Django

479 readers

1 users here now

Django Project

Django Project, the web framework for perfectionists with deadlines
Django Code of Conduct
Django Documentation
Django Blog/News
Support Django

Django Community

Discord
Unofficial Django Discord
Project forum
StackOverflow
#django IRC Channel
Django Users mailing list
Django Developers mailing list
Jazzband, a community maintaining Python projects
Django Commons, organization dedicated to supporting the community's efforts to maintain packages
Djangonaut Space

Django Ecosystem

Jobs

Learning/Docs

Podcasts:

Related Fediverse communities

#django on Mastodon
c/Python on programming.dev
c/PostgreSQL on programming.dev

Feeds

founded 2 years ago

MODERATORS

[email protected]

how to put a set of endpoints under an auth like restriction? (feddit.org)

submitted 1 week ago by [email protected] to c/[email protected]

3 comments fedilink hide all child comments

i'm completely new to the django eco system, coming from flask.

what i want (and don't know how to accomplish) is to put some restrictions to a set of urls: x/<uuid>/images x/<uuid>/imageupload and others should only work, if uuid can be found in the database and is still valid.

in flask i would probably use a blueprint, but this concept does not seem to exist in django, right?

what i like about the blueprint concept is, that it's not possible to add a url under the x/<uuid> "namespace" and forgetting about the auth mechanism, as this is handled for all urls in the blueprint.

how would you handle this in django?

i've already learned about apps and a custom middleware, but this looks quite complicated on first sight? as the middleware always intercepts all requests, and i would have to check on my own if this is a request to x/<uuid>?

i've also looked at existing apps, and django-rq uses the statt_member_required decorator for each view. i will probably build something like that, but i would be more confident if i could apply this to the whole app, instead of having to decorate each function.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 4 points 1 week ago* (last edited 1 week ago) (1 children)

In django you will typically define the url pattern with uuid being a keyword path parameter, and in the view code you can use get_object_or_404(Model, uuid=kwargs['uuid']). This way the user will see a standard 404 page if they attempt to view a page with uuid that does not exist.

Of course, if you use class based views, you can extend detail view based off uuid, and the base class with handle the 404 page for you, so there'll be no need for get_object_or_404. I am assuming you will want to use class based views for this so you can extract the common functionality into a base class or a mixin and reuse it in a number of views.

EDIT: I may have misunderstood the question wrong originaly. It looks like you want to bypass authentication for a subset of urls (or views). Authentication is not required by default in django, you can add LoginRequiredMixin (or a decorator) to your view, so not including the mixin would be a way to bypass the login requirement. Do you want to share relevant parts of your code for better suited advice?

[–] [email protected] 2 points 1 week ago (1 children)

thanks for the fast answer!i think you understood it correctly. i want a public page, but certain things should only be accessed when you created a session/uuid beforehand.

class based views sound interesting. will probably use this. thanks again.

i have to think about, if i can tolerate the uuid being a query parameter of the url... somehow i like the uuid being part of the url better.

never the less. thanks a lot!

[–] [email protected] 3 points 1 week ago

yeah it should definitely be part a of the url. It will be if you define a parametrized url. More details in the documentation https://docs.djangoproject.com/en/5.1/topics/http/urls/#url-dispatcher