Castle保护您的用户不受帐户泄露的影响
castle的Python项目详细描述
Castle分析设备、位置和 在您的网络和移动应用程序中的交互模式,并允许您停止 实时的帐户接管攻击。
安装
pip install castle
配置
使用castle api secret导入并配置库。
fromcastle.configurationimportconfiguration# Same as setting it through Castle.api_secretconfiguration.api_secret=':YOUR-API-SECRET'# For authenticate method you can set failover strategies: allow(default), deny, challenge, throwconfiguration.failover_strategy='deny'# Castle::RequestError is raised when timing out in milliseconds (default: 500 milliseconds)configuration.request_timeout=1000# Whitelisted and Blacklisted headers are case insensitive and allow to use _ and - as a separator, http prefixes are removed# Whitelisted headersconfiguration.whitelisted=['X_HEADER']# or append to defaultconfiguration.whitelisted=configuration.whitelisted+['http-x-header']# Blacklisted headers take advantage over whitelisted elementsconfiguration.blacklisted=['HTTP-X-header']# or append to defaultconfiguration.blacklisted=configuration.blacklisted+['X_HEADER']
跟踪
这是一个简单的径赛项目的例子。
fromcastle.clientimportClientfromcastleimporteventscastle=Client.from_request(request)castle.track({'event':events.LOGIN_SUCCEEDED,'user_id':'user_id'})
客户端将自动为每个请求配置上下文。
签名
fromsecure_modeimportsignaturesignature(user_id)
将创建已签名的用户ID。
异步跟踪
默认情况下,castle同步发送请求。在 后台工作进程您可以为工作进程生成数据:
fromcastle.clientimportClientfromcastleimporteventscontext=Client.to_context(request)options=Client.to_options({'event':events.LOGIN_SUCCEEDED,'user_id':user.id,'properties':{'key':'value'},'user_traits':{'key':'value'}})
以后再以某种方式使用它
fromcastle.clientimportClientclient=Client(context)client.track(options)
例外情况
CastleError将被抛出,如果castle api返回400或500 级别http响应。您还可以选择捕捉更多的finegrained error。
文档
有关其他资源的文档和链接,请访问 https://castle.io/docs