Katharsis security + API versioning - spring

I am currently evaluating possibilities, how to write/generate level2+ rest API. I came across karharis and i pretty like the concept and the whole idea how its done seems sound to me. But I have not found answers to these questions:
How to handle security properly. I can imagine that it might get tricky, as JSON api supports traversing to some extent. (out app will run in spring environment, so I suppose that we might use spring-security, but I do not know, if we will encounter some hidden traps)
API versioning. I havent found any clues how to handle API evolution. Are there any already supported options (content negotiation, path variable, query parameter...?) or do we need to hack it ourselves?
Thanks in advance!

Related

Service worker, caching a graph query request

so I'm getting in the world of service workers, found it complex for my level, and despite I manage to cache my physical files in my vue 3 project. I'm struggling with the way of caching the response from headless CMS, there is a lot information around about in general most of then very old, at the beginning I tried using workbox, then I read that you cannot catch graph response or post response(correct if I am wrong), in addition I was having a lot of issues trying to include the script with the vue 3 project and some error about some array, so ended up building the sw from scratch and it worker pretty well so far. Now I'm facing the issue with the graph response, so far I have read it's not easy which is quite discouraging when u read it from more experienced people. I have found some examples and lot of user asking the same question here some with no response as well, and so far I found an interesting response(3 years old), however I am not sure if this actually applies for my case if is deprecate. He provides a code example, however is not providing information about what exactly does the script, you can see the response here
So I am assuming the URL that needs to be provide is the url to my graph API in this case the one provide for CMS. And the in the variable cachedResponse under the catch, do I need to provide the query variable, meaning the const that I am using to call the graph? I have to mention I am not using apollo nor axios just a normal graph inclusion.
Also when I tried to run this code, at the beginning I got an issue with the script from dexie.js and had mime issue which I tried to correct with some suggestion from here. Which did not work for me. I thought that was my sw cache playing bad, however I cleaned it got same issue.
So so far have been a long way, It seems there is not magic formula, but if I can receive an advice or different approach from what I have been trying so far, would be very welcome. Thank you in advance for the help : )

What do protofiles represent for googles API Linter?

since google did not create extensive documentation for their API Linter and I cannot find anything from other sources, i wanted to ask here.
From what exactly am i supposed to create protofiles and what do they represent?
As I understood, these protofiles get checked for compliance to their AIPs.
I'm interested in creating a automatic prototype (Java) to check for customized API Rules and am thinking about using Protobufer for this goal. Would this be a pragmatic solution?
Thank you!
As I now understand, Googles API Linter isn't supposed to check a API or a different API specification for compliance.
It checks proto files because they are themself the API specification and can be converted to Code. But before converting them they can be checked against rules they have to comply with.
These rules are not in the protofiles (as I initially thought) but in the many GO-files under rules/ .
Please correct me if you read this and find mistakes! Thanks!

Wagtail alongside Django Rest Framework drf-yasg?

I am implementing a Wagtail powered blog within a larger (primarily DRF) driven app. I'm attempting to use drf-yasg for my documentation.
Since installing wagtail, the docs are now throwing
'Request' object has no attribute 'wagtailapi_router'
It looks to be related to the introspection that drf-yasg does, and all I can find about excluding views from drf-yasg is done at the code level. Being an installed module obviously I want to avoid that.
Has anyone got these 2 (3) components playing nicely together?
It's been a very long time since you asked this question, but as I found this while looking for an answer myself, I thought I might share what worked for me.
Note that I'm not using drf-yasg, but rather DRF's own schema generator. They do however have a lot in common.
The problem in my case was that the schema generator URL was defined like this:
path(
"schema/",
get_schema_view(title="My API Schema"),
name="openapi-schema",
),
What I needed to add was a patterns= argument that referenced my API specifically, leaving out the other non-API urls (like Wagtail):
path(
"v3/schema/",
get_schema_view(title="My API Schema", patterns=router.urls),
name="openapi-schema",
),
I hope that helps... someone :-D

What is the best way to implement the versioning for ASP.NET WebAPIs?

What is the best approach to version WebAPIs?
I am building an API from scratch and I would like to ensure that it will version gracefully in the future. I am envisioning something like mysite.com/api/v2/...
One approach I see is to create a separate project (web app) for each version of API. But perhaps there are better ways to do it?
Thank you for your ideas.
Including version number in the URL is the standard approach as I explained in this post (I do not repeat the content): Implementing versioning a RESTful API with WCF or ASP.Net Web Api
You do not need to create a completely new project although you can. The problem that you will be facing with a single project is that there will be collision of names:
/api/v1.0/Car/123
and
/api/v2.0/Car/123
both will point to CarController while you can have only one of those. The solution would be to implement your own IHttpControllerSelector and register with the DependencyResolver. This implementation will look at the version number and perhaps find the type based on the namespace.
UPDATE
I do not intend to start a REST controversy here. But as #DarrelMiller points out, here is an older discussion on the same subject discouraging my suggested approach:
How to version REST URIs
I personally think URL versioning is the way to go.
You will need to create your own implementation of IHttpControllerSelector. The best way is to base this implementation on Microsoft's IHttpControllerSelector. Then you can decide in your IHttpControllerSelectorif you want to version by URL or by content-type.
The most basic implementation directly implements IHttpControllerSelector and just implements the SelectController method but performance reasons it is better to implement some caching around it.
For finding the Controller you simple the IHttpControllerTypeResolver instance you can get using HttpConfiguration.Services.
I've used something like this: http://damsteen.nl/blog/implementing-versioning-in-asp.net-web-api. Also put some code on Github: https://github.com/Sebazzz/SDammann.WebApi.Versioning.

Handle concurrent file download with flex/blazeDs/Spring

I'm currently working on a Flex3/blazeDS/Spring/MySQL project.
In this, some users needs to download some import logs. Problem is that given the singleton concept around spring, if 2 users ask for a download at the same time, the servlet responsible for export file creation may cross content between the 2 asked files.
I'm not that much familiar with spring but from what i've been reading around it seems that the solution lies in saying that the servlet is in "Request" scope so there will be a new one created for each download request instead of having a singleton.
Does anyone have ever done something like this before? Every tutorials i've seen so far explains how to handle file download request but it never talks about the fact that 2 users asking for a download may have some issues...
Thanks for any leads on how to fix this.
Each user will receive his own thread, and you should not have any problems unless using member variables (which is a bad practice anyway). If not, I do not see any problem, but it would help if you can post your code.

Resources