What are you really trying to do? Is the API simply being called from the
browser, or are other types of clients calling it? If that latter, you
might look into using JWT auth, as session based authentication doesn't
work well for non-browser clients unless you get them to maintain a session
by passing the session cookie back and forth. If the only client is the
browser, just have it make Ajax calls directly to the API endpoints -- no
reason to pass requests through an endpoint in another controller.
Anthony
On Monday, November 13, 2017 at 9:14:00 AM UTC-5, Leandro Sebastian
Salgueiro wrote:
>
> HI,
>
> I have two controllers on the same app:
>
> TestApp
> |
> |---default.py
> |---api.py
>
> api is a restful service that will call other services. For security
> reasons I would like that all call to these services are passed by the api
> restful. (it will work like a proxy in this case)
>
> I did try the following :
>
> in default.py :
>
> @auth.requires_login()
> def index():
> import requests
> json = requests.get(URL('api', 'apps', host=True))
> return {"json": json.content}
>
>
> in api.py:
>
> import requests
> apps_url = 'http://localhost:8091/apps'
>
>
> @auth.requires_login()
>
> @request.restful()
> def apps():
> response.view = 'generic.json'
> def GET(*args,**vars):
> r = requests.get(apps_url)
> return r
> return dict(GET=GET)
>
>
> If i test this without the api's login decorator everything works fine.
> However I can access this restful from anywhere else...
> I added then the requires_login to api controller and then i test both
> URLs independently from browser, it works ok (login to web2py -> go to
> /api/apps -> get my results) however if I do the GET request using
> requests.get from default controller i get a* Non Authorized *message and
> redirect to login form.
>
> what i'm missing here? i thought that if I was in the same app, auth
> session would be shared among different controllers...
>
> any hint on this would be the most welcomed..
> Thanks in advanced.
> Leandro
>
>
>
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
