rehacktive / caffeine Goto Github PK

Great project!

I plan to use this eventually, but if i'm going to design a service, I need both client and server. I'd rather not have to spec out both if possible.

It'd be cool if you could generate a swagger or protobuf definition from existing data and schema. I'm sure that's a lot of work but it'd be much more powerful to have strictly typed objects in the client.

You can reproduce it like this:

$ curl -v http://localhost:8000/ns/users/1
*   Trying ::1:8000...
* Connected to localhost (::1) port 8000 (#0)
> GET /ns/users/1 HTTP/1.1
> Host: localhost:8000
> User-Agent: curl/7.77.0
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 400 Bad Request
< Content-Type: application/json
< Vary: Origin
< Date: Thu, 18 Nov 2021 10:58:22 GMT
< Content-Length: 22
< 
* Connection #0 to host localhost left intact
{"error": "not found"}

Need to change status to 404.

Requests (GET, DELETE) for not existing namespaces return a 400 error: a 404 error would be expected.
Moreover, on deleting a not existing namespace two objets are returned: {"error": "not found"} and {}.

$ curl localhost:8000/ns
[]

GET

$ curl -v localhost:8000/ns/todos
*   Trying 127.0.0.1:8000...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 8000 (#0)
> GET /ns/todos HTTP/1.1
> Host: localhost:8000
> User-Agent: curl/7.68.0
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 400 Bad Request
< Content-Type: application/json
< Vary: Origin
< Date: Fri, 19 Nov 2021 14:27:00 GMT
< Content-Length: 22
< 
* Connection #0 to host localhost left intact
{"error": "not found"}

DELETE

$ curl -v -X DELETE localhost:8000/ns/todos
*   Trying 127.0.0.1:8000...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 8000 (#0)
> DELETE /ns/todos HTTP/1.1
> Host: localhost:8000
> User-Agent: curl/7.68.0
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 400 Bad Request
< Content-Type: application/json
< Vary: Origin
< Date: Fri, 19 Nov 2021 14:31:01 GMT
< Content-Length: 24
< 
* Connection #0 to host localhost left intact
{"error": "not found"}{}

We can add a circle ci or travis to this project. so that:

• verify that tests are passing
• measure test coverage
• publish binary releases
• publish to package managers (far future)

We can generate JWT secrets at startup and store them in our storage. JWT would be out of the box.

(I know storing secrets in storage is not recommended. but this program is not intended to be used in production environments.)

Now that we have JWT implemented here, I think we can add a few routes to achieve these:

• register new user (signup)
  • full name
  • username
  • password
• get a jwt with expire time
  • username
  • password
• refresh jwt
  • token (as header)

If you agreed, I would open a MR soon.

Please note that we need to sacrifice user model flexibility to implement a reliabe API. This flaw can be remedied in future MRs.

I want to develop a feature to use file system as data storage. It is similar to the mem implementation except that the data is persisted easily on disk. To be honest, I think pg is kinda overkill.

In terms of security (e.g. namespaces named like /test/../../../ssh.conf) we should prohibit names with slashes and dots. Although if caf is used inside a container (mounted directory) this problem won't be a valid concern anymore...