Postman with Django REST and AngularJS - django

I have a Django REST framework API which is accessed with a AngularJS frontend.
If I had a Django App called models, I could simply request its data in Postman simply by sending a GET to the URL localhost:8000/models/.
But since everything is routed through AngularJS and every Django App has multiple Controllers, that doesn't work. The GET on localhost:8000/models/ returns just the index.html, the entry point of the AngularJS.
So how can I achieve to send GET, POST etc. to the API?
BTW: I managed to get an X-CSRFToken by sending POST to http://localhost:8000/api/auth/login/ with login and password keys ans values. That URL was included in the Django Projects urls.py as urlpatterns.
No such urlpattern for the App models, or any other Django App, though.

Related

Using Browser Router in react-router-dom with Django backend

I'm building an application that uses React as front-end and Django Rest as back-end.
From front-end, I'm using react-router-dom for declarative routing and Django only serves API
So when user enters an URL like this https://myapp.com/something/something-else, it's actually handle by Django and it will return an error since Django doesn't know which page to lead to with this URL. It should be handled by React instead.
One of the workaround I have is to use a Hash Router, so the URL will look like this (with the hash symbol): https://myapp.com/#/something/something-else
But there have been cases where user will just key the URL without the hash sign (as they didn't know).
Is there away to handle this without using Hash Router?
I can't say exactly because you haven't provided code, or an explanation of your project structure.
How are you doing a hash-router? If you have Django serving a single HTML file, then you should be able to edit your urls.py to pass any URLs that don't match the api to the same page.
As an example, I have a Django website with a Preact frontend, and I have Preact files that are built into static .js files, which are then served by Apache. Django does all URL routing and serves HTML files, which then request the Preact JS files from Apache.

CSRF protection for Django and Angular application

I have an application with Django in backend and Angular in frontend. I am serving the application through Django. I want to write an API in django to perform edit on Angular form. For now I have written the API using #csrf exempt decorator on top of the view. But now I want to remove #csrf exempt decorator and want to protect it from csrf.
How to proceed for this.

Django Authentication and ReactJS Templates

I have an existing login template served by django templates and it has no react components at all. I have recently integrated ReactJS and have created some routes and components and pages that are completely react. Now I am wondering how to get a user to login through the django template and then be redirected to the ReactJS page afterwards and pass on all the authentication/user information to ReactJS as well.
In Django, I am using the session authentication middleware.
I have done that just allowing an open url to my component something like ".../app/*". But this inside a template in Django as a bundle. What I do is to bind the view with that with LogginRequired from django-brases. So, if I want to se my app, I have to be authenticated. I hope this could help you.

Check django user outside django

I have one django app and few small Flask webservices.
In Flask apps I need to validate if the client logged in Django app and grab his pk if possible.
It seems to be possible by taking session ID from a cookie and manually looking into session storage, but I am looking for some less low-level solution.
You need to build a REST api to do that. In the api on the django side you would query the user by whatever criteria you provided and return user.is_authenticated() and user.pk. Take a look at django-rest-framework or tastypie. Then on Flask app you just hit the api and you are done.

Using Django Rest Framework for only certain apps inside Django Application

I'm not sure if this is possible since an extensive search gave me nothing. Or I might be searching the wrong terms.
Now I have a few apps inside my Django application as follows:
--AppOne
--AppTwo
--ExtendedAdmin
manage.py
Now, AppOne and AppTwo use Django Rest Framework and its related Token Auth Mechanism. For the extendedAdmin, I'd like to use native Django Auth or even SessionAuth of DRF since I'm trying to add quite an extensive admin panel to the application. I've not been able to find a satisfactory way of customizing Django Rest Framework to work it's auth mechanisms only for certain applications. Is there a way to do this? If not, what should I be doing different?
So far, I know you cannot. Because django rest framework intercepts the url and then performs its own logic of token validation. But there are solutions that you can use to keep both Session and Token Authentication.
I am using this for all my projects -
I keep Session Authentication for all urls that will be accessed for normal browsing
and I use api urls with django rest framework to be prefixed with /api for my api urls
For example -
The Session Based login is at http://<host>/account/login
and TokenBased login is at http://<host>/api/account/login
The easiest way to make prefixed url for django rest framework is by using Routers - http://www.django-rest-framework.org/api-guide/routers/#defaultrouter
Example -
class UserViewSet(ModelViewSet): # just a sample view set
...
router = routers.SimpleRouter()
router.register(r'api/users', UserViewSet)