View derivers are the answer to decorating views on a per view basis. 

- Michael

On Feb 22, 2025, at 20:06, Jonathan Vanasco <[email protected]> wrote:

I need to extend some API routes on a project with nonces.

The general design I would like to accomplish is this:

* Some routes will be a Provider - a nonce will be generated for the header
* Some routes will be a Consumer - a valid nonce is required; they will generate a new nonce as well
* Most routes will have nothing to do with any of this

I am trying to figure out the best way to accomplish this.

I was hoping to leverage the CSRF system, but I do not want to integrate "sessions" into this, and I need to keep the size of the nonce value quite small.

Tweens would be easy to implement, but that would turn every route into a Provider; I don't want to do that.

The best option I can think of right now is to just use python decorators to wrap select callables:

@view_config(...)
@nonced(policy=NoncePolicy.Provider)
def a_view(request):
   pass

Does anyone have better ideas?


--
You received this message because you are subscribed to the Google Groups "pylons-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [email protected].
To view this discussion visit https://groups.google.com/d/msgid/pylons-discuss/954f6f3b-1f0c-4a62-a39f-5f31ba51f49bn%40googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "pylons-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [email protected].
To view this discussion visit https://groups.google.com/d/msgid/pylons-discuss/4CDC39CB-C433-4077-B07A-71A4912B113C%40gmail.com.

Reply via email to