Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add proper API token usage #79

Merged
merged 2 commits into from
Aug 23, 2024
Merged

Add proper API token usage #79

merged 2 commits into from
Aug 23, 2024

Conversation

b-rowan
Copy link
Collaborator

@b-rowan b-rowan commented Aug 23, 2024
edited by easybe
Loading

Adds API tokens in authorization header, and allows setting secret_key to allows the tokens to persist across application restarts.

Closes #70
Closes #73

@b-rowan b-rowan requested a review from easybe August 23, 2024 01:26
easybe
easybe approved these changes Aug 23, 2024
View reviewed changes
Copy link
Collaborator

@easybe easybe left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Thank you very much!

goosebit/__init__.py
"name": "Apache 2.0",
"identifier": "Apache-2.0",
},
swagger_ui_parameters={"operationsSorter": "alpha"},
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Currently, we have Swagger UI (/docs) and ReDoc (/redoc). I think ReDoc looks quite nice but, doesn't seem to show the schemas. Anyway, I think we should decide on one and disable the other.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My preference is swagger, mainly because of the schemas as mentioned. I will try to put forward another PR soon that will customize the swagger UI a bit further, including the favicon, and I can remove redoc there.

@easybe
Copy link
Collaborator

easybe commented Aug 23, 2024
edited
Loading

How does one set a token for a user and pass it in an HTTP header? I would expect to find this information in the commit message body. You should really consider reading https://cbea.ms/git-commit/ 🙏

@easybe
Copy link
Collaborator

easybe commented Aug 23, 2024
edited
Loading

OK, got it. One gets the token by POSTing to /login. That works for me.

Still, would appreciate better commit messages.

@b-rowan
Copy link
Collaborator Author

b-rowan commented Aug 23, 2024
edited
Loading

OK, got it. One gets the token by POSTing to /login. That works for me.

Still, would appreciate better commit messages.

Also, along with the token query, you can also now set the secret in the settings file. This means that once you query the token it is static for any given user.

@b-rowan b-rowan merged commit 954f41e into master Aug 23, 2024
@b-rowan b-rowan deleted the dev_api_tokens branch August 23, 2024 14:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@easybe easybe easybe approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Session does not seem to be shared between gunicorn workers API access via token
2 participants
@b-rowan @easybe