Si,
Am 21.08.2014 05:37, schrieb Si:
> Greetings,
Hello!
>
> I'm seeking guidance on building an application using Autobahn,
> hopefully it's ok to post here.
Sure.
>
> Details on the project can be found here
> <
https://github.com/si618/pi-time>. This is my first project in python
> and also Autobahn, so any advice is welcome.
There is a learning curve. Have you done asynchronous / event driven
programming before? I mean in another language?
Because: having experience with that will be very valuable entering
Autobahn - which is asynch. from core to outside.
The second hint is understanding the core design of WAMP:
http://wamp.ws/why/
Well, plus Python;)
These 3 know-how areas will give you a good fundament, and you will then
find your way as it "starts to make sense";)
>
> Originally I was just going to use websockets via Autobahn, but after
> some research it seems wamp sitting on top of websockets is a better
> approach, since it can perform authentication, authorization, as well as
> handling rpc calls and pubsub events, all of which I need.
Yes, WAMP provides all of this. The practical short story is this:
You write app components (e.g. one that runs on the Pi), and those
connect via WAMP to a _router_.
If you want to use Python for writing an app component, then using
AutobahnPython for doing that is recommended.
AutobahnPython _also_ includes a basic router - but that doesn't come
with builtin authentication or authorization.
If you want to have a router with production ready features, one option
is Crossbar.io - this is open-source made by Tavendo. There are other
router implementations as well: please see the WAMP website. So you are
not "locked in" with WAMP.
Getting started with Crossbar.io and Python is trivial:
http://crossbar.io/docs/Getting-started-with-Python/
Crossbar.io can create complete apps for you ("scaffolding") which you
can then tweak.
>
> After reviewing the autobahn code examples and source code, I'm unsure
> as to whether I should be using the wamp Application (or
> ApplicationSession?) class, and decorate my api accordingly, or decorate
You can use both. ApplicationSession is fully supported. Application is
very new and might change - but we will also support it fully.
It's kinda taste question. Application has more stuff built into and
might be easier to use.
> with exportRpc, exportPub and exportSub and use a class derived from the
No. Forget those. That is WAMP _v1_. It is deprecated. We will soon
remove all WAMP v1 related code and examples from AutobahnPython.
> WampServerProtocol?
No. See above. With WAMP v2 you are purely concerned with
ApplicationSession or Application.
>
> The web part of the project will use Django and Bootstrap, so I would be
Boostrap is just css sugar. No concern. Django: see below.
> using websockets along with more typical html requests. Is there
> anything to watch out for with this? Since they are different protocols
Yes: it does not work;)
Django is based on blocking code. There is no (sane) WebSocket stuff,
not to speak of WAMP running directly inside Django.
What exactly are you trying to cover using Django?
I mean: it's useless for Pi/WAMP client components. It's also useless if
you are doing UIs as HTML5 single-page-apps.
> operating on different ports I can't think there would be, but not sure...
AutobahnPython runs under Twisted or asyncio. Django does not run under
either of those.
>
> In regards to wamp authorization, I would like to bind the rights to api
> rpc calls and pubsub events based on Django user groups. The example
> code
> <
https://github.com/tavendo/AutobahnPython/blob/master/examples/twisted/wamp/authentication/wampcra/server.py>
> for wampcra points me in the right direction, but I'm unsure as to how
> to wire up my api. I'm a C# developer in my day job, and typically would
Using Crossbar.io, please see here:
http://crossbar.io/docs/Authorization/
> use an attribute (decorator) based approach to define which roles/groups
> would have permission for functions. Is this a decent way to approach it
> in autobahn/python?
No. Attaching authorization information directly to procedures is bad
design - at least this is Autobahn's and WAMP's view.
Whether a client 1 is allowed to call a procedure implemented in client
2 should (in general) be decided by the router (or a custom authorizer
in client 3)
Also you don't want to sprinkle roles in app code ..
>
> e.g.
>
> @exportRpc or @app.register
> @authorization('adminRole', 'userRole')
> def someApiFunction():
> ...
No. See above.
>
> Or should I follow the example shown here
> <
https://github.com/tavendo/AutobahnPython/blob/master/examples/twisted/wamp1/authentication/server.py>
You should ignore everything that contains the word "wamp1". Library as
well as example code.
> and manually define all the rpc and pubsub functions explicitly in one
> place?
Not sure what that means.
>
> Thanks in advance for any help.
Welcome to WAMP and Autobahn!
I am aware that what I wrote above might only partially answer your
questions (or was too fast) and/or trigger more questions. No problem:
keep on asking;)
/Tobias
>
> regards,
> si
>
> --
> You received this message because you are subscribed to the Google
> Groups "Autobahn" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to
autobahnws+...@googlegroups.com
> <mailto:
autobahnws+...@googlegroups.com>.
> To post to this group, send email to
autob...@googlegroups.com
> <mailto:
autob...@googlegroups.com>.
> To view this discussion on the web visit
>
https://groups.google.com/d/msgid/autobahnws/d4ba21df-0fa4-405d-9717-8a36c4c235d4%40googlegroups.com
> <
https://groups.google.com/d/msgid/autobahnws/d4ba21df-0fa4-405d-9717-8a36c4c235d4%40googlegroups.com?utm_medium=email&utm_source=footer>.
> For more options, visit
https://groups.google.com/d/optout.