I'm trying to implement a REST api. I've coded the following:
@request.restful()
def api():
response.view = 'generic.json'
# curl -k --user tyr...@yahoo.ca:Lannister -G -d "var1=something1" -d "var2=something2"
# https://miramar21.com/tut_server/default/api/verify/person/:usr/:pwd
# https://miramar21.com/tut_server/default/api/add/person
# https://miramar21.com/tut_server/default/api/update/person/:id
def GET(*args,**vars):
auth.basic()
if not auth.user:
return dict(unauthorized=True)
try:
if args[0] == 'verify':
if len(args) > 3:
table_name = args[1]
usr = args[2]
pwd = args[3]
alg = 'pbkdf2(1000,20,sha512)'
hash = str(CRYPT(digest_alg=alg,salt=False)(pwd)[0])
row = db(db[table_name].email==usr).select().first()
if row:
status = True if row.password == hash else False
return dict(verified=status,id=row.id)
return locals()
if args[0] == 'add':
if len(args) > 1:
table_name = args[1]
return db[table_name].validate_and_insert(**vars)
return locals()
if args[0] == 'update':
if len(args) > 2:
table_name = args[1]
record_id = args[2]
return db(db[table_name]._id==record_id).validate_and_update(**vars)
return locals()
except:
return dict(fatal=True)
return locals()
return locals()
I have a feeling that I'm not doing user authorization for the REST api correctly, although the following cURL command works fine:
When I try to use jQuery ajax to perform the same operation, it chokes on the user authorization, whether I use JS
headers or
beforeSend. So I suspect I'm doing something wrong. (But why is cURL working???)
I just want to control user authorization as simply and cleanly as possible.