On Sunday, October 14, 2018 at 7:05:56 AM UTC-7, Jaime Sempere wrote:
>
> Hi,
>
> I have had a lot of problems to set up an API REST with basic auth,
> finally I have used the next code, I left it here for anyone that may need
> it:
>
> from gluon.serializers import json
> auth.settings.allow_basic_login = True
>
>
> @request.restful()
> def api():
>
> response.view = 'generic.json'
> response.headers["Access-Control-Allow-Origin"] = '*'
> response.headers['Access-Control-Max-Age'] = 86400
> response.headers['Access-Control-Allow-Headers'] = '*'
> response.headers['Access-Control-Allow-Methods'] = '*'
> response.headers['Access-Control-Allow-Credentials'] = 'true'
>
> @auth.requires_login()
> def GET(id):
> return json(get_post_if_user_belongs_to_blog(id, auth))
>
> @auth.requires_login()
> def PUT(id, **fields):
> return get_post_if_user_belongs_to_blog(id,
> auth).update_record(**fields)
>
> @auth.requires_login()
> def POST(*args, **fields):
> return db.posts.validate_and_insert(blog_id=auth.user.blog_id,
> user_id=auth.user.id, **fields)
>
> @auth.requires_login()
> def DELETE(id):
> get_post_if_user_belongs_to_blog(id, auth).delete_record()
> return dict(action="deleted", status="ok", id=id)
>
> def OPTIONS(args, **vars):
> print 'doing post options'
> headers = {"Access-Control-Allow-Origin": '*',
> 'Access-Control-Max-Age': 86400,
> 'Access-Control-Allow-Headers': '*',
> 'Access-Control-Allow-Methods': '*',
> 'Access-Control-Allow-Credentials': 'true'}
> raise HTTP(200, **headers)
>
> return locals()
>
>
> def get_post_if_user_belongs_to_blog(id, auth):
> my_post = db.posts[id]
> if my_post.blog_id != auth.user.blog_id:
> return 'not authorized'
> return my_post
>
>
> Forget about most part of the code and pay attention to annotations.
>
> Maybe I am not 100% right in all the approach, but this is what I have
> needed:
>
> - OPTIONS need to be without authentication, so I have removed
> @auth.requires_login from main methond (def api()) and I have annotated the
> GET,PUT,POST and DELETE methods.
> - I have needed to set up headers on OPTIONS too, for avoiding CORS issues
>
> I hope that this can helps to anybody. I plan to move basic auth to JWT or
> another auth method.
>
> Thanks!
>
Why is OPTIONS doing a raise HTTP if the status you're setting is 200?
/dps
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
