Tornado get_argument() 解析

本文详细介绍了如何在Tornado框架中自定义GET和POST请求处理程序,通过解析URL获取GET参数,并展示了使用get_argument方法获取查询字段的方法。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

http://www.nowamagic.net/academy/detail/1332605

Tornado的每个请求处理程序,我们叫做handler,handler里可以自定义自己的处理程序,其实也就是重写方法,如post,get,get_current_user,send_error等等,这里我们只讲get和post的自定义。

我们都知道,在Tornado里,获得用户的输入,都是一个get_argument搞定,似乎很顺理成章:

    def post(self):
        nowamagic = self.get_argument('nowamagic')
        self.write( nowamagic )

先介绍一点基本知识。我们来看看这么一个

URLhttp://www.nowamagic.net/academy/detail/13321002?page=1#comment
import urlparse

urlparse.urlparse('http://www.nowamagic.net/academy/detail/13321002?page=1#comment')

ParseResult(scheme='http', netloc='www.nowamagic.net', path='/academy/detail/13321002', params='', query='page=1', fragment='comment')

url由scheme(协议),netloc(主机),path(路径),params(最后路径的参数),query(查询字段),fragment(锚)组成。

下面我们要获取URL里的GET参数,也就是获取url query中的参数,怎么办呢?

对于单一的值,在get和post中调用self.get_argument(“name”, “default”)。

对于多选的值,调用self.get_arguments(“name”)即可。

get_argument方法可以设置默认值,也可以设置是否删除两端的空格。

源码声明如下:

    get_argument(self, name, default=_ARG_DEFAULT, strip=True)
    get_arguments(self, name, strip=True)
[E 2025-06-09 09:43:01.897 ServerApp] Uncaught exception GET /aext_core_server/feature_flag/init?1749433381438 (::1) HTTPServerRequest(protocol='http', host='localhost:8888', method='GET', uri='/aext_core_server/feature_flag/init?1749433381438', version='HTTP/1.1', remote_ip='::1') Traceback (most recent call last): File "E:\AAAshixunruanjian\Lib\site-packages\tornado\web.py", line 1790, in _execute result = await result ^^^^^^^^^^^^ File "E:\AAAshixunruanjian\Lib\site-packages\aext_core_server\handlers.py", line 40, in get [account, organizations, account_notebooks] = await asyncio.gather( ^^^^^^^^^^^^^^^^^^^^^ File "E:\AAAshixunruanjian\Lib\site-packages\aext_shared\handler.py", line 119, in anaconda_cloud_proxy user_access_credentials = await self.get_user_access_credentials(auth_optional=auth_optional) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "E:\AAAshixunruanjian\Lib\site-packages\aext_shared\handler.py", line 96, in get_user_access_credentials raise e File "E:\AAAshixunruanjian\Lib\site-packages\aext_shared\handler.py", line 93, in get_user_access_credentials new_access_token, expires_in = await get_access_token(self.request) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "E:\AAAshixunruanjian\Lib\site-packages\aext_shared\handler.py", line 182, in get_access_token raise UnauthorizedError({"reason": "missing refresh_token"}) aext_shared.errors.UnauthorizedError: BackendError 403: missing refresh_token [W 2025-06-09 09:43:01.905 ServerApp] 403 GET /aext_core_server/feature_flag/init?1749433381438 (90f71a62e1044316b870c0c31be2b0ee@::1) 327.22ms referer=http://localhost:8888/tree [W 2025-06-09 09:43:03.271 ServerApp] 404 GET /aext_profile_manager_server/account_details?1749433383151 (90f71a62e1044316b870c0c31be2b0ee@::1) 118.93ms referer=http://localhost:8888/tree [E 2025-06-09 09:43:06.372 ServerApp] Uncaught exception GET /aext_core_server/feature_flag/init?1749433385069 (::1) HTTPServerRequest(protocol='http', host='localhost:8888', method='GET', uri='/aext_core_server/feature_flag/init?1749433385069', version='HTTP/1.1', remote_ip='::1') Traceback (most recent call last): File "E:\AAAshixunruanjian\Lib\site-packages\tornado\web.py", line 1790, in _execute result = await result ^^^^^^^^^^^^ File "E:\AAAshixunruanjian\Lib\site-packages\aext_core_server\handlers.py", line 40, in get [account, organizations, account_notebooks] = await asyncio.gather( ^^^^^^^^^^^^^^^^^^^^^ File "E:\AAAshixunruanjian\Lib\site-packages\aext_shared\handler.py", line 119, in anaconda_cloud_proxy user_access_credentials = await self.get_user_access_credentials(auth_optional=auth_optional) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "E:\AAAshixunruanjian\Lib\site-packages\aext_shared\handler.py", line 96, in get_user_access_credentials raise e File "E:\AAAshixunruanjian\Lib\site-packages\aext_shared\handler.py", line 93, in get_user_access_credentials new_access_token, expires_in = await get_access_token(self.request) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "E:\AAAshixunruanjian\Lib\site-packages\aext_shared\handler.py", line 182, in get_access_token raise UnauthorizedError({"reason": "missing refresh_token"}) aext_shared.errors.UnauthorizedError: BackendError 403: missing refresh_token [W 2025-06-09 09:43:06.375 ServerApp] 403 GET /aext_core_server/feature_flag/init?1749433385069 (90f71a62e1044316b870c0c31be2b0ee@::1) 19.23ms referer=http://localhost:8888/tree [W 2025-06-09 09:43:06.893 ServerApp] wrote error: 'Forbidden' Traceback (most recent call last): File "E:\AAAshixunruanjian\Lib\site-packages\tornado\web.py", line 1790, in _execute result = await result ^^^^^^^^^^^^ File "E:\AAAshixunruanjian\Lib\site-packages\aext_assistant_server\handlers.py", line 124, in get raise HTTPError(403, reason="missing nucleus_token") tornado.web.HTTPError: HTTP 403: missing nucleus_token [W 2025-06-09 09:43:06.906 ServerApp] 403 GET /aext_assistant_server/nucleus_token?1749433386647 (90f71a62e1044316b870c0c31be2b0ee@::1) 34.55ms referer=http://localhost:8888/tree [W 2025-06-09 09:43:06.949 ServerApp] 404 GET /aext_profile_manager_server/account_details?1749433386706 (90f71a62e1044316b870c0c31be2b0ee@::1) 2.17ms referer=http://
最新发布
06-10
### 问题分析 在 Tornado 框架中,`UnauthorizedError` 和 `BackendError` 错误通常与身份验证或授权机制有关。当出现 `403 missing refresh_token` 或 `missing nucleus_token` 错误时,这可能意味着客户端未能提供有效的刷新令牌(`refresh_token`)或核心令牌(`nucleus_token`),导致服务器拒绝请求。 以下是针对该问题的详细解决方案: --- ### 解决方案 #### 1. 确保令牌生成逻辑正确 在 Tornado 的身份验证系统中,`refresh_token` 和 `nucleus_token` 的生成逻辑需要明确且可靠。通常,`refresh_token` 用于在主令牌过期时重新获取访问令牌,而 `nucleus_token` 可能是特定于业务逻辑的核心认证令牌。 - 检查是否在用户登录成功后正确生成并返回了 `refresh_token` 和 `nucleus_token`[^2]。 - 确认这些令牌是否被安全地存储在客户端(如浏览器的 Cookie 或本地存储中)[^3]。 ```python def generate_tokens(user_id): import jwt import datetime # 配置 JWT 密钥和过期时间 secret_key = "your_secret_key" refresh_expires_in = datetime.timedelta(days=30) nucleus_expires_in = datetime.timedelta(hours=1) # 生成 refresh_token refresh_payload = { "user_id": user_id, "exp": datetime.datetime.utcnow() + refresh_expires_in } refresh_token = jwt.encode(refresh_payload, secret_key, algorithm="HS256") # 生成 nucleus_token nucleus_payload = { "user_id": user_id, "exp": datetime.datetime.utcnow() + nucleus_expires_in } nucleus_token = jwt.encode(nucleus_payload, secret_key, algorithm="HS256") return refresh_token, nucleus_token ``` --- #### 2. 检查客户端请求头 确保客户端在发送请求时正确包含了 `refresh_token` 和 `nucleus_token`。通常,这些令牌会通过 HTTP 请求头中的 `Authorization` 字段传递。 - 如果使用的是 Bearer Token 方式,格式应为:`Authorization: Bearer <token>`[^4]。 - 如果使用的是自定义字段,确保字段名称和值正确无误。 ```python # 示例:Tornado解析请求头 class AuthenticatedHandler(tornado.web.RequestHandler): def prepare(self): auth_header = self.request.headers.get("Authorization") if not auth_header or not auth_header.startswith("Bearer "): raise tornado.web.HTTPError(403, "Missing nucleus_token") token = auth_header.split(" ")[1] try: decoded = jwt.decode(token, "your_secret_key", algorithms=["HS256"]) except jwt.ExpiredSignatureError: raise tornado.web.HTTPError(403, "Token expired") except jwt.InvalidTokenError: raise tornado.web.HTTPError(403, "Invalid token") ``` --- #### 3. 实现令牌刷新机制 如果 `nucleus_token` 过期,客户端应使用 `refresh_token` 请求新的令牌对。服务器端需验证 `refresh_token` 的有效性,并返回新的令牌对。 ```python class RefreshTokenHandler(tornado.web.RequestHandler): def post(self): refresh_token = self.get_argument("refresh_token", None) if not refresh_token: raise tornado.web.HTTPError(403, "Missing refresh_token") try: decoded = jwt.decode(refresh_token, "your_secret_key", algorithms=["HS256"]) user_id = decoded["user_id"] # 生成新的令牌对 new_refresh_token, new_nucleus_token = generate_tokens(user_id) self.write({ "refresh_token": new_refresh_token, "nucleus_token": new_nucleus_token }) except jwt.ExpiredSignatureError: raise tornado.web.HTTPError(403, "Refresh token expired") except jwt.InvalidTokenError: raise tornado.web.HTTPError(403, "Invalid refresh token") ``` --- #### 4. 日志与调试 如果上述步骤仍未解决问题,建议启用详细的日志记录以捕获错误信息。可以通过以下方式检查请求和响应数据: - 在服务器端打印请求头和参数: ```python import logging class DebugHandler(tornado.web.RequestHandler): def prepare(self): logging.info(f"Request Headers: {self.request.headers}") logging.info(f"Request Arguments: {self.request.arguments}") ``` - 检查客户端代码,确保请求头和参数正确设置。 --- ### 注意事项 - 确保所有令牌的安全性,避免泄露给未经授权的第三方[^5]。 - 使用 HTTPS 协议保护令牌在传输过程中的安全性[^6]。 - 定期轮换密钥,防止长期使用同一密钥带来的安全隐患。 --- ### 总结 通过检查令牌生成逻辑、客户端请求头、实现令牌刷新机制以及启用日志调试,可以有效解决 `missing refresh_token` 和 `missing nucleus_token` 的错误。同时,确保令牌的安全性和传输协议的安全性是至关重要的。 ---
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值