ember-nexus / api Goto Github PK

Reducing the number of layers inside the current production image is crucial.

Different options should be implemented:

• Revoke all tokens.
• Revoke all tokens of a specific user or group.
• Revoke all tokens created before/after a specific date.
• Revoke all tokens with no expire date.
• Revoke all tokens with an expire date.

Revoking tokens must include:

• Marking the token as revoked.
  • Todo: How? Setting token.isRevoked to true? Or token.status to revoked?
    • State ACTIVE: Token works normally.
    • State REVOKED: Token is manually deactivated but not deleted.
    • State EXPIRED: Currently unused state for tokens which are expired.
• Revoked tokens must be removed from Redis.

Feature tests:

• Iterate over all options.
  • Check that existing tokens work.
  • Check that those tokens can be revoked.
  • Check that revoked tokens no longer work.

Example generation:

• One case should be automatically generated.

Documentation:

• Command should be documented.

Related work:

• When tokens are initially put into Redis, their lifetime should be limited to min( (now + 30min) , tokenValidUntilTimestamp ).

Endpoint which returns all parents of a specific data element (node). Behaviour for relations currently undefined, will likely return 404.

{}

Open tasks:

• Compare Dockerfile of latest PHP alpine CLI with ./docker/Dockerfile on intermediate build php_embed.
• If there are updates:
  • Update local Dockerfile.
  • Add changelog entry.
  • Release new patch or minor release, depending on PHP version upgrade.

Open tasks:

• Compare Dockerfile of latest PHP alpine CLI with ./docker/Dockerfile on intermediate build php_embed.
• If there are updates:
  • Update local Dockerfile.
  • Add changelog entry.
  • Release new patch or minor release, depending on PHP version upgrade.

Creates a new node/relationship to a parent node with the uuid from the url.

Todos:

• Optimize search queries for performance while still keeping security in mind.
  Likely involves serializing groups and users with search access into the Elastic Search documents, which will need to be kept in sync.
  • Normalize groups and users.
  • Always check for access while executing search queries.
  • Synchronize changed access to other Elastic Search documents automatically. Likely via RabbitMQ Queue?

• Orphaned children should be automatically reconnected with the deleted element's parents.
• Other relations, e.g. HAS_READ_ACCESS, should not be automatically reconnected, as this could lead to edge cases. This point might be revisited in the future.

• Implement endpoint.
• Add feature tests.
• Document feature.

Open tasks:

• Compare Dockerfile of latest PHP alpine CLI with ./docker/Dockerfile on intermediate build php_embed.
• If there are updates:
  • Update local Dockerfile.
  • Add changelog entry.
  • Release new patch or minor release, depending on PHP version upgrade.

Todos:

• Command for listing backups.
• Command for creating backups.
• Command for loading backups.
• Command for purging the existing databases.
• Add API version to backup, so that incompatibility to future versions can be handled gracefully.
• Add backup explorer tool?

Open tasks:

• Compare Dockerfile of latest PHP alpine CLI with ./docker/Dockerfile on intermediate build php_embed.
• If there are updates:
  • Update local Dockerfile.
  • Add changelog entry.
  • Release new patch or minor release, depending on PHP version upgrade.

Todos:

• Building Docker images automatically on release.
• Publishing Docker images automatically to Docker Hub on release.

This endpoint might not be implemented, as it does not offer anyadditional benefit than calling DELETE /<uuid> directly.

Endpoint which returns all children of a data element (node). Behaviour for relations is currently undefined, will likely return 404.

{}

Todos:

• Rework existing env variables.
• Use Dockerfile env variables as much as possible.
• Create new env variables for currently hardcoded elements like the Neo4j, MongoDB and Elastic Search auth values.

Open tasks:

• Compare Dockerfile of latest PHP alpine CLI with ./docker/Dockerfile on intermediate build php_embed.
• If there are updates:
  • Update local Dockerfile.
  • Add changelog entry.
  • Release new patch or minor release, depending on PHP version upgrade.

• Implement endpoint.
• Add feature tests.
• Document feature.

Should GET /token return all tokens as a paginated response, or just the currently used token? If the later, under which endpoint should the other feature be available?

• Implement endpoint.
• Add feature tests.
• Document feature.

Endpoint which returns a specific data element (node or relation). Requires that the user has READ-access to the ressource.

{}

:/

When the user tries to create an element with a user specified UUID, which already exists in the database, then the request must fail.

However this failing requests returns metadata in the form of "there exists another element with the same UUID, even if I have no access to it".

This shouldn't be a problem when completely random UUIDs are used, however if the user uses incrementing UUIDs - which in itself is a bad design choice - then meta data leaks might happen.

The question now is, if there is a better alternative.

Version 0.2.0 of Ember Nexus API should include the support of files, tus.io as well as WebDAV.

When token data elements are returned, they should never contain their hash (internal use only) and plain text tokens (only manually added in the reference dataset to enhance user onboarding).

• Add feature test to automatically detect if problematic fields are returned.
• Disable fields from output in controller.
• Check if other data types / fields should be included too.
  • Should this be user configurable? Part of a future schema process?

Endpoint which returns all elements related to a data element (node). Behaviour undefined for relations, will likely return 404.

{}

Open tasks:

• Compare Dockerfile of latest Nginx Unit with
  ./docker/Dockerfile on intermediate build nginx_unit_builder.
• If there are updates:
  • Update local Dockerfile.
  • Add changelog entry.
  • Release new patch release.

RabbitMQ can be likely replaced by Redis Queue or Redis Streams.
Removing RabbitMQ would simplify the application stack and allow faster RISC V adoption.

Open tasks:

• Compare Dockerfile of latest PHP alpine CLI with ./docker/Dockerfile on intermediate build php_embed.
• If there are updates:
  • Update local Dockerfile.
  • Add changelog entry.
  • Release new patch or minor release, depending on PHP version upgrade.

Open tasks:

• Check if Dockerfile compiles with the newest Alpine version.
• If there are updates:
  • Update local Dockerfile.
  • Add changelog entry.
  • Release new patch release.

Todos:

• Add API request and response examples.
• Add automated (?) API documentation, e.g. with Swagger?

Open tasks:

• Compare Dockerfile of latest Nginx Unit with ./docker/Dockerfile on intermediate build nginx_unit_builder.
• If there are updates:
  • Update local Dockerfile.
  • Add changelog entry.
  • Release new patch release.

• composer test:unit
• composer test:mutant
• composer test:leak
• composer cs:list
• composer psalm
• composer phpstan
• composer yml:lint
• composer markdown:lint
• Upstream update checker for Alpine Linux
• composer outdated
• composer test:feature
  • with different Neo4j versions etc.
  • export final database backup?
• when docker image is built, add it to the release

Open tasks:

• Compare Dockerfile of latest Nginx Unit with ./docker/Dockerfile on intermediate build nginx_unit_builder.
• If there are updates:
  • Update local Dockerfile.
  • Add changelog entry.
  • Release new patch release.

Check if currently static HTTP options should be dynamic.

Endpoint which returns all elements directly owned by the user or the groups the user is connected to.

{}

Open tasks:

• Compare Dockerfile of latest Nginx Unit with ./docker/Dockerfile on intermediate build nginx_unit_builder.
• If there are updates:
  • Update local Dockerfile.
  • Add changelog entry.
  • Release new patch release.