I've done this a few times, using the same pattern:
I use "Pylons" style controllers, having shared API logic (identity, auth,
etc) in a base class...
class _CoreHandler(object):
def __init__(self, request: "Request"):
pass
class _ApiHandler(_CoreHandler):
def __init__(self, request: "Request"):
_CoreHandler.__init__(self, request)
Then the routes inherit from those classes...
class ApiPv1_Link(_CoreHandler):
@view_config(route_name="api-public:v1:object:link",
renderer="json")
def link(self) -> Dict:
return {}
If I were just doing a one-off project, I would have stuck to the Pyramid
auth – but we ran into some performance/bottlenecks using the Pyramid
system with our internal needs and got the required improvements by
bringing that within the Pylons handlers. I have no criticism of the
Pyramid setup, we were just able to better group database/kv queries and
logic by centralizing a lot of the calls into that spot.
I have a variant of this pattern in a project I open sourced, and will
share that here:
https://github.com/aptise/peter_sslers/blob/main/src/peter_sslers/web/views_admin/acme_authorization.py
In the example view here:
1- every route handles a HTML view and a `.json` API version
2- `request.wants_json` is a reified property
3- a "@docify" handler is used to define the documentation for the API
route, which gets rendered onto a help page.
We have a lot of legacy code running on formencode, which is why we don't
use deform/colander.
I also open sourced our oAuth integration library here, which may be useful:
https://github.com/jvanasco/pyramid_oauthlib_lowlevel/
The test suite for that contains full apps and oauth workflows.
On Thursday, September 12, 2024 at 3:02:57 AM UTC-4 Laurent Daverio wrote:
> Hi Mikko,
>
> I had a long look at FastAPI a few months ago. At first it looked like a
> very interesting option to me, and I further explored the docs to find if
> it offered all that I needed.
>
> The Swagger/OpenAPI integration out of the box has to be the main selling
> point. Also, the use of Pydantic schemas to validate both inputs and
> outputs is very attractive, as well as the Oauth2 integration out of the
> box.
>
> On the minus side, the dependency injection system seemed far from clear
> to me. But the two biggest problems, for my needs, were:
>
> - FastAPI doesn't offer rich security policies (the security system in
> Pyramid is based on Zope's, with roles, permissions, ACLs, route factories,
> contexts, etc.). Itonly offers "Oauth2 scopes", which can represent global
> permissions. So, no contextual permissions, workflows, etc, at least not
> with a substantial amount of work.
>
> - FastAPI doesn't seem to allow application composition the way Pyramid
> does (the exact term in the Pyramid docs is "extending an application")
>
> So, in the end, I realised it was just a shinier, modern-er Flask, and I
> would lose too any things if I made the switch from Pyramid :(
>
> Laurent.
>
>
>
> Le jeu. 12 sept. 2024 à 00:50, Mikko Ohtamaa <[email protected]> a
> écrit :
>
>> Hi,
>>
>> Alternatively fastapi is a very popular and maintained framework today.
>> Though as far as I know, it runs on the top of Flask, not Pyramid. Not sure
>> if Pyramid integration exists.
>>
>> https://github.com/fastapi/fastapi
>>
>> Br,
>> Mikko
>>
>> On Wed, 11 Sept 2024 at 16:11, Laurent Daverio <[email protected]> wrote:
>>
>>> Hello List,
>>>
>>> I would like to ask about recommended packages for writing API routes in
>>> Pyramid. I mostly know two ways of doing it:
>>>
>>> - using Pyramid views with a JSON renderer
>>> - using Cornice
>>>
>>> At one time, I was using `pyramid_openapi3` on tope of it, but I decided
>>> to stop, due to having lots of issues with it (but that's another story).
>>>
>>> I generally prefer Cornice, however there a lot of features I don't use,
>>> like validations, and "resources" (I only use "services", as "resources"
>>> are not flexible enough for my needs).
>>>
>>> So, at this point, my question is: if you were to recommend something
>>> "better" than Cornice ("better" meaning essentially "lighter"), what would
>>> it be?
>>>
>>> Thanks in advance,
>>>
>>> Laurent.
>>>
>>>
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "pylons-discuss" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to [email protected].
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/pylons-discuss/CAB7cU6xtNQdj%3Dby9WjeJwJZkpV4-GOmDeyaq1XqyJZ_dGC%3D%2B0w%40mail.gmail.com
>>>
>>> <https://groups.google.com/d/msgid/pylons-discuss/CAB7cU6xtNQdj%3Dby9WjeJwJZkpV4-GOmDeyaq1XqyJZ_dGC%3D%2B0w%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>> .
>>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "pylons-discuss" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected].
>>
> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/pylons-discuss/CAK8RCUsN86a_taRKS_9BAZsusVokUeSvvtuYOTRAHzEtYi57Ow%40mail.gmail.com
>>
>> <https://groups.google.com/d/msgid/pylons-discuss/CAK8RCUsN86a_taRKS_9BAZsusVokUeSvvtuYOTRAHzEtYi57Ow%40mail.gmail.com?utm_medium=email&utm_source=footer>
>> .
>>
>
--
You received this message because you are subscribed to the Google Groups
"pylons-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/pylons-discuss/24ee6c39-95a1-48c3-b865-50fbf3832740n%40googlegroups.com.
