So I have been using firebase with Pyrebase-python and it has been working out well so far for a prototype. For login I get the email and password, post through ajax and then use sign_in_with_email(email, password). Boom, the user is verified and I have a refresh token to access the firebase db with.
This worked out well until I realized that I needed to query the data on different fields. Errror!! So the work around is adding a field like accountUUID_campaignUUID and querying on that. Ok, not so bad. However, now they have released Firestore, which includes multiple queries.
I would like to implement this feature, however, if I use the python sdk, it only validated with Google IAM and not the Firebase Auth. So what do I do now? All my models and backend is written in python. If I move all the models to the client JS, that would solve one problem, however, I still need to perform backend functions on the data. So do I get the data in the JS frontend, then send it to the python backend, perform function, then send to frontend? This seems pointless and redundant. At this point, I could just drop the realtime function as its not 100% necessary and just go with MongoDB and write a custom JWT authorization. Firebase Realtime Database/Firestore has really been pissing me off lately. Why is everything forced in the front end? But I guess that's my fault for trying to force Realtime Database/Firestore with python... Maybe I'll try it again with my next project, maybe not...
Firebase Firestore in Python
That link should be all you need to get started.
As to your comment on IAM vs Firebase Auth: You can set up security rules to deal with your issue even setting up variables and conditionals for access rules based on auth.uid
https://firebase.google.com/docs/firestore/security/get-started?authuser=0
Related
I was using Flask for a small personal project of mine, and using render template and simple HTML files for the front-end.
I recently decided to switch over to a react front-end with a REST API in Flask.
However, since a lot of my old flask code depended on using sessions within Flask, I was wondering if sessions can still be used with a REST API.
There are essentially two parts to the question:
Is it technically correct (i.e. would it even work)
Is it advisable (If no, why not)
Thanks
Yes you can use sessions for login for a front end API. For backend APIs I suppose you could as well but something like jwt or oauth2 is much more common for a few convenience reasons. Not sure the set cookie header works when called via the JS fetch api so you may need to create your own session cookie with JS and possibly in middleware. You also have the option of having the login page not part of the API which would solve this problem.
Other than that as long as the session cookie is being passed to the API every time it is called which should happen automatically you will be able to use sessions in your Flask code.
I have a basic background in DS with Python and I try now the first time to build an application and I need a bit advise which infrastructure to choose on AWS and how to structure the application. The code I can develop/google on my own :)
The main question is: Where/On which platform of AWS should happen Step 2. I guess I miss there some basic knowledge of applications and therefore I have problems to google the problem myself.
What should happen by the application:
On a website a user types in values in a form and this values are sended somewhere so be processed. (Already coded)
Now, this values (so far an email with the values) has to be sent somewhere to be processed. Here I do not know in which infrastructure of AWS I can write an application that can receive this values (/email) directly and process it automatically?
3./4. Automated process of values, pdf creation and sending etc.
Goal is that always when a user uses the website and sends the email, that the automated process is triggered.
Thank you for your help! :)
I am assuming that you have access to the mailbox to which user form data will be sent via email, You can then read the email data using imap module of python and extract the required information either by using regex or by some html to dict conversion module, please find below link for html to dict conversion.
How to convert an HTML table into a Python dictionary.
Having said all that I would strongly recommend you to use AWS EC2 instance to host your application, NGNIX as web server, postgress as database and most importantly Django as the webframe work, you should have the user fill the require data in form and send that form directly to the back end server which can then save it directly to your database (there is no need to send the data via email), if you have any queries please let me know.
I would suggest you use a "fanning out" architecture with something like Eventbridge or SNS topic.
When your user submits form, you publish a message to an SNS topic.
That topic can send an email, and also send the data to a backend service like lambda to save to something like DynamoDB or something like RDS MySQL.
I have recently started learning Python. I am currently trying to build a simple Web Application that requires a login to access some paths.
I understand that this can be achieved by using something like session['user']=user_id in Flask.
Can somebody help me with how exactly this works? Like where does Flask store the sessions if not in the database table?
It stores it in a cookie on the client side. From the official documentation:
This is implemented on top of cookies for you and signs the cookies cryptographically. What this means is that the user could look at the contents of your cookie but not modify it, unless they know the secret key used for signing.
If you need server-side session store, there is an extension called Flask-Sessionstore that lets you choose the method of storage, including server-side DBs.
I'm building a little application in Python. I use PySide for the GUI and Django to read data from my web application.
Everything works well, but I have a login access, like dropbox application.
I want to store this informations on the current machine (like a session, I don't want to login every time I open the application).
Now my question is, what is the safest way to do this? Environment variables?
Usually when you have an API that you're exposing in your app to the outer world (even your own desktop/mobile app), you'll design this API to be stateless, as part of the REST architecture. So your app should always include an HTTP header or any other method of carrying an authentication token that will let your API identify the user.
You only log in once, and when the log-in procedure is successful you should get an authentication token from your API, and then you will store this token somewhere safe.
You can also look into implementing OAuth2 for the authentication.
I am trying to create some Glassware with the Mirror API. I am new to using AppEngine and Jinja2. I have python experience but never with a web framework before. So basically I am very new at this.
I have modified the Python quickstart for the mirror API to include many of my endpoints and designs. Basically I want to be able to be able to POST data from a constrained device to Glass. I have an endpoint all setup which works to accept and parse out the data and send the timeline item.
My problem is that the device itself is acting all on it's own and cannot provide input, therefore when I call my app from it e.g. https://foo.appspot.com?operation=deviceData the app presents the auth page and then nothing happens. I can see in the logs that the auth page is being sent, but the device has no idea what to do with this.
Basically, I need a way where I can hardcode credentials and get around having to do oauth everytime. What is the recommended way to do this? Another app which doesn't require auth which passes the data along? This would be fine as I only need to set this up with one user right now, it is for an internal demo only.
Is it possible to set my credentials in a header and auth automatically without handling any return, more like how basic auth works?
There are also the "Simple API access" keys. Would these work in this situation, I tried creating browser and server keys and tried them on the device and in the browser by doinghttps://foo.appspot.com?operation=deviceData&key=KEY_HERE but in both cases I was still prompted to login. Is this what simple access keys are for? Do they not work with the mirror API?
Basically my question is, what's the easiest way to allow access to my apps endpoints without having to oAuth or having a hard coded user which auto-auths?
Here is the project that I started with: https://github.com/googleglass/mirror-quickstart-python