On Sunday, October 21, 2018 at 6:24:57 AM UTC-7, Jaime Sempere wrote:
>
> I guess you are right, it shouldn't be a raise, but it works. I dont know
> how exactly should I return a 200 using this api rest approach, any
> comment/advice is welcome.
>
> Thanks
>
>
I think an ordinary return should do it. You simply have an empty response
body.
/dps
> El martes, 16 de octubre de 2018, 1:26:36 (UTC+2), Dave S escribió:
>>
>>
>>
>> On Sunday, October 14, 2018 at 7:05:56 AM UTC-7, Jaime Sempere wrote:
>>>
>>> Hi,
>>>
>>> I have had a lot of problems to set up an API REST with basic auth,
>>> finally I have used the next code, I left it here for anyone that may need
>>> it:
>>>
>>> from gluon.serializers import json
>>> auth.settings.allow_basic_login = True
>>>
>>>
>>> @request.restful()
>>> def api():
>>>
>>> response.view = 'generic.json'
>>> response.headers["Access-Control-Allow-Origin"] = '*'
>>> response.headers['Access-Control-Max-Age'] = 86400
>>> response.headers['Access-Control-Allow-Headers'] = '*'
>>> response.headers['Access-Control-Allow-Methods'] = '*'
>>> response.headers['Access-Control-Allow-Credentials'] = 'true'
>>>
>>> @auth.requires_login()
>>> def GET(id):
>>> return json(get_post_if_user_belongs_to_blog(id, auth))
>>>
>>> @auth.requires_login()
>>> def PUT(id, **fields):
>>> return get_post_if_user_belongs_to_blog(id,
>>> auth).update_record(**fields)
>>>
>>> @auth.requires_login()
>>> def POST(*args, **fields):
>>> return db.posts.validate_and_insert(blog_id=auth.user.blog_id,
>>> user_id=auth.user.id, **fields)
>>>
>>> @auth.requires_login()
>>> def DELETE(id):
>>> get_post_if_user_belongs_to_blog(id, auth).delete_record()
>>> return dict(action="deleted", status="ok", id=id)
>>>
>>> def OPTIONS(args, **vars):
>>> print 'doing post options'
>>> headers = {"Access-Control-Allow-Origin": '*',
>>> 'Access-Control-Max-Age': 86400,
>>> 'Access-Control-Allow-Headers': '*',
>>> 'Access-Control-Allow-Methods': '*',
>>> 'Access-Control-Allow-Credentials': 'true'}
>>> raise HTTP(200, **headers)
>>>
>>> return locals()
>>>
>>>
>>> def get_post_if_user_belongs_to_blog(id, auth):
>>> my_post = db.posts[id]
>>> if my_post.blog_id != auth.user.blog_id:
>>> return 'not authorized'
>>> return my_post
>>>
>>>
>>> Forget about most part of the code and pay attention to annotations.
>>>
>>> Maybe I am not 100% right in all the approach, but this is what I have
>>> needed:
>>>
>>> - OPTIONS need to be without authentication, so I have removed
>>> @auth.requires_login from main methond (def api()) and I have annotated the
>>> GET,PUT,POST and DELETE methods.
>>> - I have needed to set up headers on OPTIONS too, for avoiding CORS
>>> issues
>>>
>>> I hope that this can helps to anybody. I plan to move basic auth to JWT
>>> or another auth method.
>>>
>>> Thanks!
>>>
>>
>>
>> Why is OPTIONS doing a raise HTTP if the status you're setting is 200?
>>
>> /dps
>>
>>
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
