I'm new to python and I am sure there's a better way to do this. For my specific issue I have stored an API key. I've given the user means to send an argument with a new API key if needed. Otherwise the argument is set as False. So if the user sends an API key, I first want to find out if it's different from the one I already have. And if it is different I then want to update it in my secret manager.
There's one addtl layer of possible complication. It's a header in a webhook.
So I'm writing an if function but it feels very inelegant. This is what I currently have written. I'm also using Flask, hence request.
This is my code:
if request.headers['x-api-key'] and request.headers['x-api-key'] not in stored_api_key:
# do something
Would love to know how I should be writing this. Thank you.
Flask's request.headers acts like a dictionary, and so if you do
request.headers['x-api-key']
And the key x-api-key does not exist in the user's request, this will throw an error. Similar to dict, you can use the .get() method to default to a value in the case it does not exist. In this case, your code would look like so:
api_key = request.headers.get('x-api-key')
if api_key and api_key not in stored_api_key:
# do something
Otherwise, you must do the following:
if 'x-api-key' in request.headers and request.headers['x-api-key'] not in stored_api_key:
I wouldn't try to jam this into a single if statement. You have two checks where one check can use the output of the last. IMO it reads much more clearly to me to have two if statements. You could use an assignment expression to help simplify your logic:
if api_key := request.headers.get('x-api-key'):
if api_key not in stored_api_key:
...
The first if assigns api_key and checks for truthiness. get is used to avoid KeyErrors. The second if uses the value from above where we know api_key is not None.
You could also one liner this if you really want to, but is definitely less readable:
if (key := request.headers.get('x-api-key')) and key not in stored_api_key:
...
I am currently defining regular expressions in order to capture parameters in a URL, as described in the tutorial. How do I access parameters from the URL as part the HttpRequest object?
My HttpRequest.GET currently returns an empty QueryDict object.
I'd like to learn how to do this without a library, so I can get to know Django better.
When a URL is like domain/search/?q=haha, you would use request.GET.get('q', '').
q is the parameter you want, and '' is the default value if q isn't found.
However, if you are instead just configuring your URLconf**, then your captures from the regex are passed to the function as arguments (or named arguments).
Such as:
(r'^user/(?P<username>\w{0,50})/$', views.profile_page,),
Then in your views.py you would have
def profile_page(request, username):
# Rest of the method
To clarify camflan's explanation, let's suppose you have
the rule url(regex=r'^user/(?P<username>\w{1,50})/$', view='views.profile_page')
an incoming request for http://domain/user/thaiyoshi/?message=Hi
The URL dispatcher rule will catch parts of the URL path (here "user/thaiyoshi/") and pass them to the view function along with the request object.
The query string (here message=Hi) is parsed and parameters are stored as a QueryDict in request.GET. No further matching or processing for HTTP GET parameters is done.
This view function would use both parts extracted from the URL path and a query parameter:
def profile_page(request, username=None):
user = User.objects.get(username=username)
message = request.GET.get('message')
As a side note, you'll find the request method (in this case "GET", and for submitted forms usually "POST") in request.method. In some cases, it's useful to check that it matches what you're expecting.
Update: When deciding whether to use the URL path or the query parameters for passing information, the following may help:
use the URL path for uniquely identifying resources, e.g. /blog/post/15/ (not /blog/posts/?id=15)
use query parameters for changing the way the resource is displayed, e.g. /blog/post/15/?show_comments=1 or /blog/posts/2008/?sort_by=date&direction=desc
to make human-friendly URLs, avoid using ID numbers and use e.g. dates, categories, and/or slugs: /blog/post/2008/09/30/django-urls/
Using GET
request.GET["id"]
Using POST
request.POST["id"]
Someone would wonder how to set path in file urls.py, such as
domain/search/?q=CA
so that we could invoke query.
The fact is that it is not necessary to set such a route in file urls.py. You need to set just the route in urls.py:
urlpatterns = [
path('domain/search/', views.CityListView.as_view()),
]
And when you input http://servername:port/domain/search/?q=CA. The query part '?q=CA' will be automatically reserved in the hash table which you can reference though
request.GET.get('q', None).
Here is an example (file views.py)
class CityListView(generics.ListAPIView):
serializer_class = CityNameSerializer
def get_queryset(self):
if self.request.method == 'GET':
queryset = City.objects.all()
state_name = self.request.GET.get('q', None)
if state_name is not None:
queryset = queryset.filter(state__name=state_name)
return queryset
In addition, when you write query string in the URL:
http://servername:port/domain/search/?q=CA
Do not wrap query string in quotes. For example,
http://servername:port/domain/search/?q="CA"
def some_view(request, *args, **kwargs):
if kwargs.get('q', None):
# Do something here ..
For situations where you only have the request object you can use request.parser_context['kwargs']['your_param']
You have two common ways to do that in case your URL looks like that:
https://domain/method/?a=x&b=y
Version 1:
If a specific key is mandatory you can use:
key_a = request.GET['a']
This will return a value of a if the key exists and an exception if not.
Version 2:
If your keys are optional:
request.GET.get('a')
You can try that without any argument and this will not crash.
So you can wrap it with try: except: and return HttpResponseBadRequest() in example.
This is a simple way to make your code less complex, without using special exceptions handling.
I would like to share a tip that may save you some time.
If you plan to use something like this in your urls.py file:
url(r'^(?P<username>\w+)/$', views.profile_page,),
Which basically means www.example.com/<username>. Be sure to place it at the end of your URL entries, because otherwise, it is prone to cause conflicts with the URL entries that follow below, i.e. accessing one of them will give you the nice error: User matching query does not exist.
I've just experienced it myself; hope it helps!
These queries are currently done in two ways. If you want to access the query parameters (GET) you can query the following:
http://myserver:port/resource/?status=1
request.query_params.get('status', None) => 1
If you want to access the parameters passed by POST, you need to access this way:
request.data.get('role', None)
Accessing the dictionary (QueryDict) with 'get()', you can set a default value. In the cases above, if 'status' or 'role' are not informed, the values are None.
If you don't know the name of params and want to work with them all, you can use request.GET.keys() or dict(request.GET) functions
This is not exactly what you asked for, but this snippet is helpful for managing query_strings in templates.
If you only have access to the view object, then you can get the parameters defined in the URL path this way:
view.kwargs.get('url_param')
If you only have access to the request object, use the following:
request.resolver_match.kwargs.get('url_param')
Tested on Django 3.
views.py
from rest_framework.response import Response
def update_product(request, pk):
return Response({"pk":pk})
pk means primary_key.
urls.py
from products.views import update_product
from django.urls import path
urlpatterns = [
...,
path('update/products/<int:pk>', update_product)
]
You might as well check request.META dictionary to access many useful things like
PATH_INFO, QUERY_STRING
# for example
request.META['QUERY_STRING']
# or to avoid any exceptions provide a fallback
request.META.get('QUERY_STRING', False)
you said that it returns empty query dict
I think you need to tune your url to accept required or optional args or kwargs
Django got you all the power you need with regrex like:
url(r'^project_config/(?P<product>\w+)/$', views.foo),
more about this at django-optional-url-parameters
This is another alternate solution that can be implemented:
In the URL configuration:
urlpatterns = [path('runreport/<str:queryparams>', views.get)]
In the views:
list2 = queryparams.split("&")
url parameters may be captured by request.query_params
It seems more recommended to use request.query_params. For example,
When a URL is like domain/search/?q=haha, you would use request.query_params.get('q', None)
https://www.django-rest-framework.org/api-guide/requests/
"request.query_params is a more correctly named synonym for request.GET.
For clarity inside your code, we recommend using request.query_params instead of the Django's standard request.GET. Doing so will help keep your codebase more correct and obvious - any HTTP method type may include query parameters, not just GET requests."
how do i redirect a registered user to his/her db.table.id 'view' without going through smartgrid in web2py?
i have tried using:
redirect(URL(f='first', args=['mydata/view', 'mydata/%s', %request.vars.name]))
where mydata is the view for my table db.mydata and 'first' is my function.
It always returns to the smartgrid interface.
There are two problems. First, the final URL argument must be the record ID, but it looks like you are instead using a name (i.e., request.vars.name). Second, by default, the grid uses signed URLs, so you must either disable the signatures (not recommended) or add a user signature to the URL you generate. So, the link should be something like this:
redirect(URL(f='first', args=['mydata', 'view', 'mydata', request.vars.id],
user_signature=True))
Also, note that in the args list, each element can (and generally should) be a separate URL arg. So, instead of ['mydata/view', ...], it should be ['mydata', 'view', ...].
I would like to make use of query parameters in POST and other modification methods. This could apply to regular query parameters or to those extracted by url rules with variables.
But I am noticing that Eve specifically drops these parameters for POST calls. I can easily make the changes necessary to preserve them, but since they are being intentionally dropped, I'm wondering if there is some downside to having them around. What is the reason for this design decision?
Example Usecase
Perhaps there is a question why would someone ever want to use query parameters like this. The API I have in mind uses query parameters in POST and DELETE calls. One example of why this might be convenient is to allow user to modify the validation and actual behavior of the call. To give a somewhat contrived example:
DELETE /resource/123
-- fails if there are dependent objects for this resource
DELETE /resource/123?cascade=true
-- allow delete to cascade to dependent objects (eg. user clicked "I am sure")
Another example:
POST /user?allowId=True { "id" : 123, "name" : "Bob }
-- will accept externally-defined ID as opposed to generating a new one
Another example:
POST /container/<foo>/resource { ... }
-- create a new resource inside of the <foo> container
Edited
I tried to use the request.args to get at the variable rules but it doesn't seem to work.
(It is possible to get at the query args this way, but I'd like the variable rules to work as well.)
*in settings.py*
DOMAIN = {
'ducks' : {
'url':'rows/<row>/ducks',
'schema': {
'name' : { 'type' : 'string' }
}
}
}
*command line*
curl -H "Content-Type: application/json" -X POST 'http://localhost:5001/rows/1/ducks' -d '{"name":"bob"}
When the code enters my on_pre_POST hook, request.args is empty.
If I walk up the stack I see that in endpoints.collection_endpoint() function lookup does contain {'row':1} but it is not passed into the post(response) call. I can submit a pull request to fix this, if it makes sense.
Edited 2
I found that these parameters are available in request.view_args as opposed to request.args. This means both kinds of parameters are accessible anywhere in flask/eve without code changes.
Since on_pre_POST passes the request object you can easily achieve that:
def my_pre_post_callback(resource, request):
allowId = request.args.get('allowId')
...
I'm receiving a JSON response from my server where several of the keys may or may not exist. I've mostly been using a bunch of ternary operators to test each key before passing them into a Django object.create method. Here's something along the lines of what I'm dealing with
incoming = {"name":"hackNightly", "age":25, "field":"web development"}
# here's where it gets nasty
name = incoming["name"] if "name" in incoming else None
age = incoming["age"] if "age" in incoming else None
user = User.objects.create(
name = name,
age = age
)
etc. Of course, this works fine, it just feels like I'm doing something wrong. Is there a more pythonistic way to accomplish this? Thank you.
name = incoming.get('name')
age = incoming.get('age')
Dictionaries have a .get() method which can be called with 1 argument (what you're looking up), or 2 arguments (what you're looking up, and a default value if not found). By default, using 1 argument, get will just return None if nothing is found, so you can leave it as is.