通过RESTful API通过Python安装ArangoDB Foxx请求导致“未经授权"错误 [英] Installing ArangoDB Foxx via RESTful API via Python requests results in 'unauthorized' error

问题描述

我们使用ArangoDB和Python，并使用请求模块来使用Arango的HTTP API.我在通过HTTP API以编程方式部署Foxx应用程序时遇到授权问题，这是我们在自动化测试过程中要做的.我可以找到的唯一一个上载应用程序的程序示例似乎使用了过时的路由.我可以上传压缩文件:

We use ArangoDB and Python using the requests module to use Arango's HTTP API. I'm having authorisation problems deploying a Foxx app programically via the HTTP API which we'd like to do as part of our automated testing process. The only program example I can find of uploading an app appears to use obsolete routes. I can upload the zip:

http://mydev:8529/_db/mydb/_api/upload

我回来了:

{"filename": "uploads/tmp-13-718410"}

...文件在那里.但是，然后尝试使用发布数据{"zipFile":"uploads/tmp-13-718410"}:

...and the file is there. But then trying this with the post data {"zipFile": "uploads/tmp-13-718410"}:

http://mydev:8529/_db/mydb/_admin/aardvark/foxxes/zip?mount=%2Fmy-mount-point

我回来了{"error":"unauthorized"}.我意识到这是在告诉我什么地方出了问题，但我同时对_system db和mydb使用了基本身份验证(两者的用户名/密码相同).我可以通过HTTP API创建/删除数据库，没问题，但似乎无法使用aardvark模块.

I get back {"error": "unauthorized"}. I realise that it's telling me what's wrong but I'm using basic auth both for the _system db and mydb (the username/password is the same for both). I can create/drop databases via the HTTP API no problem but I can't seem to use the aardvark module.

我正在使用2.6.8.

I am using 2.6.8.

我在python中的代码是:

My code in python is:

import requests

self._requests = requests.Session()
self._requests.auth = ('user', 'password')

# create the database
r = self._requests.post('http://mydev:8529/_api/database', json={'name': 'mydb', 'users': [{'username': 'user' 'passwd': 'password'}]})

...通过HTTP API进行的所有搜索，插入等都可以正常工作.

...all searches, inserts, etc. via the HTTP API all work.

然后稍后通过HTTP API安装Foxx应用时:

Then when later installing a Foxx app via the HTTP API:

r = self._requests.post('http://mydev:8529/_db/mydb/_api/upload', data=data) # succeeds
filename = r.json()['filename']

data = {'zipFile': filename}
r = self._requests.put(
    r'http://mydev:8529/_db/mydb/_admin/aardvark/foxxes/zip?mount=%2Fmy-mount-point',
    json=data
)

我找回{错误":未经授权"}.

I get back {"error": "unauthorized"}.

当我使用UI安装应用程序或将文件复制到正确的位置并启动数据库时，该应用程序运行良好.

The app works fine when I install the app using the UI or simply copying the files to the correct location and bouncing the database.

我是否需要以我不在此使用的方式单独发送凭据以使用aardvark路由?我错过了一步吗?

Do I need to separately send credentials to use the aardvark route in a way I'm not doing it here? Am I missing a step?

推荐答案

我认为，当/_admin/aardvark领域中的所有URL都需要单独的(基于cookie的)身份验证时，因为它们属于(图形)管理界面.无论是否随请求一起发送HTTP基本身份验证数据，在浏览器中调用此类URL都可能会显示登录屏幕.

I think when all URLs in the /_admin/aardvark realm require separate (cookie-based) authentication, as they belong to the (graphical) admin interface. Calling such URL in the browser will probably bring up the login screen, regardless of whether HTTP basic authentication data is sent with the request.

要通过REST API安装Foxx应用程序，我认为更好的API端点是HTTP PUT /_admin/foxx/install.

To install a Foxx application via the REST API, I think the better API endpoint is HTTP PUT /_admin/foxx/install.

这将需要发送带有名为mount和appInfo的属性的JSON正文. mount需要包含安装点(需要以正斜杠开头). appInfo是要挂载的应用程序.它可以包含服务器先前从调用/_api/upload返回的文件名，例如

It will require a JSON body to be sent, with attributes named mount and appInfo. mount needs to contain the mountpoint (needs to start with a forward slash). appInfo is the application to be mounted. It can contain the filename as previously returned by the server from the call to /_api/upload, e.g.

{ 
    "appInfo" : "uploads/tmp-30573-2010894858", 
    "mount" : "/my-mount-point" 
}

这篇关于通过RESTful API通过Python安装ArangoDB Foxx请求导致“未经授权"错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！