The added /api/v0/query/ endpoint accepts arbitrary read-only SQL queries, executes them, and returns the result in CSV format.
This flexibility allows for future frontend development to proceed with no backend changes needed, and the expressiveness of SQL allows for a number of optimizations that weren't possible before.
As the game data is public already, there is no concern about SQL injection. For future content dev, the HTTP basic auth ensures that there is either no access (unauthorized) or full access (content dev).
I chose to use the GET method for this as QUERY is still nonstandard and not well supported by either the firefox devtools or the angular proxy.
The added /api/v0/query/ endpoint accepts arbitrary read-only SQL queries, executes them, and returns the result in CSV format.
This flexibility allows for future frontend development to proceed with no backend changes needed, and the expressiveness of SQL allows for a number of optimizations that weren't possible before.
As the game data is public already, there is no concern about SQL injection. For future content dev, the HTTP basic auth ensures that there is either no access (unauthorized) or full access (content dev).
I chose to use the GET method for this as QUERY is still nonstandard and not well supported by either the firefox devtools or the angular proxy.