写django-piston客户端的正确方法是什么？ [英] What is the right way to write a django-piston client?

问题描述

我已经在django-piston上阅读了很多东西，并且用于为我开发的应用程序制作一个API，但是我被挂在了世界的客户端。我已经编写了处理程序和uri映射，我可以将JSON或XML返回到我的内容。哪里我被卡住了，现在该怎么做

I've been reading a lot on django-piston and using to to make an API for an app I'm development, but I'm getting hung up on the client side of the world. I've written the handlers and uri mappings, and I can return JSON or XML to my heart's content. Where I'm getting stuck is what to do with that now.

我的理想目的是让iPhone和Android客户端消费并返回数据，但我不知道正确的方法来处理身份验证。我最简单的方法是在设备上保存用户名和密码，并使用它来标记每个请求，最终使用基本身份验证，但是错误。我已经看到了活塞对OAuth的支持，并在本教程，但也不是正确的答案。最终，我真的希望在设备上提供用户名和密码的简单提示，那些将通过Piston和REST发送到Django，一个API密钥将返回。设备将存储该密钥并标记所有后续请求。那感觉就是正确的方式，但是我不知道该怎么做。任何一个可以指出我的方向正确吗？

My ideal endgame is to have an iPhone and Android client consume and return data, but I don't know the right way to handle authentication. The easiest way I can figure is saving the username and password on the device and tagging each request with it, ultimately using Basic Authentication, but that wreaks of wrong. I've looked in to piston's support for OAuth and gotten it working with the help of this tutorial, but that doesn't feel like the right answer, either. Ultimately, I'd really like to have a simple prompt on the device for username and password, those will be sent up to Django via Piston and REST, and an API key will return down. The device will store that key and tag all subsequent requests with it. That feels like the right way, but I can't figure out how to do it. Can any one point me in the right direction?

推荐答案

您可以编写自己的身份验证模块。以下是一个例子：

You can write your own authentication module. Here's an example:

class ApiKeyAuthentication(object):

    def is_authenticated(self, request):
        auth_string = request.META.get("HTTP_AUTHORIZATION")

        if not auth_string:
            return False

        key = get_object_or_None(ApiKey, key=auth_string)

        if not key:
            request.user = AnonymousUser()
            return False

        request.user = key.user

        return True

    def challenge(self):
        resp = HttpResponse("Authorization Required")
        resp['WWW-Authenticate'] = "Key Based Authentication"
        resp.status_code = 401
        return resp

你需要一个存储API密钥到用户的映射的模型：

You'll need a model to store a mapping of API keys to Users:

class ApiKey(models.Model):
    user = models.ForeignKey(User, related_name='keys')
    key = models.CharField(max_length=KEY_SIZE)

您需要一些方法来生成实际的键。这样的事情就会起作用（比如说，在ApiKey模型的中保存方法：

You'll need some method to generate the actual keys. Something like this will work (say, in the ApiKey model's save method:

key = User.objects.make_random_password(length=KEY_SIZE)

while ApiKey.objects.filter(key__exact=key).count():
    key = User.objects.make_random_password(length=KEY_SIZE)

最后，连接新的身份验证后端：

Lastly, hook up your new authentication backend:

# urls.py

key_auth = ApiKeyAuthentication()

def ProtectedResource(handler):
    return resource.Resource(handler=handler, authentication=key_auth)

your_handler = ProtectedResource(YourHandler)

对于交换API密钥的用户名/密码，只需编写一个使用BasicAuthentication创建并返回新的ApiKey（对于request.user）的处理程序。

As for swapping username / password for an API key, just write a handler that uses BasicAuthentication to create and return new ApiKey (for request.user).

这篇关于写django-piston客户端的正确方法是什么？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！