Groups keyboard shortcuts have been updated
Dismiss
See shortcuts
extending an API with nonces ?
14 views
Skip to first unread message
Jonathan Vanasco
Feb 22, 2025, 10:06:36 PMFeb 22
to pylons-discuss
I need to extend some API routes on a project with nonces.
The general design I would like to accomplish is this:
* Some routes will be a Provider - a nonce will be generated for the header
* Some routes will be a Consumer - a valid nonce is required; they will generate a new nonce as well
* Most routes will have nothing to do with any of this
I am trying to figure out the best way to accomplish this.
I was hoping to leverage the CSRF system, but I do not want to integrate "sessions" into this, and I need to keep the size of the nonce value quite small.
Tweens would be easy to implement, but that would turn every route into a Provider; I don't want to do that.
The general design I would like to accomplish is this:
* Some routes will be a Provider - a nonce will be generated for the header
* Some routes will be a Consumer - a valid nonce is required; they will generate a new nonce as well
* Most routes will have nothing to do with any of this
I am trying to figure out the best way to accomplish this.
I was hoping to leverage the CSRF system, but I do not want to integrate "sessions" into this, and I need to keep the size of the nonce value quite small.
Tweens would be easy to implement, but that would turn every route into a Provider; I don't want to do that.
The best option I can think of right now is to just use python decorators to wrap select callables:
@view_config(...)
@nonced(policy=NoncePolicy.Provider)
def a_view(request):
pass
Does anyone have better ideas?
@view_config(...)
@nonced(policy=NoncePolicy.Provider)
def a_view(request):
pass
Does anyone have better ideas?
Michael Merickel
Feb 22, 2025, 11:08:12 PMFeb 22
to pylons-...@googlegroups.com, pylons-discuss
View derivers are the answer to decorating views on a per view basis.
- Michael
On Feb 22, 2025, at 20:06, Jonathan Vanasco <jvan...@gmail.com> wrote:
I need to extend some API routes on a project with nonces.
--
You received this message because you are subscribed to the Google Groups "pylons-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pylons-discus...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/pylons-discuss/954f6f3b-1f0c-4a62-a39f-5f31ba51f49bn%40googlegroups.com.
Jonathan Vanasco
Feb 23, 2025, 2:05:39 PMFeb 23
to pylons-discuss
Thanks, Michael. This looks to be exactly what I was hoping for!
Reply all
Reply to author
Forward
0 new messages