From: Dr J. K. <jo...@ka...> - 2013-12-20 07:57:27
|
Hi Adam et al., I've implemented some sweet REST apis using RESTXQ; I really like it - nice clean APIs coupled with XFORMS for the user interface. But, the data isn't open to all, and some users need privileged access and others don't. So, I'm wondering what the best pattern to use is. Normally I would expect to use OAUTH or something to establish credentials with the REST side of things, but I've not found anything standard kicking around in the docs to serve a similar purpose. I would expect to be able to do something like this: declare %rest:GET("") %rest:path("/questiondb/login") %rest:form-param("user", "{$user}", "guest") %rest:form-param("password", "{$password}", "") %rest:produces("application/xml", "text/xml") function login:login($user as xs:string*, $password as xs:string*) { let $u1 := xmldb:get-current-user() let $l := xmldb:login("/", $user, $password) let $u2 := xmldb:get-current-user() return <login> <u1>{$u1}</u1> <l>{$l}</l> <u2>{$u2}</u2> </login> }; declare %rest:GET("") %rest:path("/questiondb/login/check") %rest:produces("application/xml", "text/xml") function login:check() { if (xmldb:is-authenticated()) then <yes/> else <no/> }; Under the standard exist code paths this would work: the 'xmldb:login' call would add a session cookie to the response and subsequence calls would automatically be authenticated. However that bridge into the RESTXQ request/response doesn't appear exist. Can you please recommend a light weight way for me to proceed? Many thanks, Joe |