当前位置: 文江博客话题详情

让 Twitter、Tastypie、Django、XAuth 和 iOS 构建基于 Django 的访问权限

发布于 2024-12-06 23:25:29 字数 457 浏览 0 评论 0原文

我将构建一个 iOS 应用程序,其功能将基于 Django REST 应用程序提供的访问权限。

Django 管理 iOS 应用程序中活动的权限。如果允许,用户 A 可以执行工作 A。将通过 ASIHTTPRequest 向 Django Tastypie 提供的 REST API 查询权限。

没有注册。用户只能通过 Twitter 登录。 XAuth 将用于为用户呈现登录屏幕。

有 2 种类型的用户。出于示例目的,将有类型 1 和类型 2。类型 1 是只能在 iOS 应用程序中浏览数据的普通用户。

类型 2 用户可以提交/编辑数据。

理论上就是这样。然而……我不知道从哪里开始!

最大的障碍:

如何通过 Tastypie 将 Twitter XAuth 与 Django 的用户后端挂钩?

如果我知道这一点,那么我可以查询必要的权限。

提前致谢!

原文

I will build an iOS application whose functionality will be based on access permissions provided by a Django REST application.

Django manages the permissions for the activities in the iOS app. User A can do Work A if he/she is permitted. Permissions will be queried via ASIHTTPRequest to a REST API served by Django Tastypie.

There is no registration. Users will just be able to login via Twitter. XAuth will be used to present a login screen for users.

There are 2 types of users. For example purposes, there will be Type 1 and Type 2. Type 1 will be ordinary user who can only browse data in the iOS app.

Type 2 user can submit/edit data.

That's it theoretically. However...I don't know where to start!!

The biggest roadblock:

How can I hook Twitter XAuth with Django's user backend via Tastypie?

If I know this then I can query the necessary permissions.

Thanks in advance!

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

太傻旳人生 2024-12-13 23:25:29

我已经用 django + tastypie 和 iOS 的 facebook 登录做了类似的事情。

身份验证

  1. 使用您愿意的任何方式登录用户,获取access_token

  2. 创建一个 GET 请求 tastypie 端点,您将把 accesstoken 作为查询字符串传递到其中。

  3. 在服务器端验证等...然后创建您自己的内部“tastypie”令牌并在对 get 请求的响应中返回该令牌,例如:
class GetToken(ModelResource):
    """
    Authenticates the user via facebook and returns an APIToken for them.
    """



class Meta(object):
    queryset = ApiKey.objects.all()
    resource_name = 'authenticate'
    fields = ['user', 'key']
    allowed_methods = ['get']
    authorization = Authorization()
    authentication = FacebookAuthentication()

def prepend_urls(self):
    """We override this to change default behavior
    for the API when using GET to actually "create" a resource,
    in this case a new session/token."""

    return [
        url(r"^(?P<resource_name>%s)%s$" % (self._meta.resource_name, trailing_slash()),
            self.wrap_view('_create_token'), name="api_get_token"),
        ]

def _create_token(self, request, **kwargs):
    """Validate using FacebookAuthentication, and create Api Token if authenticated"""
    self.method_check(request, allowed=['get'])
    # This checks that the user is authenticated on facebook and also creates the user
    # if they have not been created.
    self.is_authenticated(request)
    self.throttle_check(request)

    bundle = self.build_bundle(obj=None, request=request)
    bundle = self.obj_create(bundle, request, **kwargs)
    bundle = self.full_dehydrate(bundle)

    self.log_throttled_access(request)
    return self.create_response(request, bundle.data)


def obj_create(self, bundle, request=None, **kwargs):
    """Create a new token for the session"""
    bundle.obj, created = ApiKey.objects.get_or_create(user=request.user)
    return bundle







    

  1. 

    在所有后续调用中传递返回的 API 密钥,可以再次作为查询字符串参数,也可以在每次调用的授权标头上设置它。
    

    2. 

  2. 

    确保所有您想要进行身份验证的其他资源在元数据中设置了 ApiKeyAuthentication()
    

    3. 



class ThingResource(ModelResource):
    class Meta:
        queryset = Thing.objects.all()
        resource_name = 'thing'
        authentication = ApiKeyAuthentication()





 授权


现在您在服务器端知道用户就是他们所说的那个人,这个用户可以做什么?这就是授权元的意义所在。


您可能需要 Django 授权 在这种情况下您可以使用用户的正常权限方案,或者您可以推出自己的方案。这很简单。

I've done something similar with django + tastypie and facebook login for iOS.

Authentication

  1. Log the user in using whatever means you will, get the access_token.

  2. Create a GET request tastypie endpoint to which you will pass the accesstoken as a query string.

  3. On the server side validate etc... and then create your own internal "tastypie" token and return that in the response to the get request e.g:

class GetToken(ModelResource):
    """
    Authenticates the user via facebook and returns an APIToken for them.
    """



class Meta(object):
    queryset = ApiKey.objects.all()
    resource_name = 'authenticate'
    fields = ['user', 'key']
    allowed_methods = ['get']
    authorization = Authorization()
    authentication = FacebookAuthentication()

def prepend_urls(self):
    """We override this to change default behavior
    for the API when using GET to actually "create" a resource,
    in this case a new session/token."""

    return [
        url(r"^(?P<resource_name>%s)%s$" % (self._meta.resource_name, trailing_slash()),
            self.wrap_view('_create_token'), name="api_get_token"),
        ]

def _create_token(self, request, **kwargs):
    """Validate using FacebookAuthentication, and create Api Token if authenticated"""
    self.method_check(request, allowed=['get'])
    # This checks that the user is authenticated on facebook and also creates the user
    # if they have not been created.
    self.is_authenticated(request)
    self.throttle_check(request)

    bundle = self.build_bundle(obj=None, request=request)
    bundle = self.obj_create(bundle, request, **kwargs)
    bundle = self.full_dehydrate(bundle)

    self.log_throttled_access(request)
    return self.create_response(request, bundle.data)


def obj_create(self, bundle, request=None, **kwargs):
    """Create a new token for the session"""
    bundle.obj, created = ApiKey.objects.get_or_create(user=request.user)
    return bundle





    

  1. 

    Pass the returned API key on all subsequent calls, can either be as a query string param again or I set it on the Authorisation header for every call.
    

    2. 

  2. 

    Make sure ALL the other resources you want to have authentication on have ApiKeyAuthentication() set in the Meta.
    

    3. 



class ThingResource(ModelResource):
    class Meta:
        queryset = Thing.objects.all()
        resource_name = 'thing'
        authentication = ApiKeyAuthentication()





Authorisation


So now you know on the server side that the user is who they say they are, what is this user allowed to do? Thats what the authorisation meta is all about.


You probably want Django Authorisation in which case you can just use the normal permissioning schemes for users, or you could roll your own. It's pretty simple.
回复 原文
素罗衫 2024-12-13 23:25:29

amrox 有一个 很好的示例,介绍如何挂钩 django-oauth-plus 支持 xAuth 到 tastypie。我想它可以根据您的目的进行调整。

amrox has a nice example on how to hook a custom fork of django-oauth-plus that supports xAuth into tastypie. I imagine it can be tweaked to suit your purposes.

回复 原文
~没有更多了~

关于作者

迷雾森÷林ヴ

暂无简介

0 文章
0 评论
24 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

胡图图

文章 0 评论 0

zt006

文章 0 评论 0

z祗昰~

文章 0 评论 0

冰葑

文章 0 评论 0

野の

文章 0 评论 0

天空

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文