Wish list of LoopBack Next extensions

[raymondfeng]

A list of potential extensions for LoopBack Next.

Add a 👍 reaction to any of the comments below if you are interested in seeing these features / extensions

[ritch]

1. Actions for REST/HTTP req/res processing
   • CORS
   • Logging
   • Rate Limiting
   • Authorization
   • Express/KOA middleware

[ritch]

2. Transports/protocols
   • WebSocket
   • MQTT
   • gRPC (HTTP2 & ProtoBuffer3)

[ritch]

3. API styles
   • GraphQL
   • oData
   • JSON API http://jsonapi.org/
   • XML

[ritch]

4. Cloud native integration
   • Docker/compose/k8s/
   • Istio: Metrics/Distributed tracing
   • Bluemix/AWS/Azure

[ritch]

5. Built-in models
   • User/Team/Organization
   • Application
   • AccessToken

[ritch]

6. Mixins

[ritch]

7. Connectors

[ritch]

8. CLI commands

[ritch]

9. Caching

[ritch]

10. Boot
    • OpenAPI Specs
    • Controllers
    • Repositories/Services
    • Components
    • Model definitions
    • JSON schemas
    • OpenAPI specs
    • WSDL/XML Schema
    • GraphQL Schema
    • ...
    • Data sources
    • Connectors
    • gRPC service/message
    • ...

[proreact-mj]

A visual builder/app inspector to develop, modify and debug a Loopback4 app. ARC, but more functionality API Connect Developer Toolkit, but without the IBM account tie-in. Node-RED, but for Loopback :)

[VMois]

7. Connectors
   • Minio (https://github.com/minio/minio)

[jpventura]

A well defined connector fintech/payment interface whose services such as credit cards, Plaid, PayPal, Android Pay, Apple Pay could be reduced to.

[VinayaSathyanarayana]

CMS like Keystone.js

[kattsushi]

• Implementation for Angular Universal and SSR

[howientc]

Left and Inner Joins on queries. Perhaps just use GraphQL with something like Join Monster to generate smart SQL behind the scenes.

[bajtos]

Cross-posting from https://github.com/strongloop/loopback-next/issues/540 (cc @delebash)

Offline first synchronization

In loopback 3 you have offline sync abilities. I think being able to have two way sync from local to remote database is very important. At least for me :)

PouchDB is a good example of offline first synchronization

Another example not reliant on CouchDB is DexieJs seems like they have a nice synchronization component built in and are nearing version 2.0 release

[ovidius72]

A customizable control panel for administrators similar to strapi.io ? Could this be provided as an extension ?

[ElBiG12]

• Add a client SDK for VueJs.
• Internationalization

[ganeshkbhat]

Feature/External Component Support

Please remove whatever is implemented. I have not read 4.0 docs completely

• Current 3.0 like generators (Model, Relation, API, Swagger support, etc)
• Model property level ACL
• Multi-Tenant level support (add remove model properties for specific tenant, different ACLs for tenant) for models
• Flow Support (possible extended component for Workflow support component based on BPMN/CMMN)
• OAuth Server (Auth/Resource) / Login system External Component
• Comprehensive Storage External Component
• Comprehensive DB Support like 3.0 Single API Component
• Working Example or Implementation based Documentation (bettered). Currently new loopback users can find it blocking to implement some sections without working example

[Extarys]

• ArangoDB connector

[Extarys]

• RethinkDB connector

[Extarys]

To extend what @jpventura said about a payment interface. Could add Stripe.

[stablehacks]

FireStore connector

[sbacem]

Client SDK for Angular

[ernie58]

Soft Deletes

[rhysjtevans]

Multi-Tenant Model Generator

[isrmicha]

Integrating SDK for Angular 2+

[bajtos]

Crypto shredding

Quoting from the latest ThoughtWorks Technology Radar:

Maintaining proper control over sensitive data is difficult, especially when—for backup and recovery purposes—data is copied outside of a master system of record. Crypto shredding is the practice of rendering sensitive data unreadable by deliberately overwriting or deleting encryption keys used to secure that data. For example, an entire table of customer personal details could be encrypted using random keys for each record, with a different table storing the keys. If a customer exercised their "right to be forgotten," we can simply delete the appropriate key, effectively "shredding" the encrypted data. This technique can be useful where we're confident of maintaining appropriate control of a smaller set of encryption keys but less confident about control over a larger data set.

[bajtos]

A connector for CockroachDB.

Quoting from https://www.thoughtworks.com/radar/platforms/cockroachdb:

CockroachDB is an open source distributed database inspired by the white paper Spanner: Google's distributed database. In CockroachDB, data is automatically divided into ranges, usually 64MB, and distributed across nodes in the cluster. Each range has a consensus group and, because it uses the Raft consensus algorithm/, the data is always kept in sync. With its unique design, CockroachDB provides distributed transactions and geo-partitioning while still supporting SQL. Unlike Spannerr, which relies on TrueTime with atomic clock for linearizability, CockroachDB uses NTPl for clock synchronization and provides serializability as the default isolation level. If you're working with structured data that fits in a single node, then choose a traditional relational database. However, if your data needs to scale across nodes, be consistent and survive failures, then we recommend you take a closer look at CockroachDB.

[clayrisser]

Access control

[marioabc]

Access control Authorization

[clayrisser]

For those looking for loopback 4 access control, you can use a third party service to handle it. https://github.com/ory/keto

I've had great success with ORY Keto.

I made a typescript client for it if anyone is interested. https://github.com/codejamninja/ory-keto-client

Honestly, in a microservice environment, your services probably shouldn't be handling access control anyways.

[clayrisser]

I'm also delegating Authorization to another ORY 3rd party service called Hydra. https://github.com/ory/hydra

It's fully Oauth2 compliant, which is highly recommended for new services in a time where handling and securing user data is getting scrutinized under a microscope.

You can see my loopback integration code in the following repos . . . https://github.com/codejamninja/loopback4-hydra https://github.com/codejamninja/ory-stack https://github.com/codejamninja/login-ui

[clayrisser]

I'm kinda thinking if people choose to use third-party services for access control and authorization, it will free up the loopback team to focus on other important features third-party services can't solve, like better database support and more database relations.

[uribalb]

Mongodb transactions support

[dhmlau]

Merging #509 into this issue so that we have all extension wish list in one place

Cross posting https://github.com/strongloop/loopback-next/issues/509#issuecomment-322518526 from @kjdelisle.

8 👍 in the original post

---

RequestContext Extension

Purpose

Using the existing ParameterObject definitions, and your OpenAPI spec, make a new custom Sequence extension that automatically converts incoming requests into POTOs (Plain Old TypeScript Objects) that will simplify handling of incoming arguments and parameters.

Example:

const offsetSpec: ParameterObject = {
         name: 'offsetSpec',
         type: 'number',
         in: 'query',
};

const pageSizeSpec: ParameterObject = {
         name: 'pageSize',
         type: 'number',
         in: 'query',
};

const List: RequestObject = {
   parameters: [
     offsetSpec,
     pageSizeSpec,
   ]
};

class MyController {
  @operation('get', '/', {responses})
  @request(List)
  list(list: List) {
    // Auto-populate a List (RequestObject) instance based on provided values
  }
}

See https://github.com/strongloop/loopback-next/issues/476 for a complete proposal.

Why?

• Don't have to deal with parsing requests yourself; it gets turned into a request object for you!
• You can make those objects extensions of your models (ex. ListRequest extends List) to transform those objects into logical model instances for ease-of-use in your Repository implementation(s).

Estimated Development Time

Assuming no technical blockers, I'd roughly estimate this to take approx. two weeks for development and unit testing

Will You Build It?

I would be willing to build this myself, with some help of course. :)

[dhmlau]

Merging #509 into this issue so that we have all extension wish list in one place

Cross posting https://github.com/strongloop/loopback-next/issues/509#issuecomment-328367346 from @MartinCerny-awin .

20 👍 in the original post

---

Audit Log

Log changes performed on models. It would help to keep track of who used, created or changed an entity and the point in time this happened.

The same model that is being audited would be created with added properties mentioned in what should be stored section. This model will get updated when audit action happens.

When should audit happen (taken from #2872)

1. We give users the option which RESTfull endpoint (or which model) they want to have the audit middleware active for. Or introducing exceptions option which makes the middleware active for all endpoints except the ones mentioned in exceptions
2. We give them option which req.methods they want to have this middleware active for... I think it does not make sense to have this middleware active for req.method == 'GET' since this middleware would become a bottleneck of the application and you would not get that useful information either.

What should be stored

• Model properites
• Created timestamp
• Modified timestamp
• HTTP method
• Path
• User Id

[dhmlau]

Merging #509 into this issue so that we have all extension wish list in one place

Cross posting https://github.com/strongloop/loopback-next/issues/509#issuecomment-329100530 from @bajtos .

17 👍 in the original post

---

Cross-posting from #119

Real-Time features

I'm opening this thread to discuss and define a scope for real-time functionalities possibly provided by LB-Next.

Currently there are implemented functionalities like event streams, but honestly are not helpful at all when building real life applications, therefore I have built several real-time approaches on top of loopback, which I believe 2 were the most important.

1.- Implemented PubSub functionality. 2.- Implemented Firebase alike interface.

[dhmlau]

Merging #509 into this issue so that we have all extension wish list in one place

Cross posting https://github.com/strongloop/loopback-next/issues/509#issuecomment-340876230 from @jackrvaughan .

14 👍 in the original post

---

ACL Restrictions on Model Properties

Restrict certain model properties to different user types. For example, a user model could have an account-type property that could only be changed by an admin and not by the owner (but the rest of the model could be changed by the owner).

Will You Build It?

I don't think I'd know where/how to start - but I could definitely try with some guidance.

[dhmlau]

Merging #509 into this issue so that we have all extension wish list in one place

Cross posting https://github.com/strongloop/loopback-next/issues/509#issuecomment-342788573 from @akashjarad.

9 👍 in the original post

---

Loopback mqtt/amqp support. make an extension for MQTT protocol. Will You Build It? i am willing to contribute , and need guidance .

[dhmlau]

Merging #509 into this issue so that we have all extension wish list in one place

Cross posting https://github.com/strongloop/loopback-next/issues/509#issuecomment-348083203 from @rpinaa .

5 👍 in the original post

---

Features!

• Define validating data inside @property annotation like Java Bean Validation (https://docs.oracle.com/javaee/6/tutorial/doc/gircz.html). Making this approach we can delegate the business constraints to domain-model layer.
• Standardize the environment profiles, local (default), development, staging and production; perhaps using the loopback 3.x.x functionality or making it better.
• Improve the transactional support for relational data bases, helping it with an annotation @transactional and define isolation levels like loopback 3.x.x approach.

[dhmlau]

Merging #509 into this issue so that we have all extension wish list in one place

Cross posting https://github.com/strongloop/loopback-next/issues/509#issuecomment-358761993 from @monster910 .

---

API Tool Improvements

1. Make a custom API and expose it to explorer https://groups.google.com/forum/#!searchin/loopbackjs/swagger%7Csort:date/loopbackjs/l6FQGCjNpEY/rrTqHFbZAQAJ

2. Make a custom API and generate swagger def from it. Same as #1 above except make sure the export to swagger works

3. Improved error handing for APIs using 400 and 500 HTML status codes and allow the explorer to test those cases

4. Generate swagger properly from #3 above

5. Ability to defined a API that is NOT attached to a model

Will You Build It?

Perhaps

[dhmlau]

Merging #509 into this issue so that we have all extension wish list in one place

Cross posting https://github.com/strongloop/loopback-next/issues/509#issuecomment-374447040 from @ganeshkbhat .

2 👍 in the original post

---

Feature/External Component Support

Please remove whatever is implemented. I have not read 4.0 docs completely

• Current 3.0 like generators (Model, Relation, API, Swagger support, etc)
• Model property level ACL
• Multi-Tenant level support (add remove model properties for specific tenant, different ACLs for tenant) for models
• Flow Support (possible extended component for Workflow support component based on BPMN/CMMN)
• OAuth Server (Auth/Resource) / Login system External Component
• Comprehensive Storage External Component
• Comprehensive DB Support like 3.0 Single API - Multiple DB Adaptor Component
• Working Example or Implementation based Documentation (bettered). Currently new loopback users like me can find it blocking to implement some sections without working example

Will you build it?

I would definitely like to contribute if I have guidance

[Royedc4]

• Discovering models from a database (as done in loopback 2 with slc arc)

[clayrisser]

Metrics

[mdbetancourt]

firestore connector

[JoergFechner]

Open the where-filter, to get something like this

labels @> ARRAY['pommes','ketchup']::varchar[]

to work.

[jheysen]

Is there any plan to add support for Compression Middleware? Also, it would be nice to have some form of logging out of the box, maybe with morgan

[bajtos]

Is there any plan to add support for Compression Middleware? Also, it would be nice to have some form of logging out of the box, maybe with morgan

Eventually, we would like to allow LB4 applications to mount any Express middleware for request pre-processing, but we are not there yet. See https://github.com/strongloop/loopback-next/issues/1293.

For now, you can mount LB4 application on a top-level Express application and configure middleware like compression and morgan on that Express application. See https://loopback.io/doc/en/lb4/express-with-lb4-rest-tutorial.html

Personally, I'd prefer to use 🌲pino🌲 as the default logger, because of its performance.