just using python & gevent.server to server a simple login server(just check some data and do some db operation), would it be a problem when it’s under ddos attack?
would it be better if using apache/ngnix to server http request?
If you are using gevent.server to implement your own HTTP server, I advise against it, and you should use instead gevent.pywsgi, that provides a full-featured, stable and thoroughly tested HTTP server. It is not as fast as gevent.wsgi, which is backed by libevent-http, but has more features that you are likely to need, like HTTPS.
Gevent is much more likely to survive a DDOS attack than Apache, but nginx is as good as gevent on this regard, although I don’t see why using it if you can do just fine with your pure Python server. It would be the case of using nginx if you had multiple backends through the same server, like your auth server together with some static file serving (what could be done entirely by nginx) and possibly other subsystem, or other virtual hosts, that all could be served through a single nginx configuration.
In my opinion, you will never get the same level of security with a pure-Python server that you could have with majors web servers, as Apache and Nginx are.
These are well-tested before being released, so, by using a stable build and by configuring it properly, you will be close of the maximum of security possible.
Pure-python servers are very usefull during development, but I do not know any that can claim to compete with them for security testing / bug report / quick fix.
This is why it is generally advisable to put one of these servers in front before the server in pure python, using, for example, options like ProxyPass.