def setUp(self):
self.response = itty3.HttpResponse("Hello, world!")
self.complex_resp = itty3.HttpResponse(
'{"success": false}',
status_code=403,
headers={
"X-Auth-Token": "abcdef1234567890",
},
content_type="application/json",
)
def create_post(request):
# This is unauthorized. Maybe for development or different auth in
# production.
# Regardless, some HTTP Basic Auth is added in `run.py`.
if request.method != itty3.POST:
return itty3.HttpResponse(request, "Nerp.", status_code=400)
title = request.POST.get("title", "")
content = request.POST.get("content", "")
# Imagine putting it in a database here.
return itty3.HttpResponse("", status_code=302, headers={"Location": "/"})
def logout(req):
resp = itty3.HttpResponse(
body="", headers={"Location": "/"}, status_code=302,
)
# All we need to provide is the key.
resp.delete_cookie("username")
return resp
def api_list(request):
# We're taking a whole different set of views (an API in this case) &
# composing it into our main app in `run.py`.
# Imagine this is doing something interesting.
data = {
"posts": [
{
"title": "First Post!",
"content": "I started a blog today like it was 2008.",
},
],
}
return itty3.HttpResponse(json.dumps(data), content_type=itty3.JSON)
def set_username(req):
username = req.GET.get("username", "unknown")
# First, we manually create the redirect response.
resp = itty3.HttpResponse(
body="", headers={"Location": "/"}, status_code=302,
)
# Now, set the `username` in the cookies!
resp.set_cookie("username", username)
# Don't forget to return that `resp` at the end!
return resp
def overridden_create_post(request):
# Check some HTTP Basic Auth for a known user/pass.
#
# NOTE: This isn't secure at all over regular HTTP! Add SSL if you deploy
# code like this to a production environment!
# It's probably also incomplete!
if "Authorization" not in request.headers:
return itty3.HttpResponse(request, "", status_code=403)
# Take the header, base64-decode it & split on the ":".
raw_auth = request.headers["Authorization"]
bits = base64.b64decode(raw_auth).split(":", 1)
# If there aren't enough bits or something is empty, reject.
if len(bits) < 2 or not bits[0] or not bits[1]:
return itty3.HttpResponse(request, "", status_code=403)
# If the credentials don't match, reject.
if bits[0] != USERNAME or bits[1] != PASSWORD:
return itty3.HttpResponse(request, "", status_code=403)
# They're authorized. Let them post.
return webui.create_post(request)
def unused_api(request, post_id):
# And in `run.py`, this view isn't even hooked up!
post = {
# ...
}
return itty3.HttpResponse(json.dumps(post), content_type=itty3.JSON)
def index(request):
# You can imagine the database lookup & template rendering here.
posts = "<p>No posts yet.</p>"
# You can directly instantiate responses if you don't want to use
# the `app` module-level object or `app.render` specifically.
return itty3.HttpResponse(posts)