如何使用注销？

Question

我在Flask上得到了一个二手API项目，这是我以前从未使用过的，而且我很快就提交了它。

在代码中，我遇到了一个正在注销的问题。我不知道如何在登录后注销。我认为唯一的解决方案是删除在登录时提供的JWT，但不知道如何做到这一点。

知道如何解决这个问题吗？即使是新的想法也是受欢迎的。

app = Flask(__name__)
CORS(app)
# cors = CORS(app, resource={r'*': {'origins': 'http://localhost:4200'}})
bcrypt = Bcrypt(app)
app.config["JWT_SECRET_KEY"] = "super-secret"  # Change this!
jwt = JWTManager(app)

Base.metadata.create_all(engine)
session = Session()


@app.route('/')
def get_status():
    return 'API is working!'


@app.route('/login', methods=['POST'])
def post_login():
    email = request.form.get('email')
    password = request.form.get('password')

    user_object = session.query(User).filter(User.email == email).first()

    if user_object is not None and bcrypt.check_password_hash(user_object.password, password):
        # transforming into JSON-serializable objects
        schema = UserSchema(many=False, only=('email', 'role'))
        user = schema.dump(user_object)

        # serializing as JSON
        session.close()
        access_token = create_access_token(identity=user)

        return jsonify(access_token=access_token)
    else:
        return 'Invalid email or password', 401


@app.route("/logout", methods=["DELETE"])
@jwt_required()
def logout():
    # TODO: here!
    return jsonify(msg="Access token revoked")


@app.route('/register', methods=['POST'])
@jwt_required()
def register_user():
    email = request.form.get('email')
    password = request.form.get('password')
    role = request.form.get('role')
    user_uuid = uuid_library.uuid1()

    password_hash = bcrypt.generate_password_hash(password).decode('utf-8')

    user = User(user_uuid, email, password_hash, role, "HTTP post request")

    user_object = session.query(User) \
        .filter(User.email == email) \
        .first()

    if user_object is None:
        # persist exam
        session.add(user)
        session.commit()
        session.close()
        return jsonify('User has been registered'), 201
    else:
        session.close()
        return 'User with this email already exists', 400


@app.route('/user/<email>', methods=['DELETE'])
@jwt_required()
def delete_user(email):
    user_object = session.query(User) \
        .filter(User.email == email) \
        .first()

    if user_object is not None:
        session.delete(user_object)
        session.commit()
        session.close()

        return jsonify('User has been deleted'), 200
    else:
        session.close()
        return 'User does not exists', 400


@app.route('/users', methods=['GET'])
@jwt_required()
def get_all_users():
    current_user = get_jwt_identity()
    if current_user['role'] == 'admin':
        user_objects = session.query(User).all()

        schema = UserSchema(many=True)
        users = schema.dump(user_objects)

        session.close()
        return jsonify(users)
    else:
        return 'Not authorized', 401


if __name__ == '__main__':
    app.run(debug=True)

Answer 1

你得把记号列入黑名单。对于黑名单，您必须在数据库中创建一个表，并存储黑名单中的令牌，并检查views.You可以将令牌存储在客户端。