Contoh pembuatan API

.gitignore

@@ -3,3 +3,4 @@
 *~
 *~
 env*/
 env*/
 test*
 test*
+dist

web_starter/__init__.py

@@ -6,10 +6,10 @@ from pyramid.i18n import get_localizer
 from pyramid.threadlocal import get_current_request
 from pyramid.threadlocal import get_current_request
 from pyramid.config import Configurator
 from pyramid.config import Configurator
 from pyramid_beaker import session_factory_from_settings
 from pyramid_beaker import session_factory_from_settings
-from pyramid.authentication import AuthTktAuthenticationPolicy
 from pyramid.authorization import ACLAuthorizationPolicy
 from pyramid.authorization import ACLAuthorizationPolicy
 from pyramid_mailer import mailer_factory_from_settings
 from pyramid_mailer import mailer_factory_from_settings
 from sqlalchemy import engine_from_config
 from sqlalchemy import engine_from_config
+from .security import AuthTktAuthenticationPolicy
 from .models import (
 from .models import (
     DBSession,
     DBSession,
     Base,
     Base,
@@ -62,7 +62,7 @@ def main(global_config, **settings):
     config.include('pyramid_chameleon')
     config.include('pyramid_chameleon')
 
 
     authn_policy = AuthTktAuthenticationPolicy(
     authn_policy = AuthTktAuthenticationPolicy(
-            'sosecret', callback=group_finder, hashalg='sha512')
+            settings['auth_key'], callback=group_finder, hashalg='sha512')
     config.set_authentication_policy(authn_policy)
     config.set_authentication_policy(authn_policy)
 
 
     authz_policy = ACLAuthorizationPolicy()
     authz_policy = ACLAuthorizationPolicy()

web_starter/routes.csv

@@ -15,3 +15,4 @@ group
 group-add,/group/add
 group-add,/group/add
 group-edit,/group/{id}
 group-edit,/group/{id}
 group-delete,/group/{id}/delete
 group-delete,/group/{id}/delete
+api

web_starter/security.py

+import logging
+from pyramid.authentication import \
+        AuthTktAuthenticationPolicy as BaseAuthTktAuthenticationPolicy
+from ziggurat_foundations.models.services.user import UserService
 from .models import DBSession
 from .models import DBSession
 from .models.ziggurat import (
 from .models.ziggurat import (
     User,
     User,
@@ -5,6 +9,34 @@ from .models.ziggurat import (
     )
     )
 
 
 
 
+log = logging.getLogger(__name__)
+
+
+class AuthTktAuthenticationPolicy(BaseAuthTktAuthenticationPolicy):
+    def unauthenticated_userid(self, request):  # Override
+        user_id = super().unauthenticated_userid(request)
+        if user_id:
+            return user_id
+        user_id = request.POST.get('user_id')
+        if not user_id:
+            log.debug(f'user_id tidak dikirim')
+            return
+        user_pass = request.POST.get('user_pass')
+        if not user_pass:
+            log.debug(f'user_pass tidak dikirim')
+            return
+        user_id = int(user_id)
+        q = DBSession.query(User).filter_by(id=user_id)
+        user = q.first()
+        if not user:
+            log.debug(f'user_id {user_id} tidak ada di tabel')
+            return
+        if UserService.check_password(user, user_pass):
+            log.debug(f'user_id {user_id} logged in')
+            return user_id
+        log.debug(f'user_id {user_id} login failed')
+
+
 def group_finder(login, request):
 def group_finder(login, request):
     q = DBSession.query(User).filter_by(id=login)
     q = DBSession.query(User).filter_by(id=login)
     u = q.first()
     u = q.first()

web_starter/views/api.py

+from pyramid.view import view_config
+from pyramid.response import Response
+
+
+@view_config(route_name='api')
+def view_api(request):
+    if request.has_permission('user-edit'):
+        s = 'can user-edit'
+    else:
+        s = 'cannot user-edit'
+    r = Response(s)
+    r.status_int = 200
+    return r