tornado作为鼎鼎大名的web异步框架,用来作为高性能服务器以及web框架都是首选。自从python3.4加入了asyncio原生协程后,tornado的最新版本也开始使用了原生的协程。定义协程函数的时候就很简单了,也可以像sanic一样使用async def了。
class LoginHandler(RequestHandler): async def post(self, *args, **kwargs): ... pass
一般的web项目都会有登陆的功能,这就涉及到了登陆验证,在做这一部分功能的时候,我使用的是 jwt -- json web token的方法验证是否登陆。当然也可以使用类似于django的session验证。各自均有优缺点。
通常需要验证是否登陆的模块很多,一般都会写一个登陆验证装饰器,tornado实现了登陆验证装饰器 :
def authenticated(method): """Decorate methods with this to require that the user be logged in. If the user is not logged in, they will be redirected to the configured `login url <RequestHandler.get_login_url>`. If you configure a login url with a query parameter, Tornado will assume you know what you're doing and use it as-is. If not, it will add a `next` parameter so the login page knows where to send you once you're logged in. """ @functools.wraps(method) def wrapper(self, *args, **kwargs): if not self.current_user: if self.request.method in ("GET", "HEAD"): url = self.get_login_url() if "?" not in url: if urlparse.urlsplit(url).scheme: # if login url is absolute, make next absolute too next_url = self.request.full_url() else: next_url = self.request.uri url += "?" + urlencode(dict(next=next_url)) self.redirect(url) return raise HTTPError(403) return method(self, *args, **kwargs) return wrapper
method(self,*args,**kwargs)即为要装饰的函数。但是如果 像上面定义的post方法 async def post(self, *args, **kwargs),作为一个协程函数,就不能再使用这个装饰器了,就需要改写一下这个装饰器。def authenticated_async(method):
初始化app的过程:
import tornado from peewee_async import Manager from YourApp.urls import urlpattern from YourApp.settings import settings, database if __name__ == "__main__": #集成json到wtforms import wtforms_json wtforms_json.init() app = web.Application(urlpattern, debug=True, **settings) app.listen(80) objects = Manager(database) database.set_allow_sync(False) app.objects = objects tornado.ioloop.IOLoop.current().start()
登陆装饰器改写
@functools.wraps(method)
async def wrapper(self, *args, **kwargs):
tsessionid = self.request.headers.get("tsessionid", None)
if tsessionid:
try:
send_data = jwt.decode(tsessionid, self.settings["secret_key"], leeway=self.settings["jwt_expire"], options={"verify_exp": True})
user_id = send_data["id"]
# User 的model类,根据实际情况调整
#从数据库中获取到user并设置给_current_user
try:
user = await self.application.objects.get(User, id=user_id)
self._current_user = user
# 协程的调用方式
await method(self, *args, **kwargs)
except User.DoesNotExist as e:
self.set_status(401)
except jwt.ExpiredSignatureError as e: # 验证jwt 是否过期
self.set_status(401)
else:
self.set_status(401)
self.finish({})
return wrapper