问题
I am implementing Cloud Endpoints with a Python app that uses custom authentication (GAE Sessions) instead of Google Accounts. I need to authenticate the requests coming from the Javascript client, so I would like to have access to the cookie information.
Reading this other question leads me to believe that it is possible, but perhaps not documented. I'm not familiar with the Java side of App Engine, so I'm not quite sure how to translate that snippet into Python. Here is an example of one of my methods:
class EndpointsAPI(remote.Service):
@endpoints.method(Query_In, Donations_Out, path='get/donations',
http_method='GET', name='get.donations')
def get_donations(self, req):
#Authenticate request via cookie
where Query_In and Donations_Out are both ProtoRPC messages (messages.Message). The parameter req in the function is just an instance of Query_In and I didn't find any properties related to HTTP data, however I could be wrong.
回答1:
First, I would encourage you to try to use OAuth 2.0 from your client as is done in the Tic Tac Toe sample.
Cookies are sent to the server in the Cookie Header and these values are typically set in the WSGI environment with the keys 'HTTP_...' where ... corresponds to the header name:
http = {key: value for key, value in os.environ.iteritems()
if key.lower().startswith('http')}
For cookies, os.getenv('HTTP_COOKIE') will give you the header value you seek. Unfortunately, this doesn't get passed along through Google's API Infrastructure by default.
UPDATE: This has been enabled for Python applications as of version 1.8.0. To send cookies through, specify the following:
from google.appengine.ext.endpoints import api_config
AUTH_CONFIG = api_config.ApiAuth(allow_cookie_auth=True)
@endpoints.api(name='myapi', version='v1', auth=AUTH_CONFIG, ...)
class MyApi(remote.service):
...
This is a (not necessarily comprehensive list) of headers that make it through:
HTTP_AUTHORIZATIONHTTP_REFERERHTTP_X_APPENGINE_COUNTRYHTTP_X_APPENGINE_CITYLATLONGHTTP_ORIGINHTTP_ACCEPT_CHARSETHTTP_ORIGINALMETHODHTTP_X_APPENGINE_REGIONHTTP_X_ORIGINHTTP_X_REFERERHTTP_X_JAVASCRIPT_USER_AGENTHTTP_METHODHTTP_HOSTHTTP_CONTENT_TYPEHTTP_CONTENT_LENGTHHTTP_X_APPENGINE_PEERHTTP_ACCEPTHTTP_USER_AGENTHTTP_X_APPENGINE_CITYHTTP_X_CLIENTDETAILSHTTP_ACCEPT_LANGUAGE
回答2:
For the Java people who land here. You need to add the following annotation in order to use cookies in endpoints:
@Api(auth = @ApiAuth(allowCookieAuth = AnnotationBoolean.TRUE))
source
(Without that it will work on the local dev server but not on the real GAE instance.)
来源:https://stackoverflow.com/questions/15690831/cloud-endpoints-http-cookies