I guess you are right, it shouldn't be a raise, but it works. I dont know
how exactly should I return a 200 using this api rest approach, any
comment/advice is welcome.
Thanks
El martes, 16 de octubre de 2018, 1:26:36 (UTC+2), Dave S escribió:
>
>
>
> On Sunday, October 14, 2018 at 7:05:56 AM UTC-7, Jaime Sempere wrote:
>>
>> Hi,
>>
>> I have had a lot of problems to set up an API REST with basic auth,
>> finally I have used the next code, I left it here for anyone that may need
>> it:
>>
>> from gluon.serializers import json
>> auth.settings.allow_basic_login = True
>>
>>
>> @request.restful()
>> def api():
>>
>> response.view = 'generic.json'
>> response.headers["Access-Control-Allow-Origin"] = '*'
>> response.headers['Access-Control-Max-Age'] = 86400
>> response.headers['Access-Control-Allow-Headers'] = '*'
>> response.headers['Access-Control-Allow-Methods'] = '*'
>> response.headers['Access-Control-Allow-Credentials'] = 'true'
>>
>> @auth.requires_login()
>> def GET(id):
>> return json(get_post_if_user_belongs_to_blog(id, auth))
>>
>> @auth.requires_login()
>> def PUT(id, **fields):
>> return get_post_if_user_belongs_to_blog(id,
>> auth).update_record(**fields)
>>
>> @auth.requires_login()
>> def POST(*args, **fields):
>> return db.posts.validate_and_insert(blog_id=auth.user.blog_id,
>> user_id=auth.user.id, **fields)
>>
>> @auth.requires_login()
>> def DELETE(id):
>> get_post_if_user_belongs_to_blog(id, auth).delete_record()
>> return dict(action="deleted", status="ok", id=id)
>>
>> def OPTIONS(args, **vars):
>> print 'doing post options'
>> headers = {"Access-Control-Allow-Origin": '*',
>> 'Access-Control-Max-Age': 86400,
>> 'Access-Control-Allow-Headers': '*',
>> 'Access-Control-Allow-Methods': '*',
>> 'Access-Control-Allow-Credentials': 'true'}
>> raise HTTP(200, **headers)
>>
>> return locals()
>>
>>
>> def get_post_if_user_belongs_to_blog(id, auth):
>> my_post = db.posts[id]
>> if my_post.blog_id != auth.user.blog_id:
>> return 'not authorized'
>> return my_post
>>
>>
>> Forget about most part of the code and pay attention to annotations.
>>
>> Maybe I am not 100% right in all the approach, but this is what I have
>> needed:
>>
>> - OPTIONS need to be without authentication, so I have removed
>> @auth.requires_login from main methond (def api()) and I have annotated the
>> GET,PUT,POST and DELETE methods.
>> - I have needed to set up headers on OPTIONS too, for avoiding CORS issues
>>
>> I hope that this can helps to anybody. I plan to move basic auth to JWT
>> or another auth method.
>>
>> Thanks!
>>
>
>
> Why is OPTIONS doing a raise HTTP if the status you're setting is 200?
>
> /dps
>
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
