LuchoTurtle
commented
1 year ago Just an update on this.
Since :authOptional has to be used (according to what is said in the issue), it's giving me lots of problems because of sessions (that don't exist when calling an API anonymously).
Making a simple POST request is yielding me the following error:
session not fetched, call fetch_session/2
This error occurs in auth_plug and I've located where. I'm just thinking of how I should change this code so it doesn't break the core functionality of the package and doesn't fetch_session two times needlessly. The error is in get_jwt, when calling get_session..
It's weird, this error shouldn't be happening according to the Conn.Plug's source code, since the :jwt atom is being passed.
This could easily be surpassed by. just creating the authOptional pipeline with a plug:fetch_session, like so:
pipeline :authOptional do
plug :fetch_session
plug(AuthPlugOptional)
endHowever, I feel like auth_plug should gracefully handle these scenarios. I won't create any PRs because it is out of the scope of this, but I created an issue for discussion -> https://github.com/dwyl/auth_plug/issues/97#issue-1529339416.
nelsonic
As discussed in: https://github.com/dwyl/app/issues/273 having a
RESTandWebSocketAPIis a Top Priority for us. π We want anyone to be able to securely query their data using theAPIand anAUTH_API_KEYorJWT; this is ourAPIRoadmap. For now we just need something super basic so that we can get moving on theFlutter MVP: https://github.com/dwyl/product-roadmap/issues/40Todo
We are breaking down this
EPICinto 3 stages, an attempt chunk the work so that we can ship each stage as fast as possible. We expect there to be 3 separate Pull Requests; one for each stage.Rather than extending the already very long
BUILDIT.mdfile, which is75 pagesat the latest viewing:We will instead:
newfile:API.mdin the root of the project where we write-up the details of the `APIStage 1: No Auth π
:authOptional] in theMVPApp that enables the basicCRUDoperations foritemsandtimers:POSTtocreateanitemanonymously,/api/items/newshould only accept thetextdata and return anitem.id, e.g:200 '{"id":42}'PATCHtoEdit/Updateanitem.text: `/api/items/:id/updateGETtoREADthe contents of theitem, e.g:/api/items/:idYou'll notice that we are not doing
tagsin the first stage; this is deliberate because there's quite a lot going on in thetagsand we want to get the first!importantThe purpose of this first stage is to ensure we have a good foundation for testing the
API. That means having automated:Stage 2:
Tagsπ·οΈCreating
tagsand associating them toitemsis a bit more involved because it can require multiple API requests if we follow traditionalRESTconventions. We should definitely do that for completeness. But for UX we should also allow people to create anitemand specify thetagsin a singleAPIrequest. π/api/tagsresource with:POSTfor/api/tags/newGETfor/api/tags/:idandPATCHfor/api/tags/:id/updateNext:
POST /api/items/newandPATCH /api/items/:id/updateendpoints to allow sending the tags onitemcreation and update. e.g:{"text": "my awesome update", "tags": "awesome, priority-1"}This will add some complexity so make sure you break it down into tiny + testable functions.GET /api/items/:idto return thetagswith theiteme.g:{"text": "Learn elixir", "tags": "learn"}This is definitely a denormalisation and potentially "frowned upon" by some
RESTpurists. But we don't care. We only care about UX. If the person using theAPIcan make fewer requests and get their data faster, we are happy. πStage 3: With Authentication! π
Once the Basic
REST APIis working [deployed!] we will allow people to view aJWTwithin theAppwhich they can use to make authenticatedAPIRequests. There are a few extra steps to enable this so as soon as the previous 2 stages are complete (PRs merged & deployed) we will re-visit and expand on this stage. π@LuchoTurtle please take a look at this and LMK if it's clear enough for you to start work on it today. π