First working API implementation #51
Conversation
|
Now that SnapPass supports multi-line passwords/secrets, I don't know the best way to handle that when POSTing via curl. |
There was a problem hiding this comment.
I think the error handling could use a rethink. Flask has a nice errorhandle system that delegates error response building to registered functions. That way, the view functions can just abort(status_code).
snappass/main.py
Outdated
| @@ -6,7 +6,7 @@ | |||
| import redis | |||
| from redis.exceptions import ConnectionError | |||
|
|
|||
| from flask import abort, Flask, render_template, request | |||
| from flask import abort, Flask, render_template, request, jsonify | |||
There was a problem hiding this comment.
Can we retain the alphabetized order?
snappass/main.py
Outdated
| resp = jsonify(data) | ||
| resp.status_code = 200 | ||
|
|
||
| return resp |
There was a problem hiding this comment.
You can just do:
return jsonify(data)... because the response defaults to 200.
snappass/main.py
Outdated
| if NO_SSL: | ||
| base_url = request.url_root | ||
| else: | ||
| base_url = request.url_root.replace("http://", "https://") |
There was a problem hiding this comment.
These four lines are repeated in multiple endpoint functions. Can we factor them into a common make_base_url() function?
Alternatively, we could just require flask-sslify, which would move this concern out of snappass.
snappass/main.py
Outdated
| @@ -90,12 +90,53 @@ def request_is_valid(request): | |||
| """ | |||
| return not SNEAKY_USER_AGENTS_RE.search(request.headers.get('User-Agent', '')) | |||
|
|
|||
| def not_found_api(error=None): | |||
There was a problem hiding this comment.
The error parameter doesn't appear to be passed or used in any code paths.
snappass/main.py
Outdated
| resp = jsonify(message) | ||
| resp.status_code = 404 | ||
|
|
||
| return resp |
There was a problem hiding this comment.
Flask has a nice shortcut for this pattern:
return make_response(jsonify(message), 404)
|
I'm working on applying your suggested fixes. Is there a way to not have the abort() function output HTML? |
Yes, that's where the @app.errorhandler(404)
def not_found(error):
message = {
'status': error.status_code,
'message': 'Not Found: ' + request.url,
}
return make_response(jsonify(message), error.status_code) |
|
Hey just letting you know this is not dead. I just need to find a little time to review it, probably in the next week or so! |
|
Hey @nichochar, no problem! No rush at all. I haven't had a chance to dive back into this yet. |
|
Any progress on this one? |
|
Any progress on this getting rolled into the main build? |
snappass/main.py
Outdated
| if not len(password) > 0: | ||
| return bad_request_api() | ||
| else: | ||
| return bad_request_api() |
There was a problem hiding this comment.
Pretty complex logic here. How about something like :
password = payload.get('password', None)
if not password: #edit: not need to check len since empty strings are falsy
return bad_request_api()
snappass/main.py
Outdated
| ttl = time_conversion[time_period] | ||
| else: | ||
| # Set ttl to one week if not specified in the JSON | ||
| ttl = 604800 |
There was a problem hiding this comment.
same here, could do time_period = payload.get('ttl', 'week').lower()
snappass/main.py
Outdated
| base_url = make_base_url() | ||
|
|
||
| return "Generate a password share link with the following command: \n\n" \ | ||
| "curl -X POST -d \'{\"password\":\"password-here\",\"ttl\":\"week | day | hour\"}\' -H \"Content-Type:application/json\" " + base_url + "api\n" |
There was a problem hiding this comment.
Minor: using single quotes to quote the string would allow to put unescaped double quotes in it. Makes it easier to read. 'curl -X POST -d \'{"password":"password-here","ttl":"week | day | hour"}\' -H ...'
Deprecate support for py26 and py33
Quote url to fix equal sign breaking outlook clients
|
Looking back at this, it looks pretty good. One thing that is missing that I'd love to see is some tests. I think that with a rebase and some tsts we can pull it in @jameswthorne. Let me know if you're still interested in contributing, we've been a little slow to respond! If not I'll take this over and push it through, since I think an API is a good idea. |
Remove support for py26 and py33 from readme
Since Python 2.6 support was dropped, we can use all these: https://docs.python.org/2/library/unittest.html#assert-methods
This ensures the failure message, if any, is reflective of the intended value.
…ests Enhancement/modernize tests
|
Hey @nichochar It's been sometime since I've looked over the code. I will try and find sometime this week to rebase and review. |
|
Awesome thanks @jameswthorne. Let me know if this is hard for you and I'm happy to commandeer the PR, it's up to you! |
Add hiring plug in readme
Changed cryptography requirement to >= because of install issues
|
I rebased from the latest master and incorporated suggested fixes from @coyotwill. I still need to incorporate the necessary tests. |
|
How life gets in the way. I'm planning on rebasing from master and writing the tests this month. |
|
Came here looking for an API for SnapPass. Any progress on getting this baked in? Thank you. |
|
Was hoping there would be an update to this, but it seems the PR author has gone silent. Would be great if somebody could pick this back up. |
The API implementation from jameswthorne (https://github.com/jameswthorne) has been re-imported into the latest version of snappass. Pull request from jameswthorne can be found here: pinterest#51
|
I have no plans to revisit this PR. Someone else please feel free to adapt my code. Closing. |
This is my attempt at adding an API to SnapPass. I used this implementation about 8 months ago when I needed to generate a lot of SnapPass URLs for a project at my previous employer.
It was previously mentioned by one of the maintainers they wanted to keep apart the web form code and any API code. This doesn't currently do that, but I am interested in discussing the appropriate way to do that.