django swift登录系统 [英] django swift login system
问题描述
我已经创建了一个带有简单用户表(用户名/密码)的Django Web应用程序。我还设置了一个iOS应用程序(快速),并想知道对登录系统进行编码的最佳方法是什么?
I have a django web app created already, with a simple user table (username/password). I also have an iOS app (swift) set up, and was wondering what would be the best way to go about coding the login system?
从我的收集中研究-我将必须对从现有django应用程序创建的API进行REST调用。
From what I have gathered from research - I will have to make REST calls to an API created from the existing django app. Would it be better to use TastyPie or Django Rest Framework for this?
为django应用程序编写API时,我需要记住一些特定的东西吗?另外,我用于其余调用的URL是什么,它将是django Web应用程序所在的现有服务器吗?
Are there specific things I have to keep in mind when doing the API for the django app? Also, what would be the url that i use for the rest calls, would it be the existing server that the django web app is on?
推荐答案
我对这个答案的资格来自与您所描述的系统相同的系统上三个月的工作。您的问题包含很多部分,所以我将从服务器开始。
My qualifications for this answer come from 3 months of work on an identical system to the one you described. Your question holds many parts, so I will begin with the server.
根据我从研究中获得的数据,我将必须制作REST
调用从现有django应用程序创建的API。
From what I have gathered from research - I will have to make REST calls to an API created from the existing django app.
正确,您的客户端(应用,网络或其他方式)应通过API与服务器通信。
Correct, your clients (app, web, or otherwise) should communicate with your server through an API.
我已经创建了一个django Web应用程序,其中包含一个简单的用户表
(用户名/密码)。
I have a django web app created already, with a simple user table (username/password).
希望您的简单用户表使用默认的Django用户模型,因为第3方安全框架将在保护开放空间时使您的生活变得更加简单API。尽管这取决于您的安全需求,但我建议为 Django OAuth Toolkit 其OAuth2支持,密码重置工作流程以及用于常见身份验证交互的预构建URL端点。甚至更好的是,该库原生支持Django Rest Framework。
Hopefully your "simple user table" uses the default Django user model, as 3rd party security frameworks are going to make your life much simpler when protecting an open API. Although it depends on your security needs, I recommend the Django OAuth Toolkit for its OAuth2 support, password reset workflow, and prebuilt URL endpoints for common authentication interactions. Even better, this library natively supports the Django Rest Framework.
为此最好使用TastyPie或Django Rest Framework吗?
Would it be better to use TastyPie or Django Rest Framework for this?
我没有DeliciousPie的经验,但是我可以担保DRF。 通用视图非常符合我们的主要API设计要点, DRF与Django Form API的相似之处意味着我们的自定义仪表板与该API具有出色的对称性。我建议您首先绘制出API的主要组件,然后研究两个框架以了解最适合您的项目。
I do not have experience with TastyPie, however I can vouch for DRF. The generic views matched our major API design points well, and DRF's similarities to the Django Form API means our custom dashboard has a wonderful symmetry to the API. I recommend you first map out the major components of your API, then research both frameworks to learn which will fit your project best.
(奖金提示:如果这是您的第一个设计REST API时,请翻阅您不会讨厌的API )
(Bonus Tip: If this is your first time designing a REST API, flip through a copy of Build APIs You Won't Hate)
此外,我用于其余调用的URL是什么,将是现有服务器的
常见做法是将您的API URL托管在子域中,然后是版本路径,例如作为 api.example.com/v1 / 。子域将您的URL与核心网页分开,并表示这些端点专门用于您的API。在升级时,版本路径是支持旧版API的一种很好的做法。
Common practice is to host your API URLs on a subdomain, followed by a version path, such as api.example.com/v1/. The subdomain separates your URLs from core web pages and denotes these endpoints are specifically for your API. The version path is a good practice to support legacy APIs as you upgrade.
在进行升级时,我需要记住一些特定的事情吗? django应用程序的API
?
Are there specific things I have to keep in mind when doing the API for the django app?
安全性是一大问题。根据您的API,应用程序的某些敏感部分可能会公开。编写测试以确保您不会在安全方面遇到新的漏洞,然后将OAuth留给优点。除此之外,请确保您的服务器已准备就绪,可以处理您的流量,并花费大量时间完善您的模型。
Security is a big one. Depending on your API, there could be some sensitive parts of your application exposed to the public. Write tests to ensure you are not poking new holes in your security, and leave OAuth to the pros. Other than that, make sure your server is ready to handle your traffic, and spend plenty of time perfecting your model.
我还设置了一个iOS应用程序(swift),并且想知道
最好的编码方式是登录系统?
I also have an iOS app (swift) set up, and was wondering what would be the best way to go about coding the login system?
在对客户端进行编码时,请始终使用最佳做法来检索和存储凭据。通过SSL与服务器通信,仅存储所需内容,并在用户注销时销毁预期数据。请记住,如果您的应用存储了用户名和密码,它会存储敏感数据(因为人们倾向于将密码用于重要的事情)。最后,使用有用的错误消息和加载动画将登录过程清晰地传达给用户。正如您现在所看到的,登录过程相当复杂,但是如果执行得当,它将毫不费力。
When coding client-side, always use best practices to retrieve and store credentials. Communicate with your server over SSL, store only what you need, and destroy the expected data when a user logs out. Remember, if your app stores usernames and passwords, it stores sensitive data (because people have a funny tendency to reuse passwords for important things). Finally, clearly communicate the login process to your users with helpful error messages and loading animations. As you can see by now, the login process is fairly complex, but if executed well it will feel effortless.
这篇关于django swift登录系统的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
