Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Archery Restful API #1475

Merged
merged 8 commits into from
Apr 24, 2022
Merged

Archery Restful API #1475

merged 8 commits into from
Apr 24, 2022

Conversation

nick2wang
Copy link
Collaborator

@nick2wang nick2wang commented Apr 20, 2022

fix #354

目前支持的接口:

  1. 用户/用户组/资源组CRUD
  2. 实例CRUD/实例资源
  3. SQL上线工单清单/SQL检查/提交SQL上线工单/待审核清单/审核工单/执行工单/工单日志

Restful API框架: django-rest-framework
JWT验证:djangorestframework-simplejwt
OpenAPI swagger:drf-spectacular

OpenAPI swagger-ui:
http://archeryhost:9123/api/swagger/
image

image

redoc:
http://archeryhost:9123/api/redoc/
image

使用:

  1. 设置token lifetime
    access_token lifetime: settings.SIMPLE_JWT['ACCESS_TOKEN_LIFETIME']
    refresh_token lifetime: settings.SIMPLE_JWT['REFRESH_TOKEN_LIFETIME']

  2. 配置API_USER_WHITELIST,将API账号添加至白名单

  3. 使用API账号获取token

curl \
  -X POST \
  -H "Content-Type: application/json" \
  -d '{"username": "archery_api_user", "password": "archery_api_user_password"}' \
  http://archeryhost:9123/api/token/

Responses:
{
    "refresh": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0b2tlbl90eXBlIjoicmVmcmVzaCIsImV4cCI6MTY1MjU5ODA3OCwiaWF0IjoxNjUwMDA2MDc4LCJqdGkiOiIwMjM3MjA5ZTBiY2U0ZThmYjI1MTI3ZTU3NDU3NDZjMSIsInVzZXJfaWQiOjI1fQ.iQZP1-lvtgV84KmwI-eq5WyhMI4Yj9jLiVO1QpyFXWc",
    "access": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiZXhwIjoxNjUyNTk4MDc4LCJpYXQiOjE2NTAwMDYwNzgsImp0aSI6IjYwMTBjYzNlMmI4NjQxNjA4MWFmMzEyNzdhYjQ0M2RmIiwidXNlcl9pZCI6MjV9.el6V4MbJmJZF_rclDwrOEbi1rpMcCVAmRAPfmPeflwU"
}
  1. 使用access_token请求业务接口
curl \
  -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiZXhwIjoxNjUyNTk4MDc4LCJpYXQiOjE2NTAwMDYwNzgsImp0aSI6IjYwMTBjYzNlMmI4NjQxNjA4MWFmMzEyNzdhYjQ0M2RmIiwidXNlcl9pZCI6MjV9.el6V4MbJmJZF_rclDwrOEbi1rpMcCVAmRAPfmPeflwU" \
  http://archeryhost:9123/api/xxx/
  1. 使用refresh_token刷新token
curl \
  -X POST \
  -H "Content-Type: application/json" \
  -d '{"refresh":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0b2tlbl90eXBlIjoicmVmcmVzaCIsImV4cCI6MTY1MjU5ODA3OCwiaWF0IjoxNjUwMDA2MDc4LCJqdGkiOiIwMjM3MjA5ZTBiY2U0ZThmYjI1MTI3ZTU3NDU3NDZjMSIsInVzZXJfaWQiOjI1fQ.iQZP1-lvtgV84KmwI-eq5WyhMI4Yj9jLiVO1QpyFXWc"}' \
  http://archeryhost:9123/api/token/refresh/

@codecov
Copy link

codecov bot commented Apr 20, 2022

Codecov Report

Merging #1475 (3e6690c) into master (ce05f31) will increase coverage by 0.53%.
The diff coverage is 81.91%.

@@            Coverage Diff             @@
##           master    #1475      +/-   ##
==========================================
+ Coverage   74.89%   75.43%   +0.53%     
==========================================
  Files          83       91       +8     
  Lines       13432    14431     +999     
==========================================
+ Hits        10060    10886     +826     
- Misses       3372     3545     +173     
Impacted Files Coverage Δ
sql/models.py 96.48% <ø> (+0.83%) ⬆️
sql/urls.py 100.00% <ø> (ø)
sql/user.py 58.33% <58.33%> (ø)
sql_api/api_workflow.py 65.51% <65.51%> (ø)
sql_api/api_instance.py 69.49% <69.49%> (ø)
sql_api/serializers.py 81.46% <81.46%> (ø)
sql_api/api_user.py 90.32% <90.32%> (ø)
common/middleware/check_login_middleware.py 100.00% <100.00%> (ø)
sql_api/filters.py 100.00% <100.00%> (ø)
sql_api/pagination.py 100.00% <100.00%> (ø)
... and 6 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update ce05f31...3e6690c. Read the comment docs.

@LeoQuote

This comment was marked as outdated.

@LeoQuote
Copy link
Collaborator

太强了, 这是在里面实现了一个 oauth 吗?

@nick2wang
Copy link
Collaborator Author

太强了, 这是在里面实现了一个 oauth 吗?

oauth要实现有点繁重,所以用了现成的simplejwt,不用建表

@LeoQuote
Copy link
Collaborator

有没有办法直接开放所有人生成API key ? 你觉得会有这个需求吗

@nick2wang
Copy link
Collaborator Author

nick2wang commented Apr 21, 2022

有没有办法直接开放所有人生成API key ? 你觉得会有这个需求吗

权限类IsInUserWhitelist目前是我自定义的限定白名单用户,这里如果配置成内置的rest_framework.permissions.IsAuthenticated就可以实现所有人用户授权(内置的还有AllowAny、IsAdminUser等),如果要定制权限只要稍加修改sql_api/permissions.py
https://github.com/nick2wang/Archery/blob/c7214afc8f10e833a37c9961e39fecace7b86f58/archery/settings.py#L186

@nick2wang
Copy link
Collaborator Author

默认所有用户都可以获取token,不过只有授权的用户可以请求业务接口,当前配置是全局使用一个权限类,也可以对每个接口应用不同的权限类

LeoQuote
LeoQuote previously approved these changes Apr 22, 2022
Copy link
Collaborator

@LeoQuote LeoQuote left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@LeoQuote
Copy link
Collaborator

如果archery 自己的前端想用 api 应该怎么做改造?

@nick2wang
Copy link
Collaborator Author

nick2wang commented Apr 22, 2022

如果archery 自己的前端想用 api 应该怎么做改造?

用户登录archery前端时让后端生成一个token返回存储在前端,前端每次调用业务接口时把token添加到header里?或者api同时启用jwt和session认证?

@nick2wang
Copy link
Collaborator Author

使用session鉴权post api时同样需要csrftoken,这样archery前端使用api时就不需要做额外处理,也不需要关注token的lifetime问题,内部调用api使用session,外部调用使用jwt

Copy link
Collaborator

@LeoQuote LeoQuote left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

方便对接其他程序,内部的系统也可以慢慢迁到api

@hhyo hhyo merged commit a952075 into hhyo:master Apr 24, 2022
@hhyo
Copy link
Owner

hhyo commented Apr 24, 2022

已合并,可以更新下wiki文档

@nick2wang
Copy link
Collaborator Author

已合并,可以更新下wiki文档

wiki已更新

@dc-vin
Copy link

dc-vin commented Aug 24, 2022

API字段没有详细描述,比如errlevel有几个等级,需要我去一个一个尝试,希望文档能得到补充

@dc-vin
Copy link

dc-vin commented Aug 24, 2022

fix #354

目前支持的接口:

  1. 用户/用户组/资源组CRUD
  2. 实例CRUD/实例资源
  3. SQL上线工单清单/SQL检查/提交SQL上线工单/待审核清单/审核工单/执行工单/工单日志

Restful API框架: django-rest-framework JWT验证:djangorestframework-simplejwt OpenAPI swagger:drf-spectacular

OpenAPI swagger-ui: http://archeryhost:9123/api/swagger/ image

image

redoc: http://archeryhost:9123/api/redoc/ image

使用:

  1. 设置token lifetime
    access_token lifetime: settings.SIMPLE_JWT['ACCESS_TOKEN_LIFETIME']
    refresh_token lifetime: settings.SIMPLE_JWT['REFRESH_TOKEN_LIFETIME']
  2. 配置API_USER_WHITELIST,将API账号添加至白名单
  3. 使用API账号获取token
curl \
  -X POST \
  -H "Content-Type: application/json" \
  -d '{"username": "archery_api_user", "password": "archery_api_user_password"}' \
  http://archeryhost:9123/api/token/

Responses:
{
    "refresh": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0b2tlbl90eXBlIjoicmVmcmVzaCIsImV4cCI6MTY1MjU5ODA3OCwiaWF0IjoxNjUwMDA2MDc4LCJqdGkiOiIwMjM3MjA5ZTBiY2U0ZThmYjI1MTI3ZTU3NDU3NDZjMSIsInVzZXJfaWQiOjI1fQ.iQZP1-lvtgV84KmwI-eq5WyhMI4Yj9jLiVO1QpyFXWc",
    "access": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiZXhwIjoxNjUyNTk4MDc4LCJpYXQiOjE2NTAwMDYwNzgsImp0aSI6IjYwMTBjYzNlMmI4NjQxNjA4MWFmMzEyNzdhYjQ0M2RmIiwidXNlcl9pZCI6MjV9.el6V4MbJmJZF_rclDwrOEbi1rpMcCVAmRAPfmPeflwU"
}
  1. 使用access_token请求业务接口
curl \
  -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiZXhwIjoxNjUyNTk4MDc4LCJpYXQiOjE2NTAwMDYwNzgsImp0aSI6IjYwMTBjYzNlMmI4NjQxNjA4MWFmMzEyNzdhYjQ0M2RmIiwidXNlcl9pZCI6MjV9.el6V4MbJmJZF_rclDwrOEbi1rpMcCVAmRAPfmPeflwU" \
  http://archeryhost:9123/api/xxx/
  1. 使用refresh_token刷新token
curl \
  -X POST \
  -H "Content-Type: application/json" \
  -d '{"refresh":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0b2tlbl90eXBlIjoicmVmcmVzaCIsImV4cCI6MTY1MjU5ODA3OCwiaWF0IjoxNjUwMDA2MDc4LCJqdGkiOiIwMjM3MjA5ZTBiY2U0ZThmYjI1MTI3ZTU3NDU3NDZjMSIsInVzZXJfaWQiOjI1fQ.iQZP1-lvtgV84KmwI-eq5WyhMI4Yj9jLiVO1QpyFXWc"}' \
  http://archeryhost:9123/api/token/refresh/

/api/auth/token/verify/ 这个接口校验token是否有效,如果token有效返回的是一个空对象,我觉得返回一个状态码更好。基于API做处理也会更简单

@LeoQuote
Copy link
Collaborator

你好, 欢迎你提出新的 issue , 本pr 已经 merge, 讨论已经结束了, 另外你所说的改进项欢迎 pr

@iszhangsc
Copy link

我需要调用API接口,请问一下这两个步骤在哪里这只我没有找到。
1.设置token lifetime
access_token lifetime: settings.SIMPLE_JWT['ACCESS_TOKEN_LIFETIME']
refresh_token lifetime: settings.SIMPLE_JWT['REFRESH_TOKEN_LIFETIME']
2.配置API_USER_WHITELIST,将API账号添加至白名单

Repository owner locked as resolved and limited conversation to collaborators Mar 29, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
5 participants