Book POST functionality

[bdr99]

This PR implements the functionality for POSTing new ebooks to the database.

To add books, send an HTTP POST request to /books/post/[secret]. The secret is read from a file called book-post-secret in the project root. The body of the POST request should be the YAML data for the book. If the book was successfully added to the database, the server will respond with a 200 status code.

To add books, send an HTTP POST request to /books/post/. The request should contain an HTTP header X-Gitenberg-Secret that contains the secret key. On the server side, this secret is read from an environment variable (GITENBERG_SECRET). The body of the POST request should be the YAML data for the book. If the book was successfully added to the database, the server will respond with a 200 status code.

[eshellman]

I recommend reading this: https://simpleisbetterthancomplex.com/tutorial/2016/10/31/how-to-handle-github-webhooks-using-django.html

No shame in copy and paste.

[eshellman]

One thing I wish I'd done more is check my code style against a linter, like pylint. Now that I run pylint regularly, I find that it catches many of my coding errors and bad habits (such as having way too much code in a module.)

[bdr99]

@eshellman Thanks for the link. We ended up using an approach similar to the one described on that page, in that the secret is passed through an HTTP header. I will edit the top comment to describe the new method.

[eshellman]

That should work

[bdr99]

OK, we have addressed the following:

• Travis test should not require secret
• use url tags
• combine migrations into one
• remove duplicated code in load_repos management command and db.py

[eshellman]

looks like tests fail because of travis not knowing the secret

[eshellman]

No, that's not it; a 405 means the server won't accept the POST. I bet it's related to the way you tried to do csrf_exempt; try wrapping the as_view method in urls.py

[bdr99]

I got the tests working. The problem was that when the test client sent the HTTP POST request, it was being redirected because of the security settings in settings.py. And HTTP POST requests are not preserved when following redirects, so it was being changed to a GET request, which caused the 405 failure (Method not Allowed). I changed the test to use a secure request and it works now.

[eshellman]

Deployed on production. Now add the secret into the environment and you're ready to start posting books.

[eshellman]

or maybe the load_repos command needs running. let me know.

[bdr99]

Yes, the load_repos command needs to be run so that the data can be loaded into the new schema.

Edit: It would be a good idea to merge https://github.com/gitenberg-dev/giten_site/pull/63 before doing this though, as we fixed a bug about loading the repo name.