加密URL中的信息,如登录凭据。如果要向用户发送一个链接,该链接可登录用户而不泄漏其登录凭据,则会很有用。
django-urlcrypt的Python项目详细描述
django urlcrypt加密url中的信息,例如登录凭据。
例如,假设我有如下的url模式:
urlpatterns = patterns('', url(r'^inbox/$', 'message_inbox', name='message_inbox'), (r'^r/', include('urlcrypt.urls')), )
我可以使用django urlcrypt为用户生成一个url,它看起来像:
http://www.mydomain.com/r/TkNJBkNFAghDWkdFGPUAQEfcDUJfEBIREgEUFl1BQ18IQkdDUUcPSh4ADAYAWhYKHh8KHBsHEw
并将自动登录该用户并将其重定向到/inbox/。
安装
easy_install django-urlcrypt或pip install django-urlcrypt
将urlcrypt添加到INSTALLED_APPS
在settings.py中,将'urlcrypt.auth_backends.UrlCryptBackend'添加到AUTHENTICATION_BACKENDS
在url.py中添加:
(r'^r/', include('urlcrypt.urls')),
(推荐)如果您希望在令牌上使用rsa加密,请使用ssh-keygen-t rsa -f <path to private key>生成一个私钥(如果您还没有),然后将私钥的路径设置为urlcrypt_private_key_path。rsa加密使令牌更长,但更安全。需要pycrypto库。
用法
在视图中:
from django.core.urlresolvers import reverse from urlcrypt import lib as urlcrypt token = urlcrypt.generate_login_token(user, reverse('message_inbox')) encoded_url = reverse('urlcrypt_redirect', args=(token,)) # yours will look slightly different because you have a different SECRET_KEY, but approximately # encoded_url == /r/TkNJBkNFAghDWkdFGPUAQEfcDUJfEBIREgEUFl1BQ18IQkdDUUcPSh4ADAYAWhYKHh8KHBsHEw
在模板中:
{% load urlcrypt_tags %} <a href="{% encoded_url user message_inbox %}">click me to log in as {{user.username}} and go to {% url message_inbox %}</a>
高级库用法:
from urlcrypt import lib as urlcrypt message = { 'url': u'/users/following/', 'user_id': '12345' } token = urlcrypt.encode_token((message['user_id'], message['url'])) decoded_message = urlcrypt.decode_token(token, ('user_id', 'url', 'timestamp')) >>> print token TkNJBkNFAghDWkdFGPUAQEfcDUJfEBIREgEUFl1BQ18IQkdDUUcPSh4ADAYAWhYKHh8KHBsHEw >>> print decoded_message {'url': '/users/following/', 'user_id': '12345'}
设置
- ^{tt10}$
- default: ^{tt11}$
- If urlcrypt authentication fails, redirects to ^{tt10}$.
- ^{tt13}$
- default: ^{tt14}$
- The number of urlcrypt requests a unique visitor is allowed to make per minute.
- ^{tt15}$
- default: ^{tt16}$
- The path to the RSA private key file in PEM format. If ^{tt16}$, RSA encryption will not be used.
- ^{tt18}$
- default: ^{tt19}$
- Set ^{tt18}$ to True when running the urlcrypt tests.