issue_comments

I did have a bit of trouble with this one-off plugin getting it to load in the correct order - since I need authentication to work if EITHER the one-off plugin spots a token or my datasette-auth-github plugin authenticates the user.

That's why I want authentication as a core Datasette concept - so plugins like these can easily play together in a predictable manner.

I implemented bearer tokens in a private project of mine as a one-off plugin. I'm going to extract that out into a installable plugin soon. For the moment, my plugins/token_auth.py file looks like this: ```python from datasette import hookimpl import secrets

class TokenAuth: def init( self, app, secret, auth, ): self.app = app self.secret = secret self.auth = auth

async def __call__(self, scope, receive, send):
    if scope.get("type") != "http":
        return await self.app(scope, receive, send)

    authorization = dict(scope.get("headers") or {}).get(b"authorization") or b""
    expected = "Bearer {}".format(self.secret).encode("utf8")

    if secrets.compare_digest(authorization, expected):
        scope = dict(scope, auth=self.auth)

    return await self.app(scope, receive, send)

@hookimpl(trylast=True) def asgi_wrapper(datasette): config = datasette.plugin_config("token-auth") or {} secret = config.get("secret") auth = config.get("auth")

def wrap_with_asgi_auth(app):
    return TokenAuth(app, secret=secret, auth=auth,)

return wrap_with_asgi_auth

Then I have the following in `metadata.json`:json { "plugins": { "token-auth": { "auth": { "name": "token-bot" }, "secret": { "$env": "TOKEN_SECRET" } } } } `` And aTOKEN_SECRET` environment variable.

I don't think this is a useful feature.

Trickiness here is what tag to use. Do we use the tag of the installed copy of Datasette that is running datasette publish? That would mean you don't get the latest features in your deployed release.

Could hit an API to figure out the most recent version? Bit odd.

Could we output the version of Datasette that was deployed and tell people they can run --latest to force the most recent release?

Made a TIL: https://github.com/simonw/til/blob/master/pypi/project-links.md

For Datasette I'll go with: * Documentation * Changelog * Live demo * Source code * Issues * CI

The keys here can be anything: https://packaging.python.org/guides/distributing-packages-using-setuptools/#project-urls

So where do the icons come from? Turns out the PyPI site has special case rules for the icons here: https://github.com/pypa/warehouse/blob/2f00f4a9f208546ff0ebb6a6e61439021ca60a43/warehouse/templates/packaging/detail.html#L16-L60

Released in 2.9 https://sqlite-utils.readthedocs.io/en/latest/changelog.html#v2-9

Released in 2.9 https://sqlite-utils.readthedocs.io/en/latest/changelog.html#v2-9

Docs: * https://sqlite-utils.readthedocs.io/en/latest/cli.html#dropping-tables * https://sqlite-utils.readthedocs.io/en/latest/cli.html#dropping-views