I created my first micro controller device and I want it to push data to a website. Basically it collects data and I want to store that in a database. But there are multiple devices and I don't want the devices to be able to read the data other devices uploaded. Now I wonder what the safest method would be?
The server runs Debian and I have full access. The device runs Debian as well and I'm coding in python.
Those are the ideas I came up with:
make the device fill out forms on a website
make the device connect to MYSQL directly
So what is the easiest way to make this right? Filling out forms seems the easiest to me, but is it really a good practice to just send POST data? How can I deal with authentication?
Conneting to the Mysql seems bad, because I don't really want to grant access to the whole table. But maybe a "add only - no read" restriction could work.
maybe you use some web framework
Use REST api to your web site. Most web framework has REST api extension.
only permit PUT, POST permission, not GET
For example, I am using django + tastypie. tastypie provide rest api for accessing django models and also provide authentication and authorization. Django REST framework is another good choice
Related
I am new in the world of programming. I know a little python and I am learning Django. I understand that Django is very useful for webpages backend.
But I don't just want a website or an webapp. What I want is to centralize all the operations of my company by communicating through APIS different applications such as CRM (customer relationship management), SQL database, bulk mail software, etc.
For example, I want that when I perform an action in my CRM software (sales), it activates a scrapy script that I am creating, which scrapes certain pages, and then stores information in my SQL database.
Can I centralize all of this through Django as if it were a central base that connects all my scripts and the communications between APIs?
Yes. I would try doing any POST request to your Django server. In this code try doing a POST request to any other server. This should be all you need to get started building your central base.
Django has the ability to do what you are looking for. A good starting point for you if you choose to pursue would be DRF. Django REST framework is a powerful and flexible toolkit for building Web APIs.
However, I think you should also weigh the cost of maintaining and developing your own IPaaS (Integration Platform as a Service) with utilizing and conforming to some self-hosted / cloud-hosted IPaaS providers.
Some providers that accomplish what you may be trying to do can be found here.
So I have been using firebase with Pyrebase-python and it has been working out well so far for a prototype. For login I get the email and password, post through ajax and then use sign_in_with_email(email, password). Boom, the user is verified and I have a refresh token to access the firebase db with.
This worked out well until I realized that I needed to query the data on different fields. Errror!! So the work around is adding a field like accountUUID_campaignUUID and querying on that. Ok, not so bad. However, now they have released Firestore, which includes multiple queries.
I would like to implement this feature, however, if I use the python sdk, it only validated with Google IAM and not the Firebase Auth. So what do I do now? All my models and backend is written in python. If I move all the models to the client JS, that would solve one problem, however, I still need to perform backend functions on the data. So do I get the data in the JS frontend, then send it to the python backend, perform function, then send to frontend? This seems pointless and redundant. At this point, I could just drop the realtime function as its not 100% necessary and just go with MongoDB and write a custom JWT authorization. Firebase Realtime Database/Firestore has really been pissing me off lately. Why is everything forced in the front end? But I guess that's my fault for trying to force Realtime Database/Firestore with python... Maybe I'll try it again with my next project, maybe not...
Firebase Firestore in Python
That link should be all you need to get started.
As to your comment on IAM vs Firebase Auth: You can set up security rules to deal with your issue even setting up variables and conditionals for access rules based on auth.uid
https://firebase.google.com/docs/firestore/security/get-started?authuser=0
I'm currently working on a University project that needs to be implemented with a Client - Server model.
I had experiences in the past where I was managing the communication at socket level and that really sucked.
I was wondering if someone could suggest an easy to use python framework that I can use for that purpose.
I don't know what kind of details you may need to answer so I'm just going to describe the project briefly.
Communication should happen over HTTP, possibly HTTPS.
The server does not need to send data back or invoke methods on the clients, it just collects data
Many clients send data concurrently to server, who needs to distinguish the sender, process the data accordingly and put the result in a database.
You can use something like Flask or Django. Both frameworks are fairly easy to implement, Flask is much easier than Django IMO, although Django has a built in authentication layer that you can use, albeit more difficult to implement in a client/server scenario like you need.
I would personally use Flask and JWT (JSON Web Tokens), which will allow you to give a token to each client for authentication with the server, which will also let you differentiate between clients, and you can use HTTPS for your SSL/TLS requirement. It is tons easier to implement this, and although I like django better for what it brings to the table, it is probably overkill to have you learn it for a single assignment.
For Flask with SSL, here is a quick rundown of that.
For JWT with Flask, here is that.
You can use any database system you would like.
If I understood you correctly you can use any web framework in python. For instance, you can use Flask (I use it and I like it). Django is also a popular choice among the python web frameworks. However, you shouldn't be limited to only these two. There are plenty of them out there. Just google for them.
The implementation of the client depends on what kind of communication there will be between the clients and the server - I don't have enough details here. I only know it's unidirectional.
The client can be a browser accessing you web application written in Flask where users send only POST requests to the server. However, even here the communication will bidirectional (the clients need to open the page which means the server sends requests back to the client) and it violates your initial requirement.
Then it can be a specific client written in python sending some particular requests to your server over http/https. For instance, your client can use a requests package to send HTTP requests.
I am currently learning how to use django. I have a standalone python script that I want to communicate with my django app. However, I have no clue how to go about doing this. My django app has a login function and a database with usernames and passwords. I want my python script to talk to my app and verify the persons user name and password and also get some account info like the person's name. How do I go about doing this? I am very new to web apps and I am not really sure where to begin.
Some Clarifications: My standalone python program is so that the user can access some information about their account. I am not trying to use the script for login functionality. My django app already handles this. I am just trying to find a way to verify that they have said account.
For example: If you have a flashcards web app and you want the user to have a program locally on their computer to access their flashcards, they need to login and download the cards from the web app. So wouldn't the standalone program need to communicate with the app to get login information and access to the cards on that account somehow? That's what I am trying to accomplish.
If I understand you correctly, you're looking to have an external program communicate with your server. To do this, the server needs to expose an API (Application Interface) that communicates with the external program. That interface will receive a message and return a response.
The request will need to have two things:
identifying information for the user - usually a secret key - so that other people can't access the user's data.
a query of some sort indicating what kind of information to return.
The server will get the request, validate the user's secret key, process the query, and return the result.
It's pretty easy to do in Django. Set up a url like /api/cards and a view. Have the view process the request and return the response. Often, these days, these back and forth messages are encoded in JSON - an easy way to encapsulate and send data. Google around with the terms django, api, and json and you'll find a lot of what you need.
I am currently working on a project where we need to establish communication like an ESB, between a REST API and the apps services on a small scale.
Scenario:
Assume a web app front end (e.g. Django/Python or Ruby/Rails) and services that are accessible via a HTTP RESTful request.
How can I:
make it configurable which web services are called on a web request depending on the request and not requiring code changes (through keys for example)
encapsulate or implement the services in a way to make it easy to manage them e.g. start/stop etc.
I have been looking at spring.io, but cant work out whether this could be used for the this??
I am open to all suggestions,
Thanks
From what I understand, you want an authorisation solution.
In Rails, Pundit and CanCanCan are very popular. You could also implement it from scratch. Here is a screencast to help you get started.