I am using flask-peewee to build a new project. Also I am using the REST interface that is included in flask peewee. I followed the example here http://flask-peewee.readthedocs.org/en/latest/getting-started.html#exposing-content-using-a-rest-api and http://flask-peewee.readthedocs.org/en/latest/rest-api.html#rest-api so I ws able to get my rest api up and running including adding the Auth to Rest.
However my problem is I am not able to secure the GET request. I have so far browsed through the source code for rest.py https://github.com/coleifer/flask-peewee/blob/master/flask_peewee/rest.py but not able to find where this is coming from though I did find a lot of good stuff I can use later.
It seems by default the REST API only secure the POST/PUT/DELETE but not GET.
I don't want to make a hack of using flask url secure, I was hoping the flask peewee has some inbuilt method for this. Or if this is a known limitation then what is a good way to handle this
any ideas?
Sorry you had trouble finding this information. You can specify a list of HTTP verbs to require authentication on when instantiating your auth class:
# when instantiating your authentication
api_auth = UserAuth(auth, protected_methods=['GET', 'POST', 'PUT', 'DELETE'])
read_only_auth = UserAuth(auth) # default protected methods are POST/PUT/DELETE
Here is a link to the docs:
http://flask-peewee.readthedocs.org/en/latest/api.html#authenticating-requests-to-the-api