通过 Python 请求通过 RESTful API 安装 ArangoDB Foxx 导致“未经授权"错误 [英] Installing ArangoDB Foxx via RESTful API via Python requests results in 'unauthorized' error

问题描述

我们使用 ArangoDB 和 Python 使用 requests 模块来使用 Arango 的 HTTP API.我在通过 HTTP API 以编程方式部署 Foxx 应用程序时遇到授权问题，我们希望将其作为自动化测试过程的一部分.我能找到的上传应用程序的唯一程序示例似乎使用了过时的路由.我可以上传压缩包:

We use ArangoDB and Python using the requests module to use Arango's HTTP API. I'm having authorisation problems deploying a Foxx app programically via the HTTP API which we'd like to do as part of our automated testing process. The only program example I can find of uploading an app appears to use obsolete routes. I can upload the zip:

http://mydev:8529/_db/mydb/_api/upload

我回来了:

{"filename": "uploads/tmp-13-718410"}

...文件就在那里.但是然后尝试使用帖子数据 {"zipFile": "uploads/tmp-13-718410"}:

...and the file is there. But then trying this with the post data {"zipFile": "uploads/tmp-13-718410"}:

http://mydev:8529/_db/mydb/_admin/aardvark/foxxes/zip?mount=%2Fmy-mount-point

我回来了 {"error": "unauthorized"}.我意识到它告诉我出了什么问题，但我对 _system db 和 mydb 都使用了基本身份验证(两者的用户名/密码相同).我可以通过 HTTP API 创建/删除数据库没问题，但我似乎无法使用 aardvark 模块.

I get back {"error": "unauthorized"}. I realise that it's telling me what's wrong but I'm using basic auth both for the _system db and mydb (the username/password is the same for both). I can create/drop databases via the HTTP API no problem but I can't seem to use the aardvark module.

我使用的是 2.6.8.

I am using 2.6.8.

我在python中的代码是:

My code in python is:

import requests

self._requests = requests.Session()
self._requests.auth = ('user', 'password')

# create the database
r = self._requests.post('http://mydev:8529/_api/database', json={'name': 'mydb', 'users': [{'username': 'user' 'passwd': 'password'}]})

...所有通过 HTTP API 进行的搜索、插入等都可以正常工作.

...all searches, inserts, etc. via the HTTP API all work.

然后当稍后通过 HTTP API 安装 Foxx 应用程序时:

Then when later installing a Foxx app via the HTTP API:

r = self._requests.post('http://mydev:8529/_db/mydb/_api/upload', data=data) # succeeds
filename = r.json()['filename']

data = {'zipFile': filename}
r = self._requests.put(
    r'http://mydev:8529/_db/mydb/_admin/aardvark/foxxes/zip?mount=%2Fmy-mount-point',
    json=data
)

我回来了 {"error": "unauthorized"}.

I get back {"error": "unauthorized"}.

当我使用 UI 安装应用程序或简单地将文件复制到正确位置并弹回数据库时，应用程序运行良好.

The app works fine when I install the app using the UI or simply copying the files to the correct location and bouncing the database.

我是否需要单独发送凭据以使用 aardvark 路线，但我在这里没有这样做?我错过了一步吗?

Do I need to separately send credentials to use the aardvark route in a way I'm not doing it here? Am I missing a step?

推荐答案

我认为当 /_admin/aardvark 领域中的所有 URL 都需要单独的(基于 cookie 的)身份验证时，因为它们属于(图形)管理界面.在浏览器中调用此类 URL 可能会显示登录屏幕，无论 HTTP 基本身份验证数据是否随请求一起发送.

I think when all URLs in the /_admin/aardvark realm require separate (cookie-based) authentication, as they belong to the (graphical) admin interface. Calling such URL in the browser will probably bring up the login screen, regardless of whether HTTP basic authentication data is sent with the request.

要通过 REST API 安装 Foxx 应用程序，我认为更好的 API 端点是 HTTP PUT /_admin/foxx/install.

To install a Foxx application via the REST API, I think the better API endpoint is HTTP PUT /_admin/foxx/install.

它将需要发送一个 JSON 正文，其属性名为 mount 和 appInfo.mount 需要包含挂载点(需要以正斜杠开头).appInfo 是要挂载的应用程序.它可以包含服务器先前从调用 /_api/upload 返回的文件名，例如

It will require a JSON body to be sent, with attributes named mount and appInfo. mount needs to contain the mountpoint (needs to start with a forward slash). appInfo is the application to be mounted. It can contain the filename as previously returned by the server from the call to /_api/upload, e.g.

{ 
    "appInfo" : "uploads/tmp-30573-2010894858", 
    "mount" : "/my-mount-point" 
}

这篇关于通过 Python 请求通过 RESTful API 安装 ArangoDB Foxx 导致“未经授权"错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！