Implement a Frontend environment for Administrators and Content Creators/Consumers to easily use, manage and monitor this application through simple and secure flows. Angular or React or Thymeleaf can be used. An admin should be able to manage any kind of resources and monitor the usage of the application (eg net/disk io, memory/cpu usage, disk allocation). A creator should be able to create update and delete resources. A consumer should have access to the published content and be able to effectively use it (eg see a video with chunked transfer encoding support).

Notes: This is a generic story(epic) and should be broken to smaller tasks

Purpose

In order to acquire acceptance-integration tests a Behaviour-driven development tool could be used. The support of multitenancy could complicate development and the use of feature testing could help on keeping features clean.

Tools

Cucumber could be used as it integrates well with Spring and could help translate requirements to Gherkin-language tests.

Resources

https://cucumber.io
https://cucumber.io/docs/cucumber/state/

If this is desirable I could work on that and submit a Pull Request.

We need to implement a new API call, in order for old revisions to delete the physical asset on the disk to save some space.

The CMS by default never deletes any physical asset on the disk. But this can lead to situations where the disk is full and there is no really a need to keep all these files for old revisions.

It would by nice to be able to mark old revisions as "archived" and having the physical asset on the disk truly deleted. We will keep all the revision history, but not the physical asset on the disk.

Fix this vulnerability issue with version upgrade or move to the proposed artifact.

CVE-2019-10172
high severity
Vulnerable versions: <= 1.9.13

Patched version: No fix
A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar to CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes.

Note: this artifact has been moved
com.fasterxml.jackson.core » jackson-databind

Support user authentication, registration and role management.

• A user should be able to register to the cms
• Google, Facebook, Gihub authentication can be supported too
• Different roles should be supported. Eg. SimpleUser, Admin, Operator
• An admin could assign roles and permissions per role

More details/specifications to be added or discussed

Purpose

As a means of getting familiar with the code and in order for the project to get advantage of the latest advances in the Spring framework we could advance to Spring Boot 2.4.3 ( the latest stable version as of now).

Steps

• Cover existing functionality with tests where needed in order to avoid regression.
• Migrate Spring Boot parent to the latest version and check for dependency conflicts.
• Refactor the code in the modules to comply with the changes.
• Submit when tests are satisfied.

(Optionally) Upgrade to JDK 11 (LTS)

The JDK 8 support is announced to be discontinued as per the Oracle Java SE Support Roadmap. Migration to JDK 11 should be an easy task as Java written with JDK 8 can be compiled and run in the JVM for JDK 11.

If this is ok I will be available to work on that and submit a pull request.

Integrate Lombok to improve getters/setters and use @slf4j to avoid boilerplate logger instantiations.

Any PRs should be towards develop branch

• Provide a REST API to search resources of CMS
• Integrate with frontend

Tasks:

• Check for any inconsistencies
• Follow the steps and validate they are correct
• Simplify and improve where possible

This CMS takes into account scalability; how it can be deployed in a clustered mode using docker or kubernetes so it can support more than 1000 concurrent users?

Setup a cluster and generate/simulate some high throughput. Upload some video at the CMS and simulate 1000 concurrent clients to watch those videos (using chunk encoding) by consuming URIs from the CMS

Let's suppose we have a ready-to-use SastixCMS platform. The main question is how can it be used securely and effectively from a third party application?

To be discussed:

• Installation, setup, configuration; how to setup the platform and configure it properly with another application (java, python)
• Public vs Authenticated access on REST APIs.
• Integration with existing Single sign on solutions
• Easy integration with known cloud providers (AWS, Google Cloud, Azure)

I feel prometheus would be a good choice owing to its in built alerting mechanisms, centralised control and web ui for visualization and also the presence of PromQL
Some questions regarding monitoring:

1. Is the logging system in the backend app in place?
   2)If yes, whats the structure of logs , do we need to implement a middleware to transform the logs so that it becomes compatible with prometheus worker.
   @iskitsas

Propose and add any features related with audio and video optimisation

I was wondering if we can do a POC on sidecar hazelcast pattern as described and see if it can increase performance.
https://hazelcast.com/blog/hazelcast-sidecar-container-pattern/
@iskitsas

I feel react would be the best choice, some question regarding that:

1. Is there any mockup available?
   2)Would it be a totally different container?
   3)If mock up is not available would a generic dashboard with some specific features to the application work?
   @iskitsas

• This is regarding the search functionality which involves creating an elastic search layer owing to its DSL and perfromance.
• All the existing content data in MySQL will be migrated to an elastic index ,
• This will enable user to search by multiple attributes which will be sent as part of elastic querry.

The image link mentioned in the sample request body throws 400 , so it would be better to relpace it with a working url