github/datasette
1
0
Fork 0
mirror of https://github.com/simonw/datasette.git synced 2025-12-10 16:51:24 +01:00
Code Issues Projects Releases Packages Wiki Activity

Drop API token requirement from API explorer, refs #1871

Browse source
This commit is contained in:
Simon Willison 2022-10-30 13:09:55 -07:00
commit 9eb9ffae3d
2 changed files with 13 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

9
datasette/default_permissions.py
View file

@ -131,3 +131,12 @@ def register_commands(cli):
if debug: if debug:
click.echo("\nDecoded:\n") click.echo("\nDecoded:\n")
click.echo(json.dumps(ds.unsign(token, namespace="token"), indent=2)) click.echo(json.dumps(ds.unsign(token, namespace="token"), indent=2))
@hookimpl
def skip_csrf(scope):
# Skip CSRF check for requests with content-type: application/json
if scope["type"] == "http":
headers = scope.get("headers") or {}
if dict(headers).get(b"content-type") == b"application/json":
return True

13
datasette/templates/api_explorer.html
View file

@ -15,16 +15,13 @@
{% endif %} {% endif %}
<form method="post" id="api-explorer"> <form method="post" id="api-explorer">
<div>
<label for="auth-token">API token:</label>
<input type="text" id="auth-token" name="token" value="" style="width: 40%">
</div>
<div> <div>
<label for="path">API path:</label> <label for="path">API path:</label>
<input type="text" id="path" name="path" value="/fixtures/searchable/-/insert" style="width: 40%"> <input type="text" id="path" name="path" value="/fixtures/searchable/-/insert" style="width: 60%">
</div> </div>
<div> <div style="margin: 0.5em 0">
<textarea name="json" style="width: 60%; height: 200px; font-family: monospace; font-size: 0.8em;"></textarea> <label for="apiJson" style="vertical-align: top">JSON:</label>
<textarea id="apiJson" name="json" style="width: 60%; height: 200px; font-family: monospace; font-size: 0.8em;"></textarea>
</div> </div>
<p><button id="json-format" type="button">Format JSON</button> <input type="submit" value="POST"></p> <p><button id="json-format" type="button">Format JSON</button> <input type="submit" value="POST"></p>
</form> </form>
@ -46,7 +43,6 @@ form.addEventListener("submit", (ev) => {
var formData = new FormData(form); var formData = new FormData(form);
var json = formData.get('json'); var json = formData.get('json');
var path = formData.get('path'); var path = formData.get('path');
var token = formData.get('token');
// Validate JSON // Validate JSON
try { try {
var data = JSON.parse(json); var data = JSON.parse(json);
@ -60,7 +56,6 @@ form.addEventListener("submit", (ev) => {
body: json, body: json,
headers: { headers: {
'Content-Type': 'application/json', 'Content-Type': 'application/json',
'Authorization': `Bearer ${token}`
} }
}).then(r => r.json()).then(r => { }).then(r => r.json()).then(r => {
alert(JSON.stringify(r, null, 2)); alert(JSON.stringify(r, null, 2));