So having trouble finding documentation or tutorials on this. We're at the starts of a project using Python (Django) and are putting together a couple of proof-of-concept functions.
I'm trying to use the googleads python library to authenticate with the adwords api. Currently though, I can only find examples that pull the adwords credentials from local storage:
adwords.AdWordsClient.LoadFromStorage()
The problem is, we'll be storing api keys and the likes in the database as multiple adwords managers may be utilizing the tool. As such, it's not ideal to store the credentials in a static file (it looks like the credentials for loadfromstorage are stored in a yaml file, though I'm having a bit of trouble finding details even on that).
Does anyone have a good example of setting up an adwords client "on the fly", knowing the api key and generating other items as needed.
Let me know y'alls thoughts.
Thanks!
the long version is here here
tl;dr
#in case you need proxy to access the internet
prxx = common.ProxyConfig.Proxy(YOUR_PROXY_HOST, YOUR_PROXY_PORT )
proxy_config = common.ProxyConfig(http_proxy=prxx,https_proxy=prxx,disable_certificate_validation=True)
#init oauth refresh token client
oauth_client = oauth2.GoogleRefreshTokenClient(client_id=YOUR_GOOGLE_CLIENT_ID, client_secret=YOUR_GOOGLE_CLIENT_SECRET,refresh_token=YOUR_GOOGLE_REFRESH_TOKEN, proxy_config=proxy_config )
#adwords client
adwords_client = adwords.AdWordsClient(YOUR_DEVELOPER_TOKEN,oauth_client, user_agent=YOUR_USER_AGENT, client_customer_id=YOUR_CLIENT_CUSTOMER_ID, proxy_config=proxy_config)
Related
I decided to learn such a technology as GraphQL. For this, I came up with an application (I develop it on ReactNative), a python backend (django-graphene). How the client chose Apollo. I set everything up, everything works, I even did a part already. And here I needed to upload a profile photo. The problem is that I haven't found a way to do this. I used to use the REST API and the client was axios. So I just took the FormData and passed it. Accordingly, the backend accepted and saved as usual. And here I don't even know where to start. I found the apollo-upload-client package, but I didn't find how to integrate it into ReactNative (more precisely, there is a description there, but I didn't understand how to use it correctly). I do it like this:
const fileSubstitute = {
uri: uriFromCameraRoll,
name: "a.jpg",
type: "image/jpeg",
};
I found graphene-file-upload for the backend, it seems to see my files, but I don't know how to save them (by the way, I can transfer the file without apollo-upload-client).
I really like GraphQL, but uploading files is a big deal. If I don't solve it, I will be forced abandon this technology.
P.S. I didn't find any information on how to upload files via GraphQL at all. Maybe it is necessary to work with files in a different way? I will be grateful for any help
Firstly sorry if this question has been asked before but I'm a novice so even if it has I'm unaware of the language I'd even use to try and seek it out.
I'm beginning to learn about REST API's and it got me thinking. Is it possible to load the JSON response directly from the API server into the user's browser and bypass your own server?
Imagine you have say a Django app running on a server that accesses email messages from Outlook.com using the graph API.
I assume an ordinary flow would go something like:
User request->your server->graph api-> your server-> user browser.
It seems like a waste for it to hit your server that second time before it goes on to be presented to the user's browser.
Is there a way the Django app can render a template and effectively tell the browser "expect some data from X source, and place it in y location in this template"?
You could do that with javascript. You'd have to include either a script tag in your template, or create and include some static javascript files with the code.
I'd recommend learning and using the jQuery javascript library, as it makes what you're talking about much easier to implement. Research ajax requests, those are what you'll need to make requests directly to another server, bypassing your own
I am currently building a simple django app to serve basic models to an Android client. I'm using Tastypie as webservice, and I would like (well.. I need to) to implement a minimal security process as follow :
Hardcode the secret key in the Android app. Done.
Request via http GET the data I want, with the secret key as parameter. Done
Make the tastypie check this key in the requests made to django by the android app. ?..
I guess it is a fairly easy thing to do but I'm currently learning Django / Python etc and I haven't figured out what to make of the tastypie docs on this particular topic :
http://django-tastypie.readthedocs.org/en/latest/authentication_authorization.html
FYI, I'd rather not have this key user-generated for the simple reason I did not understand how it would work. Tastypie says it can generate an api key upon user creation, but what then ? How does the app get this key ?
Thank you very much for your help !
I suggest you look at django middleware. I'm assuming you're passing the key through in the request (I'd do it in the request header). The middleware should simply check for the existance of this key, and if it exists, let the request through, otherwise return a 403.
I am building a system that allows users to generate a documents and then download them. The documents are PDFs (not that it matters for the sake of this question) and when they are generated I store them on my local file system that the web server is running on with uuid file names
c7d43358-7532-4812-b828-b10b26694f0f.pdf
but I know "security through obscurity" is not the right solution ...
I want to restrict access to they files on a per account basis if possible. One thing I think I could do is upload them to S3 and provide a signed URL, but I want to avoid that for now if possible.
I am using Nginx/Django/Gunicorn/EC2/S3
What are some other solutions?
If you are serving small files, you can indeed use Django to serve them directly, writing the file into the HttpResponse object.
If you're serving large files however, you might want to leave that task to your webserver, you can use the X-Accel-Redirect header on Nginx (and X-Sendfile for Apache & Lighttpd) to have your webserver serve the file for you.
You can find more information about the header itself in Nginx's documentation here, and you could find some inspiration as to how to use that in Django here.
Once you're done sending files through Django views, enforcing user authentication should be pretty straightfoward using Django's auth framework.
How about enforcing user==owner at the view level, preventing access to the files, storing them as FileFields, and only retrieving the file if that condition is met.
e.g. You could use the #login_required decorator on the view to allow access only if logged in. This could be refined using request.user to check against the owner of the file. The User Auth section of the Django documentation is likely to be helpful here.
The other option, as you mention is via S3 itself, generating urls within Django which have a querystring allowing an authenticated user access to download a particular s3 object with a time limit. Details on that can be found at the s3 documentation. A similar question has been asked before here on SO.
I've used django-private-files with great success, it enforces protection at the view level and uses differente backends to do the actual file transfer.
Ok, I know that serving media files through Django is a not recommended. However, I'm in a situation where I'd like to serve "static" files using fine-grained access control through Django models.
Example: I want to serve my movie library to myself over the web. I'm often travelling and I'd like to be able to view any of my movies wherever I am, provided I have internet access. So I rip my DVDs, upload them to my server and build this simple Django application coupled with some embeddable video player.
To avoid any legal repercussions, I'd like to ensure that only logged-on users with the proper permissions (i.e. myself and people living in the same household, which can, like me, access the real DVDs at their convenience), but denies it to other users (i.e. people who posted comments on my blog) and returns an HTTP 404.
Now, serving these files directly using Apache and mod_wsgi is rather troublesome because when an HTTP request for the media files (i.e. http://video.mywebsite.com/my-favorite-movie/) comes in, I need to validate against my user database that the person at the other end has the proper permissions.
Question: can I achieve this effect without serving the media files directly through a Django view? What are my options?
One thing I did think of is to write a simple script that takes a session ID and a video's slug and returns some boolean indicating if the user may (or may not) access the video file. Then, somehow request mod_wsgi to execute this script before accessing the requested URL and return an HTTP 404 if the script failed. However, I don't have a clue if this is even possible.
Edit: Posting this question clarified some of my ideas for search and I've come across mod_python's file wrapper extension. Does anyone have enough experience with that to validate that it is a viable solution?
Yes, you can hook into Django's authentication from Apache. See this how-to:
Authenticating against Django’s user database from Apache