search

ponzu-cms / ponzu

Headless CMS with automatic JSON API. Featuring auto-HTTPS from Let's Encrypt, HTTP/2 Server Push, and flexible server framework written in Go.
https://docs.ponzu-cms.org
BSD 3-Clause "New" or "Revised" License
5.68k stars 387 forks source link

Example of how to Create, Update, and Delete? #281

Closed henrytso closed 5 years ago

henrytso commented 5 years ago

I saw the example Song.go files which implement api.Createable, api.Updateable, and api.Deleteable. However, it seems that the body of the Create method only checks whether the POST request is valid (has parameters: "title", "artist", "rating","opinion","spotify_url").

// Create implements api.Createable, and allows external POST requests from clients
// to add content as long as the request contains the json tag names of the Song
// struct fields, and is multipart encoded
func (s *Song) Create(res http.ResponseWriter, req *http.Request) error {
    // do form data validation for required fields
    required := []string{
        "title",
        "artist",
        "rating",
        "opinion",
        "spotify_url",
    }

    for _, r := range required {
        if req.PostFormValue(r) == "" {
            err := fmt.Errorf("request missing required field: %s", r)
            return err
        }
    }

    return nil
}

However, if there is no valid, it simply returns nil but does not seem to create a new Song. Is additional code editing required to create the instance? I made the following POST request (through Postman) and received a "200 OK" response status:

localhost:8080/api/content/create?type=Song&title=The Fish Go Blub&artist=Papa Fish&rating=8&opinion=Blub&spotify_url=https://open.spotify.com/track/2xYlyywNgefLCRDG8hlxZq

Similarly, I am unsure whether the Update and Delete methods make changes successfully, as they also return nil after validation.

I would greatly appreciate any tips and tricks for this issue of mine. Thanks in advance!

nilslice commented 5 years ago

Hi - have you implemented the other method (Approve and optionally AutoApprove) as well? By default, Ponzu will not accept outside data from requests and make it public through the content API. See the other methods at the bottom of the file here:

https://github.com/ponzu-cms/ponzu/blob/master/examples/createable/content/song.go

nilslice commented 5 years ago

Also, all create requests must be POST requests encoded as multipart/form-data, not URL parameters as it appears in your comment.

henrytso commented 5 years ago

Thank you for your response! I now sent the POST request as multipart/form-data (with Postman).

[Create] error calling BeforeCreate: Auth failed for request

I see that since BeforeAPICreate returns an error, the request is cancelled and the Create method is not reached. I believe Admin Users are identified by email and password. How can I send this POST request and have the server recognize that I am an admin user? Is there another form field I missed?

nilslice commented 5 years ago

@henrytso -

Since BeforeAPICreate calls auth.IsValid(req) in this example, seen here: https://github.com/ponzu-cms/ponzu/blob/master/examples/createable/content/song.go#L112-L115

auth.IsValid is implemented here: https://github.com/ponzu-cms/ponzu/blob/master/system/admin/user/auth.go#L64-L74

where it checks for a token in a cookie. You can authenticate similarly from Postman by adding the same cookie that your browser has stored for the Ponzu API domain. As this package is part of the admin package, it is specifically suited to check if requests are made by a CMS admin.

Let me know if this helps!

olliephillips commented 5 years ago

Closing this issue. It appears to be answered/resolved. Please reopen if not the case.