The official source code for Django for APIs. Available as an ebook or paperback.
If you have the 3.1 version, please refer to this repo for the source code.
Source code for Django for APIs
Home Page: https://djangoforapis.com
License: MIT License
The official source code for Django for APIs. Available as an ebook or paperback.
If you have the 3.1 version, please refer to this repo for the source code.
This isn't an error in the book (which pins examples to specific Django/DRF versions), but I thought I'd report it here in case it's helpful to anybody else. While following along with the examples, I simply installed the latest versions of Django (3.1.2) and DRF (3.12.0). When I got to the drf_yasg
examples in Chapter 9, this resulted in the following error:
ImportError: Could not import 'drf_yasg.generators.OpenAPISchemaGenerator' for API setting
'DEFAULT_GENERATOR_CLASS'. ImportError: cannot import name 'URLPattern' from 'rest_framework.compat' (/home/evadeflow/.virtualenvs/django-for-apis-5-7UNjQH/lib/python3.9/site-
packages/rest_framework/compat.py).
A Google search led me to axnsan12/drf-yasg#641, and the following workaround:
diff --git a/ch9-schemas-and-documentation/config/settings.py b/ch9-schemas-and-documentation/config/settings.py
index 2afe6ec..3f0a482 100644
--- a/ch9-schemas-and-documentation/config/settings.py
+++ b/ch9-schemas-and-documentation/config/settings.py
@@ -47,7 +47,7 @@ INSTALLED_APPS = [
'allauth.socialaccount',
'dj_rest_auth',
'dj_rest_auth.registration',
- 'drf_yasg', # new
+ 'drf_yasg2', # new
# Local
'posts',
diff --git a/ch9-schemas-and-documentation/config/urls.py b/ch9-schemas-and-documentation/config/urls.py
index 17c4a93..1576f7e 100644
--- a/ch9-schemas-and-documentation/config/urls.py
+++ b/ch9-schemas-and-documentation/config/urls.py
@@ -1,8 +1,8 @@
from django.contrib import admin
from django.urls import include, path
from rest_framework import permissions # new
-from drf_yasg.views import get_schema_view # new
-from drf_yasg import openapi # new
+from drf_yasg2.views import get_schema_view # new
+from drf_yasg2 import openapi # new
schema_view = get_schema_view( # new
openapi.Info(
With that change in place, I ran:
$ pip uninstall drf_yasg
$ pip install drf_yasg2
and I was able to access both the Swagger and ReDoc endpoints.
NOTE: I do not have any insight into the current status of drf_yasg
, or whether drf_yasg2
is now the recommended replacement—officially or otherwise. I just wanted to see the example work, and using the drf_yasg2
fork allowed me to do that. YMMV, etc...
Hi,
In ch8-blog-user-auth/django_project/settings.py
file, "django.template.context_processors.request",
is duplicate.
Thanks.
The API endpoint /api/v1/<int:pk>
returns the serialized Post
object with author
equal to the User.id
, i.e.,
{
"id": 1,
"author": 1,
"title": "Test Post 1",
"body": "This is the first post!",
"created_at": "2020-09-22T22:30:03.173687Z"
}
It would be more useful to return User.username
for author
. This would simplify rendering the data on the frontend. For example:
{
"id": 1,
"author": "terrytesterson",
"title": "Test Post 1",
"body": "This is the first post!",
"created_at": "2020-09-22T22:30:03.173687Z"
}
Hi William, I'm loving the book and got through chapter 6. After I've gone through the permissions - IsAuthorOrReadOnly, my testuser retains access to the posts and is able to delete. I've gone over the chapter again to review it and just can't figure it out. Is there something glaringly obvious that I've messed up?
Not maintained by anyone.
Hello, as mentioned in this link: https://stackoverflow.com/questions/76093862/dj-rest-auth-registration-return-http-204-no-content I got the same problem in Chapter 8: User Authentication when doing the registration of a user.
REST_AUTH = {
'SESSION_LOGIN': False
}
solved the issue. I hope it helps, great book !
After logging in as, say, testuser1
, I'm able to add a new post as the admin
user. (I thought perhaps I mistyped something that introduced this behavior, but... it's the same when I run the code directly from this repo.)
It's probably not reasonable (outside of the admin interface) to allow one user to impersonate another. How would I go about closing this loophole?
Looks like two authorization paths were accidentally removed from blog_project/urls.py. Because two endpoints were not available:
api/v1/rest-auth/
api/v1/rest-auth/registration/
These paths were absent:
path('api/v1/rest-auth/', include('rest_auth.urls')),
path('api/v1/rest-auth/registration/', include('rest_auth.registration.urls')),
After completing the book, I was exploring various states of the API while logged in and logged out. I found that in my completed version of the Blog API project, the Post List API view (localhost:8000/api/v1
) is accessible when logged out. The endpoint is 200 OK
and you can create a new post for any existing user.
I found this strange, since that functionality is explicitly removed in Chapter 6:
We no longer see our Post List page. Instead we are greeted with an unfriendly HTTP 403 Forbidden status code since we are not logged in. And there are no forms in the browsable API to edit the data since we don’t have permission. (citation: page 106 in my PDF)
I get 403
after completing Chapter 7. It's also what I get in the sections of Chapter 8 that come before implementing viewsets and routers (starting on page 151 in my PDF). But by the end of Chapter 8, the response at /api/v1
is 200
.
To test whether this is something I had accidentally done, I downloaded a clean copy of the repo. I checked each chapter individually in its own virtual environment. I found the same behaviors as described above. I also took a git branch of a clean copy of the Chapter 7 source and worked through Chapter 8 up to page 151. Endpoint api/v1
is still 403
at that point.
As this seems like something one wouldn't want available on a blog site, I thought I'd point it out. 😄
I've reviewed the code that you add in Chapter 8 after page 151, and I'm afraid I don't understand the relationships among the permissions and the viewset/router implementations well enough to offer a suggestion for a fix. But I'd love to better understand what's going on here.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.