Contoh pembuatan API

.gitignore

@@ -3,3 +3,4 @@
 *~
 env*/
 test*
+dist

web_starter/__init__.py

@@ -6,10 +6,10 @@ from pyramid.i18n import get_localizer
 from pyramid.threadlocal import get_current_request
 from pyramid.config import Configurator
 from pyramid_beaker import session_factory_from_settings
-from pyramid.authentication import AuthTktAuthenticationPolicy
 from pyramid.authorization import ACLAuthorizationPolicy
 from pyramid_mailer import mailer_factory_from_settings
 from sqlalchemy import engine_from_config
+from .security import AuthTktAuthenticationPolicy
 from .models import (
     DBSession,
     Base,
@@ -62,14 +62,14 @@ def main(global_config, **settings):
     config.include('pyramid_chameleon')
 
     authn_policy = AuthTktAuthenticationPolicy(
-            'sosecret', callback=group_finder, hashalg='sha512')
+            settings['auth_key'], callback=group_finder, hashalg='sha512')
     config.set_authentication_policy(authn_policy)
 
     authz_policy = ACLAuthorizationPolicy()
     config.set_authorization_policy(authz_policy)
 
     config.add_request_method(get_user, 'user', reify=True)
-    config.add_notfound_view(RemoveSlashNotFoundViewFactory())        
+    config.add_notfound_view(RemoveSlashNotFoundViewFactory())
     config.add_static_view('static', 'static', cache_max_age=3600)
     config.add_static_view('deform_static', 'deform:static')
     config.add_translation_dirs('locale')

web_starter/routes.csv

@@ -15,3 +15,4 @@ group
 group-add,/group/add
 group-edit,/group/{id}
 group-delete,/group/{id}/delete
+api

web_starter/security.py

+import logging
+from pyramid.authentication import \
+        AuthTktAuthenticationPolicy as BaseAuthTktAuthenticationPolicy
+from ziggurat_foundations.models.services.user import UserService
 from .models import DBSession
 from .models.ziggurat import (
     User,
@@ -5,6 +9,34 @@ from .models.ziggurat import (
     )
 
 
+log = logging.getLogger(__name__)
+
+
+class AuthTktAuthenticationPolicy(BaseAuthTktAuthenticationPolicy):
+    def unauthenticated_userid(self, request):  # Override
+        user_id = super().unauthenticated_userid(request)
+        if user_id:
+            return user_id
+        user_id = request.POST.get('user_id')
+        if not user_id:
+            log.debug(f'user_id tidak dikirim')
+            return
+        user_pass = request.POST.get('user_pass')
+        if not user_pass:
+            log.debug(f'user_pass tidak dikirim')
+            return
+        user_id = int(user_id)
+        q = DBSession.query(User).filter_by(id=user_id)
+        user = q.first()
+        if not user:
+            log.debug(f'user_id {user_id} tidak ada di tabel')
+            return
+        if UserService.check_password(user, user_pass):
+            log.debug(f'user_id {user_id} logged in')
+            return user_id
+        log.debug(f'user_id {user_id} login failed')
+
+
 def group_finder(login, request):
     q = DBSession.query(User).filter_by(id=login)
     u = q.first()

web_starter/views/api.py

+from pyramid.view import view_config
+from pyramid.response import Response
+
+
+@view_config(route_name='api')
+def view_api(request):
+    if request.has_permission('user-edit'):
+        s = 'can user-edit'
+    else:
+        s = 'cannot user-edit'
+    r = Response(s)
+    r.status_int = 200
+    return r