = await logout(request) response = json('Logout successful', authentication_session.account.json()) return response ``` * Requires Authentication ```python @app.get('api/client/authenticate') @requires_authentication() async def on_authenticated(request, authentication_session): return json('Hello ' + authentication_session.account.username + '! You are now authenticated.', authentication_session.account.json()) ``` ## Recovery * Recovery Attempt Key | Value | --- | --- | **email** | [email protected] **captcha** | Aj8HgD ```python @app.post('api/recovery/attempt') @requires_captcha() async def on_recovery_attempt(request, captcha_session): verification_session = await attempt_recovery(request) await verification_session.text_code() # Text verification code. await verification_session.email_code() # Or email verification code. response = json('A recovery attempt has been made, please verify account ownership.', verification_session.json()) verification_session.encode(response) return response ``` * Recovery Fulfill Key | Value | --- | --- | **code** | G8ha9nVa **password** | newpass ```python @app.post('api/recovery/fulfill') @requires_verification() async def on_recovery_fulfill(request): await fulfill_recovery_attempt(request, verification_session) return json('Account recovered successfully.', verification_session.account.json()) ``` ## Captcha You must download a .ttf font for captcha challenges and define the file's path in auth.ini. [1001 Free Fonts](https://www.1001fonts.com/) [Recommended Font](https://www.1001fonts.com/source-sans-pro-font.html) Captcha challenge example:  * Request Captcha ```python @app.get('api/captcha') async def on_request_captcha(request): captcha_session = await request_captcha(request) r