Singletenant

???

Multitenant

Sign up page should allow visitors to set up new tenants on cloud environment.

• Form should contain: Tenant Name and Subdomain
• Validation should:
  • Name or Subdomain with 2 or less chars
  • Check for subdomain availability
  • Disallow blacklisted subdomains: signup, we, wechy, admin, setup, about, wecanhearyou or more ...

Form is submitted by authenticating with Facebook or Google.

Allow users to find an idea by searching for it

Good scenario: IdeaInput where textfield is hidden/shown upon text input.

Research about how to manage user registration and token generation to be used on other APIs

- POST /users
  - Create a new new
- POST /auth/token
  - Authenticate user by email and password
  - Returns token if successful  

• how token works
• what i need to save on db
• retrieve name and e-mail
• create issues to make it happen

Current GetTenantByDomain operation should also return the list of available boards for given tenants. A new table is needed for this. Board should contain it's Id, Name, IsDefault.

• https://github.com/settings/applications/new
• https://docs.gitlab.com/ce/integration/oauth_provider.html
• https://dev.twitter.com/oauth
• https://developer.linkedin.com/docs/oauth2 https://www.linkedin.com/secure/developer?newapp=
• https://www.instagram.com/developer/clients/manage/
• https://www.dropbox.com/developers/reference/oauth-guide

1. Add TenantID to token
2. JwtGetter should only add user to Context if Token's TenantID matches with current TenantID
3. If it doesn't: leave context without the user, it will be blocked by IsAuthenticated down the pipeline

some actions have duplicate validations (like length, min words, etc), we should extract it and move to a shared place

A token based authentication/authorization has to be implemented in order to secure our API against unwanted usage

every http request should start a new transaction and be used by all storage methods

If user has first login in with Facebook and now tried to used Google, we should add google information to existing account instead of just logging in

To make it more SEO friendly

E.g: http://demo.we.fider.io/ideas/2/add-german-translations

Sites with 50+ ideas will soon become slow as we always render ALL ideas. The goal here is to have "More X ideas" link that loads the next 10 ideas, just like Facebook does for comments.

• Should page every 10 items? 20? 30?
• Infinite scroll?
• Show how many more there are (like facebook)

Having a unified users table was a bad idea, it's hard to export/import, does not allow usage of custom OAuth providers per Tenant, it does not provide much benefit either.

What to do:

1. add Tenant_ID to users table
2. create user using current Tenant_ID
3. migrate users first available tenant

dev branch should deploy to staging (api.staging.fider.io) and this should happen as often as possible. Staging can be unstable sometimes, which is OK.

master branch should deploy to production api.fider.io and this should happen once we have a stable feature available on staging environment. Production has to be always stable!

Using a single view for everything would be nice. This view could just export all variables available on context. app.Context would also need a custom method to render this specific view.

Probably using https://github.com/goreleaser/goreleaser

Source: https://feedback.fider.io/ideas/22/add-option-to-edit-title-and-description

Site members should be allowed to update idea's title and description so they can fix potential typos, enhance it with more information and so on.

Method: GET
Route: /tenants/{domain}

For now, domain should include only the subdomain name. That means a url like github.fider.io, the domain route value should be only github.

We plan to add custom domains in the future, but for now we'll stick with this simple approach.

This operation will return a 200 response with the tenant's ID and Name for now. A 404 response should be returned if the tenant is not found by given domain.

For instance, GitHub OAuth can be useful for some people, but not all. We should allow administrators to select which providers they want to enable.

By default only popular ones like Facebook and Google should be enabled.

GO_ENV = production -> GIN_MODE = release
GO_ENV = staging -> GIN_MODE = release
GO_ENV = development -> GIN_MODE = debug

Set GO_ENV on Heroku and remove GIN_MODE

Method: GET
Route: /tenants/{domain}/ideas

This operation will return a 200 response with the list of tenants ideas. A 404 response should be returned if the tenant is not found by given route parameters.

Based on requested idea https://feedback.fider.io/ideas/21/allow-creation-of-tags-categories

Migrations

• Create tags table (id, name, color, tenant_id)
• Create idea_tags table (idea_id, tag_id, created_by, created_on)

Create/Edit/Delete API

• POST/DELETE /api/admin/tags/{id}
• Receive name, color, isPublic
• Validate that only >= administrator can create/edit
• Validate color is valid RGB
• Check if tenant_id of given Tag (on edit or delete) is of current tenant
• Delete tags and idea_tags on delete by id
• Validate name not empty and max length
• Validate name is unique within tenant

Admin

• Create ManageTagsPage
• List existing tags. Create buttons/actions for create, edit and delete tags
• Show confirm window on tags deletion with more than 0 ideas related
• Don’t need color picker, but show preview of tag with its color and name (check for React color picker)

Public

• Show tags on home page (based on public/private)
• Show tags on view idea page (based on public/private)
• Allow filtering by tagx (based on public/private)
• If user >= collaborator
  • Add new action to assign tag
  • On action click, Show list of all tags, tick it to Assign/Unassign (view how GitHub works)

Assign/Unassign tag API

• POST/DELETE /api/ideas/{number}/tags/{id}
• Validate idea exists and it’s of current tenant
• Validate tag exists
• Create idea_tags record if doesn’t exist yet
• Delete idea_tags record

• Button will be called Want, although url/internally everything will be called Support (more generic), just in case we need to change text to Vote.
• After clicking Want, button change it's color and turns into Undo
• There will be no downvote option.
• New table: idea_supporters: user_id, idea_id & created_on
• New field: ideas.supporters should be updated on every new #want/undo.

This will be tracked on http://feedback.fider.io/ideas/1/add-twitter-as-authentication-method

Hello,

I just noticed you put a private key in /etc/, I hope it is not the one from your website

Tenant's home page should show its idea list and an idea input area.

The documentation for env variables write :

# GitHub
      # OAUTH_GITHUB_APPID: <github_client_id>

But the correct env variable to set is OAUTH_GITHUB_CLIENTID

BTW: it should be mentionned that callback url is : http://your.server.tld/oauth/github/callback
BTW2: the callback url should enforce the same http scheme (http or https).

Statuses:

• New (no label)
• Started
• Completed
• Declined

To Do:

• Add status column to ideas table
• status 0 is the default for new ideas
• Add response, responder_id, responded_on column to ideas table
• show a label based on idea status
• block vote button based on status
• block vote API based on status
• show response whenever available
• change status screen should select a new status and input a response
• ChangeStatus API enabled only for Members and Administrators

Probably by setting the path of certificate on ENV variables.

Context: a brand new installation on a freebsd server.
Fider service is started. I connect to myserver.name.tld:8080 and get redirected to the signup page.
I fill the form with a name, an email and a project name.
When I click the confirm button, the POST action fails with a 500 error.
POST payload:

{"tenantName":"project_name","name":"my_name","email":"[email protected]"}

server logs :

DEBUG [2017-10-02T16:21:00+02:00] HTTP Request GET /signup
DEBUG [2017-10-02T16:21:00+02:00] SELECT id, name, subdomain, cname, invitation, welcome_message, status FROM tenants ORDER BY id LIMIT 1 []
DEBUG [2017-10-02T16:21:35+02:00] HTTP Request POST /api/tenants
DEBUG [2017-10-02T16:21:35+02:00] SELECT id FROM tenants WHERE subdomain = $1 [default]
DEBUG [2017-10-02T16:21:35+02:00] INSERT INTO tenants (name, subdomain, created_on, cname, invitation, welcome_message, status)  VALUES ($1, $2, $3, '', '', '', $4)  RETURNING id [project_name default 2017-10-02 16:21:35.4337588 +0200 CEST m=+1238.418072098 2]
DEBUG [2017-10-02T16:21:35+02:00] SELECT id, name, subdomain, cname, invitation, welcome_message, status FROM tenants WHERE subdomain = $1 OR cname = $2 ORDER BY cname DESC [default default]
DEBUG [2017-10-02T16:21:35+02:00] INSERT INTO signin_requests (tenant_id, email, created_on, expires_on, key, name) VALUES ($1, $2, $3, $4, $5, $6) [5 [email protected] 2017-10-02 16:21:35.434309439 +0200 CEST m=+1238.418622753 2017-10-04 16:21:35.434309846 +0200 CEST m=+174038.418623091 1b47aaf02b43453b975c2903d3e92caa my_name]
ERROR [2017-10-02T16:21:37+02:00] 535 5.7.8 Error: authentication failed:
goroutine 9 [running]:
runtime/debug.Stack(0xc4205336d8, 0x886200, 0xc420199620)
	/usr/local/go/src/runtime/debug/stack.go:24 +0xa7
github.com/getfider/fider/app/middlewares.Setup.func1.1.1(0xc420414380, 0xc420533b60)
	/usr/local/goland/src/github.com/getfider/fider/app/middlewares/setup.go:47 +0x6e
panic(0x886200, 0xc420199620)
	/usr/local/go/src/runtime/panic.go:491 +0x283
github.com/getfider/fider/app/pkg/web.(*Context).Failure(0xc420533918, 0xb97ae0, 0xc420199620, 0xc4200a2800, 0x16)
	/usr/local/goland/src/github.com/getfider/fider/app/pkg/web/context.go:90 +0x3e
github.com/getfider/fider/app/handlers.CreateTenant.func1(0xba5060, 0xc4204143c0, 0xc4204143c0, 0x90c8a0)
	/usr/local/goland/src/github.com/getfider/fider/app/handlers/signup.go:80 +0xa15
github.com/getfider/fider/app/pkg/web.wrapFunc.func1(0xba5060, 0xc4204143c0, 0xba5060, 0xc4204143c0)
	/usr/local/goland/src/github.com/getfider/fider/app/pkg/web/engine.go:145 +0x39
github.com/getfider/fider/app/pkg/web.wrapMiddleware.func1.1(0xba5060, 0xc4204143a0, 0x41297c, 0xc4204143a0)
	/usr/local/goland/src/github.com/getfider/fider/app/pkg/web/engine.go:137 +0x75
github.com/getfider/fider/app/middlewares.AddServices.func1.1(0xba5060, 0xc4204143a0, 0xc4204143a0, 0x90c8a0)
	/usr/local/goland/src/github.com/getfider/fider/app/middlewares/setup.go:78 +0x1a1
github.com/getfider/fider/app/pkg/web.wrapFunc.func1(0xba5060, 0xc4204143a0, 0xba5060, 0xc4204143a0)
	/usr/local/goland/src/github.com/getfider/fider/app/pkg/web/engine.go:145 +0x39
github.com/getfider/fider/app/pkg/web.wrapMiddleware.func1.1(0xba4e80, 0xc42012a000, 0xc420414380, 0xc42004fb60)
	/usr/local/goland/src/github.com/getfider/fider/app/pkg/web/engine.go:137 +0x75
github.com/getfider/fider/app/middlewares.Setup.func1.1(0xba4e80, 0xc42012a000, 0x0, 0x0)
	/usr/local/goland/src/github.com/getfider/fider/app/middlewares/setup.go:56 +0x451
github.com/getfider/fider/app/pkg/web.wrapFunc.func1(0xba4e80, 0xc42012a000, 0x20, 0x8bafc0)
	/usr/local/goland/src/github.com/getfider/fider/app/pkg/web/engine.go:145 +0x39
github.com/getfider/fider/vendor/github.com/labstack/echo.(*Echo).Add.func1(0xba4e80, 0xc42012a000, 0xc4202d4280, 0xb9d2a0)
	/usr/local/goland/src/github.com/getfider/fider/vendor/github.com/labstack/echo/echo.go:473 +0x87
github.com/getfider/fider/vendor/github.com/labstack/echo/middleware.GzipWithConfig.func1.1(0xba4e80, 0xc42012a000, 0x0, 0x0)
	/usr/local/goland/src/github.com/getfider/fider/vendor/github.com/labstack/echo/middleware/compress.go:92 +0x17f
github.com/getfider/fider/vendor/github.com/labstack/echo.(*Echo).ServeHTTP.func1(0xba4e80, 0xc42012a000, 0xc420084d58, 0x90bd60)
	/usr/local/goland/src/github.com/getfider/fider/vendor/github.com/labstack/echo/echo.go:570 +0x108
github.com/getfider/fider/vendor/github.com/labstack/echo.(*Echo).ServeHTTP(0xc420084d00, 0xb9d2a0, 0xc4204c8000, 0xc420238000)
	/usr/local/goland/src/github.com/getfider/fider/vendor/github.com/labstack/echo/echo.go:579 +0x229
net/http.serverHandler.ServeHTTP(0xc420097040, 0xb9d2a0, 0xc4204c8000, 0xc420238000)
	/usr/local/go/src/net/http/server.go:2619 +0xb4
net/http.(*conn).serve(0xc42045efa0, 0xb9d9e0, 0xc42008c200)
	/usr/local/go/src/net/http/server.go:1801 +0x71d
created by net/http.(*Server).Serve
	/usr/local/go/src/net/http/server.go:2720 +0x288

NB : No Oauth services have been configured in env variables.

Just like GitHub issues, idea should be sequencial within a tenant

1. new column ideas.number
2. should be used on URL: demo.canhearyou.com/ideas/3 <- idea.number
3. should be shown on screen and hide idea.id
4. ideally new comments should use this field as well
5. migration should create this field with correct value
6. how to implement the counter? options are:
   6.1. MAX(ideas)+1
   6.2 create field on tenants tenants.ideas_counter
   6.3 ???

Hello!

Thank you for an awesome project! I just deployed your SaaS version for my OSS project: https://fastnetmon.fider.io/

It works really cool!

But I want to remove my test idea to publish it for our customers. And I could not find button to do it :(

have constants and helpers to check which is the current env (production, development, staging or test) and not having to use hard-coded strings

Use https://github.com/pkg/errors or maybe roll our own implementation of something similar

Key areas to enhance error details:

• DBX
• Emailer

1. Make renderer work with layout file
2. create wrapper for map[string]interface{}
3. refactor handler_test to use mocked server and make code smaller

1. Add role to users table;
2. Role can be either
   1: Visitor (default)
   2: Member
   3: Administrator
3. Remove TenantId from JWT token
4. Create middleware to check for user role
5. Create a blank /admin page only for Member & Administrator

Method: POST
Route: /tenants/{domain}/ideas

Post body:

{
  "title": string,
  "description": string
}

This route needs an auth token with the user information.

Possible responses are:

201 with the idea's ID if it's successful.
400 with a list of errors should be returned in case of missing information.
404 if the tenant is not found.
500 if something unexpected goes wrong.

This middleware should check if visitor is logged in.
If it's not, redirect to 403 page (new) or return 403 json response with { message: "Forbidden ..." } based on request.