我正在使用在Pyramid App中开发RESTful API的资源策略。 http://cornice.readthedocs.io/en/latest/resources.html。但是,我找不到为API添加身份验证的示例。非常感谢任何指导。
答案 0 :(得分:1)
正如Antoine Leclair指出的那样,Cornice依赖金字塔。您必须在应用初始化期间启用授权和身份验证策略。例如(这里使用pyramid-jwt):
from pyramid.config import Configurator
from pyramid.authorization import ACLAuthorizationPolicy
def main():
config = Configurator()
# Pyramid requires an authorization policy to be active.
config.set_authorization_policy(ACLAuthorizationPolicy())
# Enable JWT authentication.
config.include('pyramid_jwt')
config.set_jwt_authentication_policy('secret')
您还可以通过继承pyramid.authentication中的内置金字塔类来创建自己的策略:
from pyramid.authentication import CallbackAuthenticationPolicy
from pyramid.interfaces import IAuthenticationPolicy
from zope.interface import implementer
@implementer(IAuthenticationPolicy)
class MyAuthenticationPolicy(CallbackAuthenticationPolicy):
def __init__(self, realm='Realm'):
self.realm = realm
def unauthenticated_userid(self, request):
user_id = self._get_credentials(request)
return user_id
def forget(self, request):
return [('WWW-Authenticate', 'MyAuth realm="%s"' % self.realm)]
def _get_credentials(self, request):
authorization = request.headers.get('Authorization', '')
# your own strategy...
# if valid: return user_id
# else return None
查看awesome-pyramid上的现有项目,看看您的需求是否已经存在......