Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RESTful api to mobile devices #13

Open
cjackie opened this issue Sep 26, 2016 · 4 comments
Open

RESTful api to mobile devices #13

cjackie opened this issue Sep 26, 2016 · 4 comments

Comments

@cjackie
Copy link
Member

cjackie commented Sep 26, 2016

@kbumsik

Can our APIs be used by mobile devices? How does authentication work in mobile devices using our web server. We might have a person interested in build a mobile app for this project. If we could expose these api to him, he can do it.

I assume the mechanism for doing it will be similar to our IoT nodes interacting with the web server.

@kbumsik
Copy link
Contributor

kbumsik commented Sep 27, 2016

Is @larry725 interested in making an mobile app? Welecome :)

We can use exactly the same API for mobile devices, though additional workarounds are needed to keep the session with the server when you are not using a web browser.

Look at tools/api_tester.py and see how I keep the session between two processes (two curl calls). Comments in tools/api_tester.py describes how it could be done.

For Web API, the server uses server-side session variables. But a client-side cookie is still needed to identify users. session field of cookie is used for session identification. When we login using POST /api/login, the server sends a response with Set-Cookie: header field like this:

HTTP/1.0 200 OK
Content-Type: application/json; charset=utf-8
Content-Length: 69
Set-Cookie: session=.eJwli0EKgCAUBa8Sf52i3xBy1SVah5WJqAmpq-juGe3eDPNuMFG7AAr8WmN2frIf0y1F6CHoXJaQrDtbgIxLwkaCskNUjCsUlI-DEKKVNZtrcTso_u9TR9M-uzl0DWVuBp4XHFchOQ.Cstkcw.iclIiMF-mFF7jOqkyFCuCWUtt84; HttpOnly; Path=/
Server: Werkzeug/0.11.11 Python/3.5.2
Date: Tue, 27 Sep 2016 02:01:23 GMT
{"user_id": 1, "username": "defaultUser", "msg": "Login successful."}

We need session=<encoded field>; to keep session. In my case, I used regex to parse session cookie.
After login, you need to include this session cookie in Cookie: field for every HTTP requests like following:

GET /api/location HTTP/1.1
User-Agent: curl/7.35.0
Host: localhost:8000
Accept: */*
Cookie: session=.eJwli0EKgCAUBa8Sf52i3xBy1SVah5WJqAmpq-juGe3eDPNuMFG7AAr8WmN2frIf0y1F6CHoXJaQrDtbgIxLwkaCskNUjCsUlI-DEKKVNZtrcTso_u9TR9M-uzl0DWVuBp4XHFchOQ.Cstkcw.iclIiMF-mFF7jOqkyFCuCWUtt84
Content-Type: application/json

Then the server recognizes the user in session.

I don't know how to do this using smartphone's library but there muse be ways to include additional HTTP header field.

@larry725
Copy link

Yes, I am interested in the app. But I need some time to learn about the current code. Lol.

@kbumsik
Copy link
Contributor

kbumsik commented Sep 27, 2016

You don't really need to know the whole back-end codes. This API document provides interface to get data from the server.

@cjackie
Copy link
Member Author

cjackie commented Sep 28, 2016

@kbumsik
I see. Basically, it is session-based authentication.

I was thinking let Lin Huang do this. He and I are doing the senior project together. This will be an assignment for him to get more familiar with Android Development. He wants to learn more about programming, especially with Java.

Larry is just here to learn about our project. Hopefully, he can pick up and start contributing something.

@larry725
After you are comfortable, let us know what is your interest. We can figure out something interesting for you to do. It can be designing page, layout ui elements with bootstrap, coding web api, scripts , or coding front-end(learn about technologies used by Facebook). 😄

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants