Upgrade to Pro — share decks privately, control downloads, hide ads and more …

How to make a full fledged REST API with Django...

How to make a full fledged REST API with Django OAuth Toolkit

World is going mobile and the need of a backend talking with your apps is getting more and more important. What if I told you writing REST APIs in Python is so easy you don’t need to be a backend expert? Take generous tablespoons of Django, mix thoroughly with Django REST Framework and dust with Django OAuth Toolkit to bake the perfect API in minutes.

Federico Frenguelli

July 22, 2014
Tweet

More Decks by Federico Frenguelli

Other Decks in Technology

Transcript

  1. Models c l a s s A c t i

    v i t y ( m o d e l s . M o d e l ) : n a m e = m o d e l s . C h a r F i e l d ( m a x _ l e n g t h = 1 0 0 ) d e s c r i p t i o n = m o d e l s . T e x t F i e l d ( b l a n k = T r u e ) c l a s s T i m e E n t r y ( m o d e l s . M o d e l ) : a c t i v i t y = m o d e l s . F o r e i g n K e y ( A c t i v i t y ) u s e r = m o d e l s . F o r e i g n K e y ( s e t t i n g s . A U T H _ U S E R _ M O D E L ) d e s c r i p t i o n = m o d e l s . T e x t F i e l d ( b l a n k = T r u e ) s t a r t = m o d e l s . D a t e T i m e F i e l d ( b l a n k = T r u e , n u l l = T r u e ) e n d = m o d e l s . D a t e T i m e F i e l d ( b l a n k = T r u e , n u l l = T r u e )
  2. API Endpoints Url Methods Semantic /api/activities/ GET, POST list, create

    /api/activities/<id>/ GET, PUT/PATCH, DELETE detail, update, remove /api/tracks/ GET, POST list, create /api/tracks/<id>/ GET, PUT/PATCH, DELETE detail, update, remove
  3. Serialize Data c l a s s A c t

    i v i t y S e r i a l i z e r ( s e r i a l i z e r s . S e r i a l i z e r ) : p k = s e r i a l i z e r s . F i e l d ( ) n a m e = s e r i a l i z e r s . C h a r F i e l d ( m a x _ l e n g t h = 1 0 0 ) d e s c r i p t i o n = s e r i a l i z e r s . C h a r F i e l d ( r e q u i r e d = F a l s e ) d e f r e s t o r e _ o b j e c t ( s e l f , a t t r s , i n s t a n c e = N o n e ) : i f i n s t a n c e : # U p d a t e e x i s t i n g i n s t a n c e i n s t a n c e . n a m e = a t t r s . g e t ( ' n a m e ' , i n s t a n c e . n a m e ) i n s t a n c e . d e s c r i p t i o n = a t t r s . g e t ( ' d e s c r i p t i o n ' , i n s t a n c e . d e s c r i p t i o n ) r e t u r n i n s t a n c e # C r e a t e n e w i n s t a n c e r e t u r n A c t i v i t y ( * * a t t r s ) > > > s e r i a l i z e r = A c t i v i t y S e r i a l i z e r ( a c t i v i t y ) > > > s e r i a l i z e r . d a t a # { ' p k ' : 1 , ' n a m e ' : u ' T i m e t r a c k e r ' , ' d e s c r i p t i o n ' : u ' W o r k i n o n t i m e t r a c k e r ' }
  4. Simplify! Model Serializer c l a s s A c

    t i v i t y S e r i a l i z e r ( s e r i a l i z e r s . M o d e l S e r i a l i z e r ) : c l a s s M e t a : m o d e l = A c t i v i t y
  5. API Endpoint Views What do we need? respect REST semantic

    user authentication permissions checks (also object level permission) pagination response and request formatting it's a lot of stuff!
  6. Settings R E S T _ F R A M

    E W O R K = { ' D E F A U L T _ A U T H E N T I C A T I O N _ C L A S S E S ' : ( ' r e s t _ f r a m e w o r k . a u t h e n t i c a t i o n . S e s s i o n A u t h e n t i c a t i o n ' , ) , ' D E F A U L T _ P E R M I S S I O N _ C L A S S E S ' : ( ' r e s t _ f r a m e w o r k . p e r m i s s i o n s . I s A u t h e n t i c a t e d ' , ) , ' D E F A U L T _ R E N D E R E R _ C L A S S E S ' : ( ' r e s t _ f r a m e w o r k . r e n d e r e r s . J S O N R e n d e r e r ' , ) , ' D E F A U L T _ P A R S E R _ C L A S S E S ' : ( ' r e s t _ f r a m e w o r k . p a r s e r s . J S O N P a r s e r ' , ) }
  7. Api View c l a s s A c t

    i v i t y L i s t ( A P I V i e w ) : " " " L i s t a l l a c t i v i t i e s , o r c r e a t e a n e w a c t i v i t y . " " " d e f g e t ( s e l f , r e q u e s t , f o r m a t = N o n e ) : a c t i v i t i e s = A c t i v i t y . o b j e c t s . a l l ( ) s e r i a l i z e r = A c t i v i t y S e r i a l i z e r ( a c t i v i t i e s , m a n y = T r u e ) r e t u r n R e s p o n s e ( s e r i a l i z e r . d a t a ) d e f p o s t ( s e l f , r e q u e s t , f o r m a t = N o n e ) : s e r i a l i z e r = A c t i v i t y S e r i a l i z e r ( d a t a = r e q u e s t . D A T A ) i f s e r i a l i z e r . i s _ v a l i d ( ) : s e r i a l i z e r . s a v e ( ) r e t u r n R e s p o n s e ( s e r i a l i z e r . d a t a , s t a t u s = s t a t u s . H T T P _ 2 0 1 _ C R E A T E D ) r e t u r n R e s p o n s e ( s e r i a l i z e r . e r r o r s , s t a t u s = s t a t u s . H T T P _ 4 0 0 _ B A D _ R E Q U E S T ) u r l p a t t e r n s = p a t t e r n s ( ' ' , u r l ( r ' ^ a p i / a c t i v i t i e s / $ ' , A c t i v i t y L i s t . a s _ v i e w ( ) ) , # . . . )
  8. Simplify! Generic Class Based Views c l a s s

    A c t i v i t y L i s t ( g e n e r i c s . L i s t C r e a t e A P I V i e w ) : q u e r y s e t = A c t i v i t y . o b j e c t s . a l l ( ) s e r i a l i z e r _ c l a s s = A c t i v i t y S e r i a l i z e r c l a s s A c t i v i t y D e t a i l ( g e n e r i c s . R e t r i e v e U p d a t e D e s t r o y A P I V i e w ) : q u e r y s e t = A c t i v i t y . o b j e c t s . a l l ( ) s e r i a l i z e r _ c l a s s = A c t i v i t y S e r i a l i z e r c l a s s T i m e E n t r y L i s t ( g e n e r i c s . L i s t C r e a t e A P I V i e w ) : q u e r y s e t = T i m e E n t r y . o b j e c t s . a l l ( ) s e r i a l i z e r _ c l a s s = T i m e E n t r y S e r i a l i z e r c l a s s T i m e E n t r y D e t a i l ( g e n e r i c s . R e t r i e v e U p d a t e D e s t r o y A P I V i e w ) : q u e r y s e t = T i m e E n t r y . o b j e c t s . a l l ( ) s e r i a l i z e r _ c l a s s = T i m e E n t r y S e r i a l i z e r
  9. Problems Store the user password in the app The app

    has a full access to user account User has to change his password to revoke the access Compromised apps expose the user password Reference: http://www.slideshare.net/aaronpk/an-introduction-to-oauth2
  10. Actors Resource Owner: The User Resource Server: Timetracker API Authorization

    Server: The same as the Resource Server Client: Songify App
  11. Step 4 The Authorization Server directs the Resource Owner back

    to the client with the authorization code
  12. Step 5 The Client exchange the authorization code for a

    token The token is used by the Client to authenticate requests
  13. Django OAuth Toolkit Django 1.4, 1.5, 1.6, 1.7 Python2 &

    Python3 Built on top of oauthlib https://github.com/evonove/django-oauth-toolkit
  14. DOT and Django I N S T A L L

    E D _ A P P S + = ( ' o a u t h 2 _ p r o v i d e r ' , ) u r l p a t t e r n s + = p a t t e r n s ( ' ' , u r l ( r ' ^ o / ' , i n c l u d e ( ' o a u t h 2 _ p r o v i d e r . u r l s ' , n a m e s p a c e = ' o a u t h 2 _ p r o v i d e r ' ) ) , ) Create a protected endpoint f r o m o a u t h 2 _ p r o v i d e r . v i e w s . g e n e r i c i m p o r t P r o t e c t e d R e s o u r c e V i e w c l a s s A p i E n d p o i n t ( P r o t e c t e d R e s o u r c e V i e w ) : d e f g e t ( s e l f , r e q u e s t , * a r g s , * * k w a r g s ) : r e t u r n H t t p R e s p o n s e ( ' P r o t e c t e d w i t h O A u t h 2 ! ' )
  15. Integrates with DRF R E S T _ F R

    A M E W O R K = { ' D E F A U L T _ A U T H E N T I C A T I O N _ C L A S S E S ' : ( ' o a u t h 2 _ p r o v i d e r . e x t . r e s t _ f r a m e w o r k . O A u t h 2 A u t h e n t i c a t i o n ' , ) }
  16. Exchange the code Unauthenticated access Authenticated access LET'S TEST IT!

    Authorization endpoint h t t p : / / l o c a l h o s t : 8 0 0 0 / o / a u t h o r i z e ? r e s p o n s e _ t y p e = c o d e & c l i e n t _ i d = < c l i e n t _ i d > & r e d i r e c t _ u r i = h t t p : / / e x a m p l e . c o m c u r l - X P O S T - d " g r a n t _ t y p e = a u t h o r i z a t i o n _ c o d e & c o d e = < c o d e > & r e d i r e c t _ u r i = h t t p : / / e x a m p l e . c o m / " h t t p : / / < c l i e n c u r l h t t p : / / l o c a l h o s t : 8 0 0 0 / a p i / a c t i v i t i e s / c u r l - H " A u t h o r i z a t i o n : B e a r e r < y o u r _ a c c e s s _ t o k e n > " h t t p : / / l o c a l h o s t : 8 0 0 0 / a p i / a c t i v i t i e s / < / y o u r _ a c c e s s _ t o