如何将Tornado认证与AngularJS结合?
我正在使用Tornado文档中提供的示例认证系统。当我想把它和AngularJS结合起来时,AngularJS就会抱怨出现了跨域请求的问题。
我该如何把Tornado的认证系统和AngularJS结合起来呢?
认证处理器
class BaseHandler(tornado.web.RequestHandler):
def get_current_user(self):
user_json = self.get_secure_cookie("my_app")
if not user_json: return None
return tornado.escape.json_decode(user_json)
class AuthGoogleLoginHandler(BaseHandler, tornado.auth.GoogleMixin):
'''
The Google OAuth Handler.
The `AuthGoogleLoginHandler` redirects each accepted user
to the index /.
'''
@gen.coroutine
def get(self):
if self.get_argument("openid.mode", None):
user = yield self.get_authenticated_user()
self.set_secure_cookie("my_app",
tornado.escape.json_encode(user))
self.current_user = user
email = user.get('email')
try:
usr = models.User.objects.get(email=email)
except mongoengine.DoesNotExist as e:
# there is no user with the wished email address
# let's create a new one.
new_user = models.User()
new_user.email = user.get('email')
new_user.first_name = user.get('first_name')
new_user.last_name = user.get('last_name')
new_user.locale = user.get('locale')
new_user.save()
self.redirect(self.get_argument('next', '/'))
return
self.authenticate_redirect()
个人资料处理器
class ProfileHandler(BaseHandler):
'''
returns the username of the current user so that it can be used by the AngularJS Templates
'''
@tornado.web.authenticated
def get(self):
if not self.get_current_user():
response = json.dumps({"userdetails":"my dummy user"})
self.write(response)
# user actually exists
else:
response = json.dumps({"userdetails":self.get_current_user()})
self.write(response)
1 个回答
1
我觉得你需要启用跨域请求,想了解更多可以查一下CORS的相关信息:
class BaseHandler(tornado.web.RequestHandler):
def set_default_headers(self):
self.set_header("Access-Control-Allow-Origin", "http://yoursite.com")
另外,我花了一段时间才搞明白,正常的会话在Angular和RESTful API交互时是无法使用的。你需要在每次请求中通过HTTP的授权头发送凭证。可以看看这个链接:
http://wemadeyoulook.at/en/blog/implementing-basic-http-authentication-http-requests-angular/
希望这些对你有点帮助!