search

PiranhaCMS / piranha.core

Piranha CMS is the friendly editor-focused CMS for .NET that can be used both as an integrated CMS or as a headless API.
http://piranhacms.org
MIT License
2.01k stars 560 forks source link

Accessing content in a headless manner #1360

Closed zoinkydoink closed 4 years ago

zoinkydoink commented 4 years ago
  1. Added the package Piranha.WebApi
  2. added options.UseApi();
  3. I created a page called home with the same slug
  4. Using PostMan REST Client, accessing https://localhost:44305/api/page/GetBySlug?slug=home (might be issue here)
  5. Getting 401 error Unauthorized
  6. I tried sending Basic Authentication with it using admin/pass, still same issue

I have the /manager accessible by admin/password so I assume that is what is needed to be sent, the default identity is IdentitySqlLiteDbif it matters.

I looked at the code for the .WebApi package and it seems to fail at the following.

        [HttpGet]
        [Route("{slug}")]
        public async Task<IActionResult> GetBySlug(string slug)
        {
            if (!Module.AllowAnonymousAccess)
            {
                if (!(await _auth.AuthorizeAsync(User, Permissions.Pages)).Succeeded)
                {
                    return Unauthorized();
                }
            }
            return Json(await _api.Pages.GetBySlugAsync<PageBase>(slug));
        }

How do I configure this specific module so that Anonymousaccess is allowed and not even ask/require credentials?

I am simply trying to have a cms where I can enter content through /manager and then be able to access all created pages using the api (hopefully) without even any type of authentication.

I understand I can role my own API and remove the checks where it asks for creds but I would like to understand the process better and even prefer to use the built in provided by you guys.

tidyui commented 4 years ago

Hi there! You can initialize the api module with:

options.UseApi(o => o.AllowAnonymousAccess = true);

Best regards

tidyui commented 4 years ago

As for authentication, the endpoints use the standard AuthorizationManager of ASP.NET which checks for Policies. These policies are made up of one or sever claims and are defined here in the WebApi module:

https://github.com/PiranhaCMS/piranha.core/blob/master/core/Piranha.WebApi/WebApiModuleExtensions.cs#L52

By default Piranha is configured with cookie based authentication using ASP.NET Identity, which means you need to login and get a cookie from the server to be authenticated. However in a purely headless scenario this is most likely not the preferred authentication model, so I'd suggest looking into the different methods Identity supports. In the end, Piranha will only look at the current user and its claims.

zoinkydoink commented 4 years ago

https://localhost:44305/api/page/getbyslug?slug=home gets me null (200 code) even though that is the slug of he page

tidyui commented 4 years ago

The correct syntax for calling that endpoint would be

https://localhost:44305/api/page/home
zoinkydoink commented 4 years ago

Above worked, one more questions, after finally seeing the results I see there is a lot of bits and pieces that make up a page. Is there a .ToHtml property or similiar anywhere in returned result (which hopefully will include urls of images if any) so that I can just get the source of the content instead of all the blocks and their html individually.

tidyui commented 4 years ago

Since Piranha is a headless/decoupled CMS the core framework has no idea how the data should be rendered, as an example a ColumnBlock would almost always need some kind of grid system to be rendered correctly. You could implement such an API yourself for your specific application.

Best regards

biapar commented 3 years ago
  1. Added the package Piranha.WebApi
  2. added options.UseApi();
  3. I created a page called home with the same slug
  4. Using PostMan REST Client, accessing https://localhost:44305/api/page/GetBySlug?slug=home (might be issue here)
  5. Getting 401 error Unauthorized
  6. I tried sending Basic Authentication with it using admin/pass, still same issue

I have the /manager accessible by admin/password so I assume that is what is needed to be sent, the default identity is IdentitySqlLiteDbif it matters.

I looked at the code for the .WebApi package and it seems to fail at the following.

        [HttpGet]
        [Route("{slug}")]
        public async Task<IActionResult> GetBySlug(string slug)
        {
            if (!Module.AllowAnonymousAccess)
            {
                if (!(await _auth.AuthorizeAsync(User, Permissions.Pages)).Succeeded)
                {
                    return Unauthorized();
                }
            }
            return Json(await _api.Pages.GetBySlugAsync<PageBase>(slug));
        }

How do I configure this specific module so that Anonymousaccess is allowed and not even ask/require credentials?

I am simply trying to have a cms where I can enter content through /manager and then be able to access all created pages using the api (hopefully) without even any type of authentication.

I understand I can role my own API and remove the checks where it asks for creds but I would like to understand the process better and even prefer to use the built in provided by you guys.

See this to: https://gist.github.com/biapar/e48bb57e86759c9ffb14fdabbf804369