[Mailman-Developers] GSOC - Seeking insight on Authenticated RESTful APIs

Rahul Gaur rahul.nbg at gmail.com
Sun May 5 21:19:42 CEST 2013 

Hi all ,

I have applied for the project mentioned on the ideas page *Authenticated
REST-API in Postorius/Django - *[0]
So as per the Project idea, I have been doing some research on my end
figuring out what would be the best way to achieve this.
Since Postorius is based on Django , I have been trying Django specific
solutions to serve the functionality currently offered by the Postorius
web interface in the form of RESTful API's.
As of now , I have been working on two different Django based frameworks to
build RESTful APIs.

1. Django-REST-Framework

2. Django-Tastypie

Initially , I was familiar with tastypie and I was strongly considering to
use Tastypie only for this project. However after some advice from Richard
, I am trying  to be more flexible and I am trying to evaluate both the
frameworks separately.

At the moment I am going through Tastypie Documentation and resources , as
I am yet to figure out how to use it with Non-ORM data resources precisely
how to integrate it into postorius so I can serve the APIs .
I would be glad , if I could get some more help on this.

Secondly with the django-rest-framework , I tried certain approach [2]
which firstly helped me in integrating the data served by the Mailman Core
REST server and relay it via HTTP using the django-rest-framework.

I don't know if this is the right approach to the project , but let me try
to explain :
Since Django-rest-framework has following concept :
It provides serializers to convert complex data into python native data
type and which could be easily rendered into json.
Then these data sets could be structured and served with the class based
views.
So lets say if I want to GET  localhost:8001/
postorius/settings/domains/index
I tried took the following approach :
# Serializer

class MailmanSerializer(serializers.Serializer):
    mail_host = serializers.CharField(max_length=200)
    url_host = serializers.CharField(max_length=200)
    contact_add = serializers.CharField(max_length=200)
    description = serializers.CharField(max_length=200)


# model
class MailmanObject(object):
    def __init__(self, field ,field2 , field3, field4):
        self.mail_host = field
        self.url_host = field2
        self.contact_add = field3
        self.description = field4


And my Views is something like this :

#Views
class ApiView(generics.ListCreateAPIView):

    serializer_class = MailmanSerializer

    def all(self, request, *args, **kwargs):
        dict = []
        dictb  = []
        dictc = []
        dictd = []
        for i in client.domains:

            dictc.append(i.mail_host)
            dict.append(i.base_url)
            dictb.append(i.contact_address)
            dictd.append(i.description)
            listObj = MailmanObject(field=dictc,field2= dict,field3=dictb,
field4=dictd)
        serializer = self.serializer_class(listObj)
        return Response(serializer.data)


and when I make
curl -X GET http://127.0.0.1:8000/postorius/api/settings/domains/index/<http://127.0.0.1:8000/postorius/api/settings/domains/index/>


*HTTP 200 OK* *Vary:* Accept *Content-Type:* text/html *Allow:* HEAD, GET,
POST, OPTIONS

{"mail_host":["aregee.com","rahulgaur.info"],"url_host":["aregee.net","rahulgaur.net"],"contact_add":["postmaster at aregee.com","postmaster at rahulgaur.info"],"description":["mail
list","mail_list"]}


Please let me know If I am working in the right direction and also do point
out what are the things I have been overlooking in my approach.
I can also use some help in evaluating which of the two frameworks would be
suitable for the project.
I would be glad if I can more insight on what are the technicals skills I
need to focus and some reading recommendations for gaining better insight
to complete this project successfully.
I am also reading  Leonard Richardson's and Sam Ruby's O'Reilly book on
RESTful Web Services as recommended by Barry.

Now about the authentication part , what would be the best possible
solution for providing authentication ?
There have been  lot of debate on this topic already , I don't want to add
more complexities but I would like to know what would be the most workable
way of providing authentication for the starters.Maybe we can consider a
different approach over the summer.

Also there has been a discussion on "Architecture for extra profile info" ,
wouldn't this feature would be helpful in providing specific set of
permission for what part of data can be accessed by authenticated API users
?

Would it be more along the lines that any authenticated restful api user
would be able to access all the resources offered by public facing RESTful
API ?

Another thing I have been considering , what would be the end deliverables
of this project , what I mean to say is will the Public facing RESTful API
be offering functionality currently possible with postorius via RESTful
APIs or it should also include more features ?


*Stephen Turnbull* May 2, 2013, 7:23
p.m.<http://www.google-melange.com/gsoc/proposal/review/google/gsoc2013/argee/26002#c42002>
>
> This proposal is very complete.  It will take some time to evaluate the
> proposal as a whole.  But I am still concerned that the proposal seems to
> propose a new API to be offered by Postorius.  Postorius is already
> designed as a client of the core REST API, it seems to me that it would be
> more useful to improve the core API rather than relay via Postorius into a
> new API.
>

Steve mentioned the following on melange , maybe we can discuss more on
this.
As I have already mentioned , I based my proposal upon the idea of
introducing the authenticated public facing RESTful API's in Postorius so
most of my approach has been Django centric.
I have just done with my college practicals and end semester exams would
commence from 17th of may up till 31st of may and I would have lot of free
time after that.
I can still dedicate a week and look into this topic , if this is the
actual requirement of the project rather than relaying the core api via
postorius into a new api.



Thanks & Regards,

Rahul



-------------------------------------------------------------------------------------------------------
*Rahul Gaur*
*irc : iamaregee2*
*web: *http://www.rahulgaur.info*
*
*blogs : *aregee.wordpress.com ,  <http://sanencynicalwriter.wordpress.com/>
http://sanencynicalwriter.wordpress.com/
*fb:* http://facebook.com/iamaregee
*github: *https://github.com/aregee

More information about the Mailman-Developers mailing list