All pastes #1195047 Raw Edit

featureserver authentication

public python v1 · immutable
#1195047 ·published 2008-09-05 18:26 UTC
rendered paste body
#!/usr/bin/pythonimport webfrom FeatureServer.Server import Serverfrom FeatureServer.DataSource.SQLite import SQLiteurls = ( '/logout',      'logout'        ,'/login',       'login'        ,'/(.*)',        'features')app = web.application(urls, globals())session = web.session.Session(app                , web.session.DiskStore('/tmp/sessions')                , initializer={'authorized': False})datasource    = SQLite('fsauth', file="/tmp/fsauth.sqlite")featureserver = Server({'fsauth': datasource })application = app.wsgifunc()class login(object):    """for a real app, save usernames, hashed pws in the db"""    def POST(self):        pw = web.input(password=None).password        user = web.input(user=None).user        if (user == 'abc' and pw == '123'):            session.authorized = True            return '[authorized]'        return '[NOT-authorized]'class logout(object):    def GET(self): session.kill()class features(object):    """all the featureserver routing"""    path = "/" + datasource.name + "/" # fsauth    format = "geojson"    def GET(self, feature_id=''):        if "." in feature_id:            feature_id, self.format = feature_id.split(".")        # get web.py parsed url        path = self.path + feature_id        data = dict(web.input().items())        data['format'] = self.format        format, rsp = featureserver.dispatchRequest(data, path, "", request_method="GET")        web.header('Content-type', format)        return rsp    def PUT(self, feature_id=None):        return self.POST(feature_id, "PUT")    def DELETE(self, feature_id=None):        if "." in feature_id:            feature_id, self.format = feature_id.split(".")        # cant delete unless authorized.        if not session.authorized:             web.header('Content-type', "text/plain")            return "not logged in"        path = self.path + feature_id        data = dict(web.input().items())        data['format'] = self.format        format, rsp = featureserver.dispatchRequest(data, path, "", request_method="DELETE")        web.header('Content-type', format)        return rsp    def POST(self, feature_id=None, method="POST"):        if feature_id is None: return []        if "." in feature_id:            feature_id, self.format = feature_id.split(".")        # must be an admin to do something with an existing feature.        if not session.authorized:            if not feature_id in ('new', 'create'):                return 'not logged in'        e = web.ctx.environ        post_data = e['wsgi.input'].read(int(e['CONTENT_LENGTH']))        path = self.path + feature_id        format, rsp = featureserver.dispatchRequest({'format':self.format}, path, "", post_data=post_data, request_method=method)        web.header('Content-type', format)        return rsp