Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Come Creare Api Rest Per Tutti I Gusti Con Django Oauth Toolkit PDF
Come Creare Api Rest Per Tutti I Gusti Con Django Oauth Toolkit PDF
TO MAKE
A FULL FLEDGED REST API
with
http://evonove.it
GOALS
OAuth2 protected REST API
with Django
WHY?
INTRODUCING
the marvelous
TIMETRACKER
ONCE UPON A TIME...
one tool
single project
deploy once
moreover...
SERVICES ARE CONNECTED!
Third party service want your user's data!
WHAT'S IN THE BACKEND?
A service that expose
an amazing and reliable
REST API
THE REAL APP
TIMETRACKER
timetracker-backend
timetracker-web
timetracker-android
timetracker-ios
timetracker-desktop (linux, max, osx)
UI RECIPE
Gumby css framework
Ember.js javascript framework
jQuery
class TimeEntry(models.Model):
activity = models.ForeignKey(Activity)
user = models.ForeignKey(settings.AUTH_USER_MODEL)
description = models.TextField(blank=True)
start = models.DateTimeField(blank=True, null=True)
end = models.DateTimeField(blank=True, null=True)
API ENDPOINTS
Url Methods Semantic
serializer = ActivitySerializer(activity)
serializer.data
USE DRF!
SETTINGS
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework.authentication.SessionAuthentication',
),
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAuthenticated',
),
'DEFAULT_RENDERER_CLASSES': (
'rest_framework.renderers.JSONRenderer',
),
'DEFAULT_PARSER_CLASSES': (
'rest_framework.parsers.JSONParser',
)
}
APIVIEW
class ActivityList(APIView):
""" List all activities, or create a new activity. """
def get(self, request, format=None):
activities = Activity.objects.all()
serializer = ActivitySerializer(activities, many=True)
return Response(serializer.data)
urlpatterns = patterns('',
url(r'^api/activities/$', ActivityList.as_view()),
# ...
)
SIMPLIFY!
GENERIC CLASS BASED VIEWS
class ActivityList(generics.ListCreateAPIView):
queryset = Activity.objects.all()
serializer_class = ActivitySerializer
class ActivityDetail(generics.RetrieveUpdateDestroyAPIView):
queryset = Activity.objects.all()
serializer_class = ActivitySerializer
class TimeEntryList(generics.ListCreateAPIView):
queryset = TimeEntry.objects.all()
serializer_class = TimeEntrySerializer
class TimeEntryDetail(generics.RetrieveUpdateDestroyAPIView):
queryset = TimeEntry.objects.all()
serializer_class = TimeEntrySerializer
LAZY DEVS?
VIEWSETS
class ActivityViewSet(viewsets.ModelViewSet):
model = Activity
class TimeEntryViewSet(viewsets.ModelViewSet):
model = TimeEntry
router = routers.DefaultRouter()
router.register(r'activities', ActivityViewSet)
router.register(r'tracks', TimeEntryViewSet)
urlpatterns = patterns('',
url(r'^api/', include(router.urls)),
)
BONUS!
BUILTIN BROWSABLE API
HOW DO YOUR CLIENTS AUTHENTICATE?
Reference: http://www.slideshare.net/aaronpk/an-introduction-to-oauth2
THE OAUTH2 AUTHORIZATION
FRAMEWORK
https://github.com/evonove/django-oauth-toolkit
DOT AND DJANGO
INSTALLED_APPS += ('oauth2_provider',)
urlpatterns += patterns('',
url(r'^o/', include('oauth2_provider.urls',
namespace='oauth2_provider')),
)
class ApiEndpoint(ProtectedResourceView):
def get(self, request, *args, **kwargs):
return HttpResponse('Protected with OAuth2!')
BATTERIES INCLUDED
builtin views to register developer apps
form view for user authorization
INTEGRATES WITH DRF
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'oauth2_provider.ext.rest_framework.OAuth2Authentication',
)
}
LET'S TEST IT!
Authorization endpoint
http://localhost:8000/o/authorize?response_type=code&client_id=&redirect_uri=http://exa
Unauthenticated access
curl http://localhost:8000/api/activities/
Authenticated access
curl -H "Authorization: Bearer " http://localhost:8000/api/activities/
FUTURE PLANS
OAuth1 support
OpenID connector
NoSQL storages support
HELP NEEDED
THANKS