Contoh pembuatan API

Owo Sugiana
Commit 1001ca9c authored Jan 11, 2021 by Owo Sugiana
Showing 5 changed files with 50 additions and 3 deletions
.gitignore
web_starter/__init__.py
web_starter/routes.csv
web_starter/security.py
web_starter/views/api.py
--- a/.gitignore
+++ b/.gitignore
@@ -3,3 +3,4 @@
 *~
 env*/
 test*
+dist
--- a/web_starter/__init__.py
+++ b/web_starter/__init__.py
@@ -6,10 +6,10 @@ from pyramid.i18n import get_localizer
 from pyramid.threadlocal import get_current_request
 from pyramid.config import Configurator
 from pyramid_beaker import session_factory_from_settings
-from pyramid.authentication import AuthTktAuthenticationPolicy
 from pyramid.authorization import ACLAuthorizationPolicy
 from pyramid_mailer import mailer_factory_from_settings
 from sqlalchemy import engine_from_config
+from .security import AuthTktAuthenticationPolicy
 from .models import (
    DBSession,
    Base,
@@ -62,14 +62,14 @@ def main(global_config, **settings):
    config.include('pyramid_chameleon')
    authn_policy = AuthTktAuthenticationPolicy(
-            'sosecret', callback=group_finder, hashalg='sha512')
+            settings['auth_key'], callback=group_finder, hashalg='sha512')
    config.set_authentication_policy(authn_policy)
    authz_policy = ACLAuthorizationPolicy()
    config.set_authorization_policy(authz_policy)
    config.add_request_method(get_user, 'user', reify=True)
-    config.add_notfound_view(RemoveSlashNotFoundViewFactory())        
+    config.add_notfound_view(RemoveSlashNotFoundViewFactory())
    config.add_static_view('static', 'static', cache_max_age=3600)
    config.add_static_view('deform_static', 'deform:static')
    config.add_translation_dirs('locale')

--- a/web_starter/routes.csv
+++ b/web_starter/routes.csv
@@ -15,3 +15,4 @@ group
 group-add,/group/add
 group-edit,/group/{id}
 group-delete,/group/{id}/delete
+api
--- a/web_starter/security.py
+++ b/web_starter/security.py
+import logging
+from pyramid.authentication import \
+        AuthTktAuthenticationPolicy as BaseAuthTktAuthenticationPolicy
+from ziggurat_foundations.models.services.user import UserService
 from .models import DBSession
 from .models.ziggurat import (
    User,
@@ -5,6 +9,34 @@ from .models.ziggurat import (
    )
+log = logging.getLogger(__name__)
+class AuthTktAuthenticationPolicy(BaseAuthTktAuthenticationPolicy):
+    def unauthenticated_userid(self, request):  # Override
+        user_id = super().unauthenticated_userid(request)
+        if user_id:
+            return user_id
+        user_id = request.POST.get('user_id')
+        if not user_id:
+            log.debug(f'user_id tidak dikirim')
+            return
+        user_pass = request.POST.get('user_pass')
+        if not user_pass:
+            log.debug(f'user_pass tidak dikirim')
+            return
+        user_id = int(user_id)
+        q = DBSession.query(User).filter_by(id=user_id)
+        user = q.first()
+        if not user:
+            log.debug(f'user_id {user_id} tidak ada di tabel')
+            return
+        if UserService.check_password(user, user_pass):
+            log.debug(f'user_id {user_id} logged in')
+            return user_id
+        log.debug(f'user_id {user_id} login failed')
 def group_finder(login, request):
    q = DBSession.query(User).filter_by(id=login)
    u = q.first()

--- a/web_starter/views/api.py
+++ b/web_starter/views/api.py
+from pyramid.view import view_config
+from pyramid.response import Response
+@view_config(route_name='api')
+def view_api(request):
+    if request.has_permission('user-edit'):
+        s = 'can user-edit'
+    else:
+        s = 'cannot user-edit'
+    r = Response(s)
+    r.status_int = 200
+    return r