# 认证(Authentication)

我该如何控制认证和权限?

这是一个 十分 复杂的话题,很难用几行代码阐述清楚。尽管如此,本章节也许能够为您提供一些解决问题的思路。

下面的例子使用了 JWTs (opens new window) 来实现,如果您想使用 session 或者是其他的方式,那做法应该是类似的。

    $ curl localhost:9999/secret -i
    HTTP/1.1 401 Unauthorized
    content-length: 21
    connection: keep-alive
    content-type: text/plain; charset=utf-8
    You are unauthorized.
    $ curl localhost:9999/login -X POST                                                                                                                                                                               7 ↵
    eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.e30.rjxS7ztIGt5tpiRWS8BGLUqjQFca4QOetHcZTi061DE
    $ curl localhost:9999/secret -i -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.e30.rjxS7ztIGt5tpiRWS8BGLUqjQFca4QOetHcZTi061DE"
    HTTP/1.1 200 OK
    content-length: 29
    connection: keep-alive
    content-type: text/plain; charset=utf-8
    To go fast, you must be fast.
    $ curl localhost:9999/secret -i -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.e30.BAD"                                        
    HTTP/1.1 401 Unauthorized
    content-length: 21
    connection: keep-alive
    content-type: text/plain; charset=utf-8
    You are unauthorized.
    

    同时,您可以查看一下社区内提供的资源:

    MIT Licensed
    Copyright © 2018-present Sanic Community Organization

    ~ Made with ❤️ and ☕️ ~