add the metadata ("meta") server in replacement of Redis (which is gone now)
use the native Uvicorn .env file loader
use Pydantic models to load json bodies for (most) requests, so that they are properly validated
update admin dashboard to allow for custom HTML page templates
Notes
.env works a bit differently
The Uvicorn loader only recognizes .env and not both .env and .env.default, so make sure all variables are in .env. This is why in make init it copies the .env.default file to .env
In addition to the ModelView, the project structure of admin now allows for custom HTML Jinja templates in the templates directory. See admin/app/views.py and admin/templates/ to see how to use them
Meta server
Stores global metadata for the entire service. Probably should be expanded in the future to allow for us to do things like configure what permissions users have based on what plan they have
AUTHORIZATION_SECRET - this is a component to the Authorization header to make write changes to the global metadata. The default is secret. The authorization header is constantly change for security. It's calculated like so:
now = datetime.now()
salt = hashlib.sha512(f'{now.year}{now.month}{now.day}{now.hour}{now.minute}'.encode('utf-8')).hexdigest()
authorization_header = f'{AUTHORIZATION_SECRET}{salt}'
This means that a malicious actor has up to 1 minute before the salt is changed automatically. This is critical because this server is what controls access to the entire API.
Summary of changes
Notes
.env works a bit differently
The Uvicorn loader only recognizes
.env
and not both.env
and.env.default
, so make sure all variables are in.env
. This is why inmake init
it copies the.env.default
file to.env
Creating users
Make sure the
Content-Type
isapplication/json
curl -XPOST -H "Content-type: application/json" -d '{"email":"email","password":"password"}' 'http://localhost:8000/items/create/user'
Admin pages
In addition to the
ModelView
, the project structure of admin now allows for custom HTML Jinja templates in thetemplates
directory. Seeadmin/app/views.py
andadmin/templates/
to see how to use themMeta server
Stores global metadata for the entire service. Probably should be expanded in the future to allow for us to do things like configure what permissions users have based on what plan they have
AUTHORIZATION_SECRET
- this is a component to theAuthorization
header to make write changes to the global metadata. The default issecret
. The authorization header is constantly change for security. It's calculated like so:This means that a malicious actor has up to 1 minute before the salt is changed automatically. This is critical because this server is what controls access to the entire API.