robokache's People
robokache's Issues
Do not clear data on startup
Just make sure that the data folder exists and the database in initialized properly.
Add DELETE and PUT endpoints
Replace Visibility Flag
Visibility flag is confusing, especially for anyone consuming this API. There are a couple of options for replacing this. The simplest one would be using two boolean flags, one for public and one for shareable.
Add route to get any parent documents
Refresh DB between tests
Make sure files get deleted
I can delete documents via the UI and they get removed from the DB. But then I check my local robokache-data folder and it looks like none of the documents actually get deleted.
Add ability to get all root documents
Add ability to get all documents that have no parent.
Change API to have separate Question and Answer resources
Right now the API has unnatural routes for modifying question and answers. The goal for refactoring is to make the API more REST oriented and consistent.
Add Metadata Field
Add an optional JSON metadata field. This field should accept an arbitrary dictionary of objects. This field will be useful for fields that are specific to document types that we don't want to manage within Robokache.
Update error message when there is an invalid parent
When updating a document with an invalid parent, make sure that the error message says that it could be because the parent is not owned by you.
SQL Injection Vulnerability
robokache/internal/robokache/get.go
Lines 21 to 26 in 0fc11f3
Queries in the get.go
are built using Sprintf. This allows a SQL Injection attack using a string like the following for the owner variable:
'DROP TABLE questions;'
Fix is to replace Sprintf with db.Prepare which accepts placeholders and fills them safely.
Data object not updated with sequential read then write
When calling:
PUT /api/:id/data
then
GET /api/:id/data
in quick succession, the data is not available. Likely cause is that the Go server is multithreaded by default, so the GET request is processed before the PUT finishes writing the file. We will need to write a test to confirm, and then fix probably with an RWMutex.
Set up testing with Travis CI
Use production mode for Gin in Docker image
The published docker image (used for deployment) should be set to use the Gin production mode (without debug logging).
Expose visibility as string in the API
Visibility right now is exposed as an integer, but the integer does not have any meaning. What we should do is replace that with a string representation in the API.
Dockerize
Docker container name
It might be helpful to add --name robokache
to the Readme instructions when running docker. Otherwise docker will assign a random name to the container, like agitated_visvesvaraya.
Allow user-chosen permalink aliases
Return 404 when trying to access children of private document
/api/document/foo/children behaves differently when foo does not exist than when foo exists but you are not authorized to access it. We want 404s in both cases.
Do not publicize user email addresses
Instead of returning owner
, just return something like "yours/not yours".
Remove authorization requirement for shareable and public documents
Shareable and public documents should not need to be signed in to view. This affects the following endpoints:
- GET /api/document
- GET /api/document/:id
- GET /api/document/:id/children
- GET /api/document/:id/data
Add single route to create a document with specified data
Add a shorthand route that allows creating a document and setting the data at once.
Change the GET /children endpoint to return shareable and public documents
Right now the endpoint only returns public documents.
Split /api/document Route
Currently the /api/document route returns both public and owned documents. The only way to differentiate between these is the "owned" flag, which is inconvenient for consumers. One solution for this would be to split the route into personal documents (/api/myDocuments/) and public documents (/api/publicDocuments).
Add Created and Updated fields to documents
Add automatically updated timestamps to documents for created and updated.
Return 403 if you are trying to update a document that you do not own
If you try to PUT or DELETE a public document that you don't own, we should return a 403
Don't clear DB on startup
Right now the DB is cleared every time the app starts up. New idea is to create a shell script that clears the DB for testing and then to simply initialize the database if it doesn't exist at startup.
Add test for large files
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.