search

Wolfie-Home / webserver2

IFTTT-like web server that connects IoT devices, written in Python Flask and ReactJS
6 stars 1 forks source link

RESTful api to mobile devices #13

Open cjackie opened 8 years ago

cjackie commented 8 years ago

@kbumsik

Can our APIs be used by mobile devices? How does authentication work in mobile devices using our web server. We might have a person interested in build a mobile app for this project. If we could expose these api to him, he can do it.

I assume the mechanism for doing it will be similar to our IoT nodes interacting with the web server.

kbumsik commented 8 years ago

Is @larry725 interested in making an mobile app? Welecome :)

We can use exactly the same API for mobile devices, though additional workarounds are needed to keep the session with the server when you are not using a web browser.

Look at tools/api_tester.py and see how I keep the session between two processes (two curl calls). Comments in tools/api_tester.py describes how it could be done.

For Web API, the server uses server-side session variables. But a client-side cookie is still needed to identify users. session field of cookie is used for session identification. When we login using POST /api/login, the server sends a response with Set-Cookie: header field like this:

HTTP/1.0 200 OK
Content-Type: application/json; charset=utf-8
Content-Length: 69
Set-Cookie: session=.eJwli0EKgCAUBa8Sf52i3xBy1SVah5WJqAmpq-juGe3eDPNuMFG7AAr8WmN2frIf0y1F6CHoXJaQrDtbgIxLwkaCskNUjCsUlI-DEKKVNZtrcTso_u9TR9M-uzl0DWVuBp4XHFchOQ.Cstkcw.iclIiMF-mFF7jOqkyFCuCWUtt84; HttpOnly; Path=/
Server: Werkzeug/0.11.11 Python/3.5.2
Date: Tue, 27 Sep 2016 02:01:23 GMT
{"user_id": 1, "username": "defaultUser", "msg": "Login successful."}

We need session=<encoded field>; to keep session. In my case, I used regex to parse session cookie. After login, you need to include this session cookie in Cookie: field for every HTTP requests like following:

GET /api/location HTTP/1.1
User-Agent: curl/7.35.0
Host: localhost:8000
Accept: */*
Cookie: session=.eJwli0EKgCAUBa8Sf52i3xBy1SVah5WJqAmpq-juGe3eDPNuMFG7AAr8WmN2frIf0y1F6CHoXJaQrDtbgIxLwkaCskNUjCsUlI-DEKKVNZtrcTso_u9TR9M-uzl0DWVuBp4XHFchOQ.Cstkcw.iclIiMF-mFF7jOqkyFCuCWUtt84
Content-Type: application/json

Then the server recognizes the user in session.

I don't know how to do this using smartphone's library but there muse be ways to include additional HTTP header field.

larry725 commented 8 years ago

Yes, I am interested in the app. But I need some time to learn about the current code. Lol.

kbumsik commented 8 years ago

You don't really need to know the whole back-end codes. This API document provides interface to get data from the server.

cjackie commented 8 years ago

@kbumsik I see. Basically, it is session-based authentication.

I was thinking let Lin Huang do this. He and I are doing the senior project together. This will be an assignment for him to get more familiar with Android Development. He wants to learn more about programming, especially with Java.

Larry is just here to learn about our project. Hopefully, he can pick up and start contributing something.

@larry725 After you are comfortable, let us know what is your interest. We can figure out something interesting for you to do. It can be designing page, layout ui elements with bootstrap, coding web api, scripts , or coding front-end(learn about technologies used by Facebook). 😄