On Monday, November 13, 2017 at 6:14:00 AM UTC-8, Leandro Sebastian 
Salgueiro wrote:
>
> HI,
>
> I have two controllers on the same app:
>
> TestApp
> |
> |---default.py
> |---api.py
>
> api is a restful service that will call other services. For security 
> reasons I would like that all call to these services are passed by the api 
> restful. (it will work like a proxy in this case)
>
> I did try the following :
>
> in default.py :
>
> @auth.requires_login()
> def index():
>     import requests
>     json = requests.get(URL('api', 'apps', host=True))
>     return {"json": json.content}
>
>
> in api.py:
>
> import requests
> apps_url = 'http://localhost:8091/apps'
>
>
> @auth.requires_login()
>
> @request.restful()
> def apps():
> response.view = 'generic.json'
> def GET(*args,**vars):
> r = requests.get(apps_url)
> return r
> return dict(GET=GET)
>
>
> If i test this without the api's login decorator everything works fine. 
> However I can access this restful from anywhere else... 
> I added then the requires_login to api controller and then i test both 
> URLs independently from browser, it works ok (login to web2py ->  go to 
> /api/apps -> get my results) however if I do the GET request using 
> requests.get from default controller i get a* Non Authorized *message and 
> redirect to login form.
>
> what i'm missing here? i thought that if I was in the same app, auth 
> session would be shared among different controllers... 
>
> any hint on this would be the most welcomed..
> Thanks in advanced.
> Leandro
>
>
You may be running into a twist that Anthony explained to me, where an API 
call's session doesn't last past the call (some qualifiers may be 
needed).   I'm not sure if that is true when the controller/function does 
an request "from the inside", but I would think about that.

I also think you might be better served using JWT for API authorization, 
and web2py has supported that for a while.  Look at the following thread 
for a little about using JWT, and for Anthony's comment about session 
lifetimes.
<URL:https://groups.google.com/d/topic/web2py/VMhvBLU0zW0/discussion>
For more on JWT, look at the references in that thread (another thread, and 
gluon/tools.py).

/dps

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to