if w.f != nil {
		if err := w.closeCurrentFile(); err != nil {
			return err
		}
	}

	return nil
}

var stdErrEnc = json.NewEncoder(os.Stderr)

func (w *Writer) listen() {
	for {
		var r io.Reader = w.pr
		if w.opts.MaximumFileSize > 0 {
			r = io.LimitReader(w.pr, w.opts.MaximumFileSize)
		}
		if _, err := io.Copy(w.f, r); err != nil {
			msg := fmt.Sprintf("unable to write to log file %v: %v", w.f.Name(), err)

Wir werden nun eine einfache Abhängigkeit verwenden, um einen benutzerdefinierten `X-Token`-Header zu lesen:

{* ../../docs_src/bigger_applications/app_an_py310/dependencies.py hl[3,6:8] title["app/dependencies.py"] *}

/// tip | Tipp

Um dieses Beispiel zu vereinfachen, verwenden wir einen erfundenen Header.

# 使用密碼（與雜湊）的 OAuth2、以 Bearer 搭配 JWT 權杖 { #oauth2-with-password-and-hashing-bearer-with-jwt-tokens }

現在我們已經有完整的安全流程了，接下來用 <abbr title="JSON Web Tokens - JSON 網路權杖">JWT</abbr> 權杖與安全的密碼雜湊，讓應用真正安全。

這份程式碼可以直接用在你的應用中，把密碼雜湊存進資料庫等等。

我們會從上一章的內容繼續往下擴充。

## 關於 JWT { #about-jwt }

JWT 的意思是「JSON Web Tokens」。

它是一種把 JSON 物件編碼成一段長且緊密（沒有空白）的字串的標準。看起來像這樣：

```

# 使用密码（及哈希）的 OAuth2，基于 JWT 的 Bearer 令牌 { #oauth2-with-password-and-hashing-bearer-with-jwt-tokens }

现在我们已经有了完整的安全流程，接下来用 <abbr title="JSON Web Tokens - JSON Web 令牌">JWT</abbr> 令牌和安全的密码哈希，让应用真正安全起来。

这些代码可以直接用于你的应用，你可以把密码哈希保存到数据库中，等等。

我们将从上一章结束的地方继续，逐步完善。

## 关于 JWT { #about-jwt }

JWT 意为 “JSON Web Tokens”。

它是一种标准，把一个 JSON 对象编码成没有空格、很密集的一长串字符串。看起来像这样：

```

    /** The path of the HTML: /footer.jsp */
    HtmlNext path_FooterJsp = new HtmlNext("/footer.jsp");

    /** The path of the HTML: /header.jsp */
    HtmlNext path_HeaderJsp = new HtmlNext("/header.jsp");

    /** The path of the HTML: /help.jsp */
    HtmlNext path_HelpJsp = new HtmlNext("/help.jsp");

    /** The path of the HTML: /index.jsp */

    }
  }

  /**
   * Tests that bitSize() can be used to predict the serialization size produced by writeTo().
   *
   * <p>The serialization format consists of a 6-byte header (1 byte strategy, 1 byte hash
   * functions, 4 bytes array length) followed by the bit array data (bitSize / 8 bytes).
   */
  public void testBitSizeMatchesSerializationSize() throws Exception {

marker replication can be viewed by doing a GET/HEAD on the object version - it will return a `X-Minio-Replication-DeleteMarker-Status` header and http response code of `405`. In the case of permanent deletes, if the delete replication is pending or failed to propagate to the target cluster, GET/HEAD will return additional `X-Minio-Replication-Delete-Status` header and a http response code of `405`.

![delete](https://raw.githubusercontent.com/minio/minio/master/docs/bucket/replication/D...

        // always inject compat headers
        headers.put("Content-Type", "application/vnd.elasticsearch+json;compatible-with=" + compatibleVersion);
        headers.put("Accept", "application/vnd.elasticsearch+json;compatible-with=" + compatibleVersion);
        transformations.add(new InjectHeaders(headers, Set.of(RestCompatTestTransformTask::doesNotHaveCatOperation)));
    }

          # The "digest" that allows us to pull an image is not the digest as
          # returned by the API, but a sha256sum of the entire chunk of image
          # metadata. gcr.io helpfully includes it in the header of the response
          # as docker-content-digest: sha256:[digest]. Note we use egrep to
          # match exactly sha256:<hash> because curl may include a ^M symbol at
          # the end of the line.

     * Only trusts X-Forwarded-For/X-Real-IP headers when the request comes from a trusted proxy.
     * @param request the HTTP request
     * @return the client IP address
     */
    public String getClientIp(final HttpServletRequest request) {
        final String remoteAddr = request.getRemoteAddr();

        // Only trust proxy headers if the request comes from a trusted proxy