Looks promising.

Hello,

I believe the configuration.php file contains a misleading comment regarding whether or not the 'index.php/' value needs to be set in psx_dispatch key.

It says:

// The input path 'index.php/' or '' if you use mod_rewrite

I have mod_rewrite enabled and the Virtual Hosts configuration file properly configured (AllowOverride All) for the .htaccess file to apply rules so I found myself assuming this key needed to be set as '' .

This however causes an authentication error when I try to login to the backend.htm. I turned on debug for the psx_debug setting and the the following error is sent back on the response:

PSX\Framework\Loader\InvalidPathException

After trying to figure out many things I reverted the psx_dispatch setting to have the 'index.php/' value set and I could finally login properly.

I don't know enough about the PSX Framework to know if this is the expected behavior or when should the value of psx_dispatch be set to '', but if someone reads the comment it might lead them to unnecessarily setting '' to the psx_dispatch key and locking themselves out unable to use the software without understanding why it could be misconfigured.

Disable edit/delete button of scope backend, consumer and authorization since a user would remove all assigned routes on save and a system cant work without theses scopes.

In my case is fusio failed to send registration email which has token for activation user, so how to resend this email, or use User Service from Fusio/Impl?

We should add an tab to browse the existing data of a table

If a schema name changes or it gets deleted we have maybe the case that other schemas still reference to the changed schema. This does not break the application since the complete schema is in the cache but then it is no longer possible to save the schema. So we should forbid renaming/deleting a schema if it is referenced by another schema.

At the moment we can add rate limits through the condition action. Those actions are only applied for specific routes. We should provide a way to setup global rate limitation rules.

Using SQLFetchAll to access a database that has columns with headers that contain "_" (underscores) creates nested statements when not needed.

PSX\Util\CurveArray; - uses "underscore" as a sperator,

Changing

return $this->response->build(200, [], [
$key => CurveArray::nest($result),

To

return $this->response->build(200, [], [
$key => $result,

Fixes the problem.

At the moment we can import swagger and raml documents through the backend interface. This creates automatically the routes and actions extracted from the swagger specification. It would be great if we had also a command to automatically generate a .fusio.yml deploy file based on a swagger file. Beside the fitting routes we would also automatically create the backend files etc. in the src/ folder. This could help to speed up the process if a user needs to develop an API based on a OAI specification. We should start with the OAI spec but in the end we should support all major formats: Swagger 2.0, Raml 1.0, OAI

Hello,

Finished running Fusio successfully. But I can't use the username and password created and generated using the php bin/fusio adduser command, http://localhost/fusio/public/backend.htm replies with Authentication failed
I tried to inspect the page. An error occurred:
POST http://localhost/index.php/backend/token 404 (Not Found)(anonymous function) @ fusio.min.js:125m @ fusio.min.js:121f @ fusio.min.js:118(anonymous function) @ fusio.min.js:150m.$eval @ fusio.min.js:164m.$digest @ fusio.min.js:161m.$apply @ fusio.min.js:165(anonymous function) @ fusio.min.js:255c @ fusio.min.js:70

Please Help
Thanks in advance

The pagination on the log panel does not work properly.

At the moment the API documentation viewer is a simple jQuery app which requests all API informations from the /doc endpoint. The routing is not optimal and it is also not highly responsive. We should update the viewer using Angular with the Material theme. It should still be easy possible to extend the documentation with custom pages and to set a custom brand/design.

Hi,

When trying to install (php bin/fusio install), I get the following error:
"You need to set up the project dependencies through composer"

My environment:

• Debian 8
• Lamp stack (PHP 7)

Support is appreciated.

Add an console panel where it is possible to make requests to the API endpoints. There should be an selectbox where a user can choose a route, request method and an input field for the request body. Probably we should simplify making requests against protected endpoints since we are already authenticated.

Add a connection to send Android push notification. See:
https://gist.github.com/prime31/5675017

Take maybe also a look at ios push notifications:
http://codular.com/sending-ios-push-notifications-with-php

Some users of Fusio want to setup an API plan per app: That means that an user/app must be limited to a specific amount of requests per interval (day/month). In the end of the interval the payment system needs to know how many requests were made in the period to charge the user accordingly.

It is possible to implement this through rate handling and looking at the log table (where every request for an app is logged). But we could probably simplify this process by providing i.e. an API which returns the usage stats for an specific app. So we only simplify the lookup of the needed data the actual payment must be done by the payment system. Also It should be possible to assign an app to a specific plan (this could be done through parameters). The plan contains the information how many requests are allowed in a specific interval.

For the apps that come as part of the Fusio installation there should be a way for them to detect their proper base element eg. <base href="/projects/fusio/public/developer/"> so that upon installation they're not broken out of the box if the Fusio installation does not follow the expected hard coded paths in the environment it was just installed.

Link to the groups discussion for more detail: https://groups.google.com/forum/#!topic/fusio/1B5Fv8ZeKu0

Description

When deleting a user through the portal, the UI (admin portal) responds that the request was successful. This can be verified by typing php bin/fusio user:list in the server and checking that the user was indeed deleted. When trying to re-add the user using the same name, the UI (admin portal) displays the following error:

The server encountered an internal error and was unable to complete your request.

When I tried adding the user via command line (php bin/fusio user:add), the following error is displayed:

[Doctrine\DBAL\Exception\UniqueConstraintViolationException]
  An exception occurred while executing 'INSERT INTO fusio_user (provider, status, name, email, password, date) VALUES (?, ?, ?, ?, ?, ?)' with params [1, 1, "ruth", "[email protected]", "$2y$10$HrDho8u
  D\/a2wCb4g9GoUtuiFb\/iug1Mc.YvX9w64Wjvx1Vvt4ShYW", "2017-08-11 01:38:56"]:
  SQLSTATE[23000]: Integrity constraint violation: 1062 Duplicate entry 'foo' for key 'UNIQ_5680E95E5E237E06'


  [Doctrine\DBAL\Driver\PDOException]
  SQLSTATE[23000]: Integrity constraint violation: 1062 Duplicate entry 'foo' for key 'UNIQ_5680E95E5E237E06'


  [PDOException]
  SQLSTATE[23000]: Integrity constraint violation: 1062 Duplicate entry 'foo' for key 'UNIQ_5680E95E5E237E06'

Steps to reproduce

1. Access http://localhost:1234/fusio with the default user
2. Create user foo with type Administrator
3. Delete user foo
4. Add user foo again

Expected resut

User is re-added with no problem

Observed behavior

Fusio server throws exceptions UniqueConstraintViolationException and PDOException

Additional information

1. System installed using fusio-docker version v0.9.1
2. Running under an Ubuntu virtual machine 16.04
3. Docker version is Docker version 17.06.0-ce, build 02c1d87
4. Chrome version is 60.0.3112.90 (Official Build) (64-bit)

The default output is xml, I know you can change the output by using "?format=json" in the url. But is it possible to set the default output anywhere? Say in the config file?

Thanks

In case we deploy a route config to production we store the config PHP serialized in the database so that it is not possible to change any production route. We should change the PHP serialization to a normal json encode. Through this it would be possible to read the database values from another language and build a service in a different language i.e. java or go. Basically this would enable us to support any programming language for API endpoint development.

If a user is authenticated the token expires after a specific amount of time (regardless of the actions of the user). Normally the user is redirected to the login mask but if a modal dialog is open this could cause weird behaviours. We should either automatically extend the token (which requires #16) or provide a better relogin experience.

We could add a transform action which transforms data into another structure. The format change could be defined in the jsonpatch (https://tools.ietf.org/html/rfc6902) format inside the action. This can be useful in several cases where we want to change the incoming or outgoing data structure.

If a new connection is added we should verify that the provided data works. This gives users also a direct feedback whether the credentials are correct.

Currently it's not possible to set a password for the Acme-Mysql connection in .fusio.yml.
The password is set to "" during deploy/import in SystemAbstract.php

Steps to reproduce:

1. Create a MySQL database for the news example (password required)
2. Set the database credentials in .fusio.yml
3. Execute php bin/fusio deploy
4. Deployment fails because the password is set to "" and the connection to Acme-Mysql fails

Output of php bin/fusio deploy

Deploy successful!
The following actions were done:

• [ERROR] connection Acme-Mysql: An exception occured in driver: SQLSTATE[HY000] [1045] >Access denied for user 'news_test'@'localhost' (using password: NO) in ***/fusio/impl/src/Service/Connection.php on line 131
• [UPDATED] schema News-Collection
• [UPDATED] schema News-Entity
• [UPDATED] action News-Collection
• [UPDATED] action News-Insert
• [UPDATED] routes /news
• [ERROR] Acme-Mysql resources/sql/v1_schema.sql: Could not found connection Acme-Mysql

Is this wanted behavour? How should I set the password for Acme-Mysql (Maybe add a hint to http://fusio-project.org/bootstrap)?

Basically we have already the information of the request/response format of each API endpoint. We could go a step further and add a "forms" endpoint where a user can provide a JSON format which describes how the form (to create a specific POST request) looks. So in the backend the user can select a route, request method and an input field which contains the specific JSON format. There are already some JSON formats which describe a form based on a json schema:

• https://github.com/joshfire/jsonform
• http://angular-formly.com/#/
• https://github.com/mozilla-services/react-jsonschema-form

There is also http://jasonette.com/ which basically builds a complete app based on a specific json format. Disadvantage is here that the form is not based on a json schema.

The basic question is: Is this something Fusio should solve or is this out of band since form handling is only a concern for users where a human consumes the API.

We need an option to issue and use a refresh token to extend the lifetime of an access token

Hello,

I changed the parameters in configuration.php. but when i try to install using, php bin/fusio install. 3 errors occurs:

[Doctrine\DBAL\Exception\ConnectionException]
An exception occured in driver: SQLSTATE[HY000] [2002] No such file or dire
ctory

[Doctrine\DBAL\Driver\PDOException]
SQLSTATE[HY000] [2002] No such file or directory

[PDOException]
SQLSTATE[HY000] [2002] No such file or directory

Please Help
Thanks in advance

Currently we have connections to different services i.e.: mysql, rabbitmq, mongodb, http. We could also add a connection for specific API providers i.e. Google. Inside Fusio this connection could be used to easily make calls to the Google API. The connection needs somehow an OAuth2 access token to make an API call. The easiest solution would be to provide a conf field access token where the user needs to enter one. But it would be probably better to have a Authorize button which starts the OAuth2 Authorization Code flow. The connection should also extend the token automatically if it is expired. We could use the SDKs which are provided by the API provider. Maybe it would be also possible to develop a generic OAuth2 connection.

At the moment we have only one admin role. The admin can configure the complete system and has access to every aspect of the system. We should add also a developer role. An admin could assign specific routes to a developer and the developer is responsible to implement those routes. We could also create a different UI for developers which is especially designed for developing/debugging/testing a specific route.

Through the adapter system is currently already possible that a developer can build API endpoints without touching the production system. The developer must create an composer fusio-adapter package (on an private or public packagist). The admin then only needs to register this adapter and assign the developed actions to a specific route.

For this change we would need some sort of a right system which is a big feature. So the question is: Is this something Fusio needs or it is probably better to solve this on another level like described above or through other solutions i.e. creating multiple instances of Fusio.

Hi,

When trying to add an adapter on Fusio 0.5.0, specifically the fusio/adapter-http the following message is thrown when executing the command php bin/fusio system:register Fusio\Adapter\Http\Adapter:

Provided adapter class does not exist

I successfully ran the required composer command composer require fusio/adapter-http before this.

Where can I start looking in to, so I can overcome this issue?

At the moment it is not possible that an user can change the assigned password. We should provide a basic dialog where a user can enter the old and new password

This can be a simple json object with key value pairs which can be accessed in every action. This might be helpful to store data about the consumer app i.e. the subscription level of the consumer. This information can then be used in an action to trigger specific responses

I am trying to install the SOAP and HTTP adapters. But it try to run;

php bin/fusio system:register Fusio\Adapter\Soap\Adapter
php bin/fusio system:register Fusio\Adapter\Http\Adapter

I get the errors;
Provided adapter class does not exist

The composer installation went fine but still.. :( . I am running

Server : nginx/1.4.6 
PHP : php5-fpm 5.6.23

At the moment the Oauth endpoint supports only the "Resource Owner Password Credentials" authorization grant. We need also support for "Authorization Code" so that the API can be easily used by web apps. Therefor we must provide a way for an consumer to login and grant an app authorization / manage authorized apps/scopes etc. This should be probably a login seperated from the backend. Also it must be easy to customize the design of the "consumer" backend and to connect the login to a 3rd party system because in most cases the user uses credentials from another system.

Hello,

I receive error message Could not resolve action App-HelloWorld-Action-Collection at vendor/fusio/impl/src/Service/System/SystemAbstract.php(110): Fusio\Impl\Service\System\SystemAbstract->transformRoutes(Object(stdClass))

I've setting configuration with engine to PHPClass, and set .fusio.yml.

For some setups it is maybe not desirable to have the option to change the database. For such case we should add a config option which can disable the database api.

At the moment we log every request and response. We should also add a system log which tracks every change on the system and shows the user/app which has executed the change.

Hi, can u explain how to get configuration form DB fusio and configuration.php from Action?

apache:

RewriteEngine On
RewriteBase /

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule (.*) /index.php/$1 [L]

RewriteCond %{HTTP:Authorization} ^(.)
RewriteRule . - [e=HTTP_AUTHORIZATION:%1]

nginx ？？？？

I dont know what wrong with this configuration. Previous version of fusio 0.8 was working, but after update getting error.

.fusio.yml configuration

routes: "/akun": version: 1 methods: GET: public: true response: Akun-Collection action: App\Akun\Action\Collection

Message: Could not resolve action App-Akun-Action-Collection
Trace: #0 /var/www/fusio.apotek.com/vendor/fusio/impl/src/Service/System/SystemAbstract.php(

#1 /var/www/fusio.apotek.com/vendor/fusio/impl/src/Service/System/Import.php(129): Fusio\Impl\Service\System\SystemAbstract->transform('routes', Object(stdClass))
#2 /var/www/fusio.apotek.com/vendor/fusio/impl/src/Service/System/Import.php(88): Fusio\Impl\Service\System\Import->importRoutes(Object(stdClass))
#3 /var/www/fusio.apotek.com/vendor/fusio/impl/src/Service/System/Deploy.php(99): Fusio\Impl\Service\System\Import->import(Object(stdClass))
#4 /var/www/fusio.apotek.com/vendor/fusio/impl/src/Console/System/DeployCommand.php(106): Fusio\Impl\Service\System\Deploy->deploy(Array, '/var/www/fusio....')
#5 /var/www/fusio.apotek.com/vendor/symfony/console/Command/Command.php(264): Fusio\Impl\Console\System\DeployCommand->execute(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#6 /var/www/fusio.apotek.com/vendor/symfony/console/Application.php(869): Symfony\Component\Console\Command\Command->run(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#7 /var/www/fusio.apotek.com/vendor/symfony/console/Application.php(223): Symfony\Component\Console\Application->doRunCommand(Object(Fusio\Impl\Console\System\DeployCommand), Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#8 /var/www/fusio.apotek.com/vendor/symfony/console/Application.php(130): Symfony\Component\Console\Application->doRun(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#9 /var/www/fusio.apotek.com/bin/fusio(47): Symfony\Component\Console\Application->run()
#10 {main}`

We could add a mail connection which connects to a SMTP server and provides a simple method to send a mail. The signature could be i.e.: send($to, $subject, $message). This does not handle HTML mails but it is a start. Maybe we could choose from different providers i.e. Native, Gmail, etc.

At the moment we have only the developer app where consumers of the API can register and manage their app keys/secrets. This app is designed as a developer portal. For SPAs we only need the login/register and app management part. We should build an app which handles only this and which can be easily integrated into any SPA.

Hi,

When trying to run the deploy command (php bin/fusio deploy), I get the following error:

• [ERROR] connection Default-Connection: An exception occured in driver: could not find driver
• [UPDATED] schema Todo
• [UPDATED] schema Todo-Collection
• [UPDATED] schema Todo-Message
• [UPDATED] action TodoRow
• [UPDATED] action TodoDelete
• [UPDATED] action TodoCollection
• [UPDATED] action TodoInsert
• [UPDATED] routes /todo/:todo_id
• [UPDATED] routes /todo
• [ERROR] Default-Connection resources/sql/v1_schema.sql: Could not found connection Default-Connection

I have fusio 0.4.0 installed.

Support would be appreciated.

We should add another panel "Token" to the backend which lists all access token which where issued by the system. This should be a read only view with a simple list and detail view. Through this system admins could better monitor how many tokens are issued and detect malicious apps.

For some records it would be great to have the option to execute bulk operations i.e.:

• Assign/Remove scopes from multiple apps
• Remove all tokens from multiple apps
• Assign/Remove scopes from multiple users

Hi!
When I change psx_dispatch to '' (to use mod_rewrite) ,work good with routes. this issues is backend.htm still use index.php\backend instead of backend.
Some details:
Response:

{
    "success": false,
    "title": "Internal Server Error",
    "message": "Unknown location"
}

Response Headers:

HTTP/1.1 404 Not Found
Date: Mon, 19 Sep 2016 19:07:55 GMT
Server: Apache
Vary: Accept,User-Agent
x-powered-by: psx
Connection: keep-alive, Keep-Alive
Content-Length: 97
Keep-Alive: timeout=5, max=100
Content-Type: application/json

Request-Headers:

POST /index.php/backend/token HTTP/1.1
Host: fusio
Connection: keep-alive
Content-Length: 29
Pragma: no-cache
Cache-Control: no-cache
Accept: application/json, text/plain, */*
Origin: http://fusio/
authorization: Basic XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX==
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36
Content-Type: application/json;charset=UTF-8
Referer: http://fusio/backend.htm
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.8

Request URL:http://127.0.0.1/fusio/public/index.php/consumer/login

Request Method:POST
Status Code:404 Not Found
Remote Address:127.0.0.1:80
Referrer Policy:no-referrer-when-downgrade

In the future we may want to add a webhook system where a user can configure webhooks for specific events of the system i.e.: a route was deployed or app was registered. This could help users to add functionalities to Fusio which are not supported by default. I.e. someone could create a webhook which sends an SMS to a specific person if a new app was registered. This is not possible by the Fusio system but could be implemented through webhooks.

We should add a statistic panel with more detailed informations about the incoming requests, most used routes, apps, etc. Similar to the dashboard but with the possibility to select a time frame.

We need a button in the backend to regenerate the key and secret of an app. This should show a warning that every connected app will not longer work after this operation since the credentials change.