实现了一个基于 Flask 框架的简单图书管理 API,主要功能包括:
- 用户登录认证(硬编码管理员账户)
- 图书信息的 CRUD(创建、读取、更新、删除)操作
- 使用 SQLite 数据库存储用户和图书信息
- 基于会话的身份验证机制
依赖组件
- Flask:Web 框架
- Flask-SQLAlchemy:ORM 数据库工具
- Flask-CORS:处理跨域请求
- functools.wraps:装饰器工具
主要模块
-
应用初始化:创建 Flask 应用,配置 CORS,设置密钥
-
数据库配置:SQLite 数据库连接,SQLAlchemy 初始化
-
数据模型:定义 User 和 Book 两个数据库模型
-
数据库初始化:创建表结构,添加默认管理员用户
-
认证装饰器:实现登录状态检查
-
API 端点:提供用户认证和图书管理的 RESTful 接口
#!/usr/bin/env python
-- coding: utf-8 --
文件名:apisj.py
作者:Administrator
日期:2025/8/8
描述:
from flask import Flask, request, jsonify, session
from flask_sqlalchemy import SQLAlchemy
from flask_cors import CORS
from functools import wraps
import osapp = Flask(name)
CORS(app)生产环境请换成安全随机值
app.secret_key = "secret_key_for_session"
SQLite 数据库配置
BASE_DIR = os.path.abspath(os.path.dirname(file))
db_path = os.path.join(BASE_DIR, "books.db")
app.config["SQLALCHEMY_DATABASE_URI"] = f"sqlite:///{db_path}"
app.config["SQLALCHEMY_TRACK_MODIFICATIONS"] = Falsedb = SQLAlchemy(app)
-------------------
数据模型
-------------------
class User(db.Model):
id = db.Column(db.Integer, primary_key=True)
username = db.Column(db.String(50), unique=True, nullable=False)
password = db.Column(db.String(50), nullable=False)class Book(db.Model):
id = db.Column(db.Integer, primary_key=True)
title = db.Column(db.String(100), nullable=False)
author = db.Column(db.String(50), nullable=False)初始化数据库
with app.app_context():
db.create_all()
# 如果没有用户就创建默认管理员
if not User.query.filter_by(username="admin").first():
db.session.add(User(username="admin", password="123456"))
db.session.commit()-------------------
登录态检查装饰器
-------------------
def login_required(func):
@wraps(func)
def wrapper(*args, **kwargs):
if not session.get("logged_in"):
return jsonify({"error": "未登录"}), 401
return func(*args, **kwargs)
return wrapper-------------------
登录
-------------------
@app.route("/login", methods=["POST"])
def login():
data = request.get_json()
username = data.get("username")
password = data.get("password")user = User.query.filter_by(username=username, password=password).first() if user: session["logged_in"] = True session["username"] = username return jsonify({"message": "登录成功"}) return jsonify({"error": "用户名或密码错误"}), 401-------------------
登出
-------------------
@app.route("/logout", methods=["POST"])
@login_required
def logout():
session.clear()
return jsonify({"message": "已登出"})-------------------
获取书籍列表
-------------------
@app.route("/books", methods=["GET"])
@login_required
def get_books():
books = Book.query.all()
return jsonify([{"id": b.id, "title": b.title, "author": b.author} for b in books])-------------------
新增书籍
-------------------
@app.route("/books", methods=["POST"])
@login_required
def add_book():
data = request.get_json()
new_book = Book(title=data.get("title"), author=data.get("author"))
db.session.add(new_book)
db.session.commit()
return jsonify({"message": "书籍添加成功", "book": {"id": new_book.id, "title": new_book.title, "author": new_book.author}})-------------------
更新书籍
-------------------
@app.route("/books/int:book_id", methods=["PUT"])
@login_required
def update_book(book_id):
data = request.get_json()
book = Book.query.get(book_id)
if not book:
return jsonify({"error": "书籍不存在"}), 404
book.title = data.get("title", book.title)
book.author = data.get("author", book.author)
db.session.commit()
return jsonify({"message": "书籍更新成功", "book": {"id": book.id, "title": book.title, "author": book.author}})-------------------
删除书籍
-------------------
@app.route("/books/int:book_id", methods=["DELETE"])
@login_required
def delete_book(book_id):
book = Book.query.get(book_id)
if not book:
return jsonify({"error": "书籍不存在"}), 404
db.session.delete(book)
db.session.commit()
return jsonify({"message": "书籍删除成功"})if name == "main":
app.run(debug=True)