On Monday, November 13, 2017 at 6:14:00 AM UTC-8, Leandro Sebastian
Salgueiro wrote:
>
> HI,
>
> I have two controllers on the same app:
>
> TestApp
> |
> |---default.py
> |---api.py
>
> api is a restful service that will call other services. For security
> reasons I would like that all call to these services are passed by the api
> restful. (it will work like a proxy in this case)
>
> I did try the following :
>
> in default.py :
>
> @auth.requires_login()
> def index():
> import requests
> json = requests.get(URL('api', 'apps', host=True))
> return {"json": json.content}
>
>
> in api.py:
>
> import requests
> apps_url = 'http://localhost:8091/apps'
>
>
> @auth.requires_login()
>
> @request.restful()
> def apps():
> response.view = 'generic.json'
> def GET(*args,**vars):
> r = requests.get(apps_url)
> return r
> return dict(GET=GET)
>
>
> If i test this without the api's login decorator everything works fine.
> However I can access this restful from anywhere else...
> I added then the requires_login to api controller and then i test both
> URLs independently from browser, it works ok (login to web2py -> go to
> /api/apps -> get my results) however if I do the GET request using
> requests.get from default controller i get a* Non Authorized *message and
> redirect to login form.
>
> what i'm missing here? i thought that if I was in the same app, auth
> session would be shared among different controllers...
>
> any hint on this would be the most welcomed..
> Thanks in advanced.
> Leandro
>
>
You may be running into a twist that Anthony explained to me, where an API
call's session doesn't last past the call (some qualifiers may be
needed). I'm not sure if that is true when the controller/function does
an request "from the inside", but I would think about that.
I also think you might be better served using JWT for API authorization,
and web2py has supported that for a while. Look at the following thread
for a little about using JWT, and for Anthony's comment about session
lifetimes.
<URL:https://groups.google.com/d/topic/web2py/VMhvBLU0zW0/discussion>
For more on JWT, look at the references in that thread (another thread, and
gluon/tools.py).
/dps
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
