编写 django-piston 客户端的正确方法是什么? [英] What is the right way to write a django-piston client?

问题描述

我一直在阅读有关 django-piston 的大量文章，并习惯于为我正在开发的应用程序制作 API，但我对世界的客户端感到厌烦.我已经编写了处理程序和 uri 映射，我可以将 JSON 或 XML 返回到我的内心深处.我遇到的问题是现在该怎么办.

I've been reading a lot on django-piston and using to to make an API for an app I'm development, but I'm getting hung up on the client side of the world. I've written the handlers and uri mappings, and I can return JSON or XML to my heart's content. Where I'm getting stuck is what to do with that now.

我理想的结局是让 iPhone 和 Android 客户端使用和返回数据，但我不知道处理身份验证的正确方法.我能想到的最简单的方法是在设备上保存用户名和密码，并用它标记每个请求，最终使用基本身份验证，但这是错误的.我研究了活塞对 OAuth 的支持，并在 本教程，但这也不是正确的答案.最终，我真的希望在设备上有一个简单的用户名和密码提示，这些将通过 Piston 和 REST 发送到 Django，并且 API 密钥将返回.设备将存储该密钥并用它标记所有后续请求.这感觉是正确的方法，但我不知道该怎么做.任何人都可以指出我正确的方向吗?

My ideal endgame is to have an iPhone and Android client consume and return data, but I don't know the right way to handle authentication. The easiest way I can figure is saving the username and password on the device and tagging each request with it, ultimately using Basic Authentication, but that wreaks of wrong. I've looked in to piston's support for OAuth and gotten it working with the help of this tutorial, but that doesn't feel like the right answer, either. Ultimately, I'd really like to have a simple prompt on the device for username and password, those will be sent up to Django via Piston and REST, and an API key will return down. The device will store that key and tag all subsequent requests with it. That feels like the right way, but I can't figure out how to do it. Can any one point me in the right direction?

推荐答案

您可以编写自己的身份验证模块.举个例子:

You can write your own authentication module. Here's an example:

class ApiKeyAuthentication(object):

    def is_authenticated(self, request):
        auth_string = request.META.get("HTTP_AUTHORIZATION")

        if not auth_string:
            return False

        key = get_object_or_None(ApiKey, key=auth_string)

        if not key:
            request.user = AnonymousUser()
            return False

        request.user = key.user

        return True

    def challenge(self):
        resp = HttpResponse("Authorization Required")
        resp['WWW-Authenticate'] = "Key Based Authentication"
        resp.status_code = 401
        return resp

您需要一个模型来存储 API 密钥到用户的映射:

You'll need a model to store a mapping of API keys to Users:

class ApiKey(models.Model):
    user = models.ForeignKey(User, related_name='keys')
    key = models.CharField(max_length=KEY_SIZE)

您需要一些方法来生成实际的密钥.这样的事情会起作用(例如，在 ApiKey 模型的 save 方法中:

You'll need some method to generate the actual keys. Something like this will work (say, in the ApiKey model's save method:

key = User.objects.make_random_password(length=KEY_SIZE)

while ApiKey.objects.filter(key__exact=key).count():
    key = User.objects.make_random_password(length=KEY_SIZE)

最后，连接您的新身份验证后端:

Lastly, hook up your new authentication backend:

# urls.py

key_auth = ApiKeyAuthentication()

def ProtectedResource(handler):
    return resource.Resource(handler=handler, authentication=key_auth)

your_handler = ProtectedResource(YourHandler)

对于为 API 密钥交换用户名/密码，只需编写一个使用 BasicAuthentication 的处理程序来创建并返回新的 ApiKey(用于 request.user).

As for swapping username / password for an API key, just write a handler that uses BasicAuthentication to create and return new ApiKey (for request.user).

这篇关于编写 django-piston 客户端的正确方法是什么?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！