Skip to content

ryananguiano/apistar-contrib

BranchesTags

Repository files navigation

API Star Contrib

Documentation Status Updates

Contrib packages to add on to API Star.

Features

  • CSRF Token Hook
  • Local Session Store (For Development)
  • Timezone Support
  • Redis Session Store

TODO

  • DB Session Store

Usage

Local Session Store (For Development)

from apistar import App, Route, http
from apistar_contrib.sessions import Session, SessionComponent, SessionHook, LocalMemorySessionStore


def use_session(session: Session, params: http.QueryParams):
    for key, value in params:
        session[key] = value
    return session.data


def clear_session(session: Session):
    session.clear()
    return session.data


routes = [
    Route('/', 'GET', use_session),
    Route('/clear', 'GET', clear_session),
]

app = App(
    routes=routes,
    components=[SessionComponent(LocalMemorySessionStore)],
    event_hooks=[SessionHook]
)

Redis Session Store

from apistar import App, Route, http
from apistar_contrib.sessions import Session, SessionComponent, SessionHook, RedisSessionStore


def use_session(session: Session, params: http.QueryParams):
    for key, value in params:
        session[key] = value
    return session.data


def clear_session(session: Session):
    session.clear()
    return session.data


routes = [
    Route('/', 'GET', use_session),
    Route('/clear', 'GET', clear_session),
]

app = App(
    routes=routes,
    components=[SessionComponent(RedisSessionStore, 'redis://localhost:6379/0')],
    event_hooks=[SessionHook]
)

CSRF Token

import os
from apistar import App, Route, http
from apistar_contrib.csrf import EnforceCsrfHook, rotate_token


def show_form():
    return app.render_template(
        'form.html',
        show_csrf=True,
    )


def show_no_csrf_form():
    return app.render_template(
        'form.html',
        show_csrf=False,
    )


def handle_form(request: http.Request):
    # You should rotate CSRF tokens after successful login/logout
    rotate_token(request)
    return app.render_template(
        'form.html',
        show_csrf=True,
        success=True,
    )


routes = [
    Route('/', 'GET', show_form),
    Route('/no_csrf', 'GET', show_no_csrf_form),
    Route('/handle', 'POST', handle_form),
]

BASE_DIR = os.path.dirname(__file__)
TEMPLATE_DIR = os.path.join(BASE_DIR, 'templates')

app = App(
    routes=routes,
    event_hooks=[EnforceCsrfHook],
    template_dir=TEMPLATE_DIR,
)
<!-- templates/form.html -->
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>CSRF Form</title>
</head>
<body>
    <ul>
        <li><a href="{{ reverse_url('show_form') }}">Form with CSRF</a></li>
        <li><a href="{{ reverse_url('show_no_csrf_form') }}">Form without CSRF</a></li>
    </ul>
    {% if success %}<h1>Successful POST</h1>{% endif %}
    <form action="{{ reverse_url('handle_form') }}" method="post">
        {% if show_csrf %} {{ csrf_token() }} {% endif %}
        <button type="submit">Submit form {% if show_csrf %}with{% else %}without{% endif %} CSRF</button>
    </form>
</body>
</html>

Credits

This package was created with Cookiecutter and the audreyr/cookiecutter-pypackage project template.

About

Extra batteries for API Star 0.4+

Resources

Readme

License

MIT license
Activity

Stars

4 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

6 tags

Packages

No packages published

Contributors 2

  •  
  •  

Languages