vsemionov / boomerang Goto Github PK

Usernames may come from the local parts of the email addresses in a social network. Slashes are a valid character in them. This will confuse the parsing of arguments in URLs, which are separated by slashes. Ensure that they are replaced with other characters (dots or dashes).

Obtain secret key from a heroku config var.
Use the current one as a default for local installs.
Update deployment in readme.

problem: logout clicked, requested on backend, but jwt persists OR jwt cleared but logged-in session persists
solution: remove jwt on click logout and on init when jwt cookie not present

For consistency of the returned data between requests, if the until parameter is not specified, but generated and returned, it should also be added to the returned next and previous page links.

Show Django messages in API browser.
If possible, vary style depending on severity.

Add links to the web app in the readme.

auth_user.username is varchar(150)
api_notebook.user_id is varchar(30)

bin/populate.sh worked in the past with uuid usernames, but now it fails because uuid length is 36 and doesn't fit in user_id

Writes to objects with deleted parents are supported to ease writes by different clients. But why writing allowed to deleted objects?

Add an option that allows the listing of child objects in a parent (e.g. notes in a notebook).

Read the option from the environment and turn it off by default.

This will:

• improve performance by eliminating a database query per child relation
• simplify the output

django-allauth 0.33.0
django-rest-framework 3.6.4
Check for updates to the account templates.
Test customizations.

Signup redirect is necessary for returning to the front-end after creating an account. However, this flow causes an internal server error (http 500) response.

This header is used to determine the source of the requests. After an intermediate second proxy was introduced, this header should contain two addresses. This is required for the restframework to correctly throttle requests.

Declare mixin dependencies.

Move deletion support out of sync to a new mixin?

Rafactor and move deleted endpoint as it does the work of two mixins.

If possible also move the search endpoint.

Enforce the limit when deleting an object.
Also, when listing deleted objects, return 206 if the limit is reached.

Configurable sort field translation map.
Configurable search and sort parameter names.
Clean up module and class constants.
Refactor away filter<->mixin dependencies like the reference to view.full_text_search in SearchFilter.
Refactor the fuzzy search logic into the filter.

I.e. grandparents, grand-grandparents and so on.

Currently, user objects in the API contain links to aggregate note lists. Those lists shall be used for syncing objects with fewer requests. The output will be cleaner if the links are hidden.

Rename user_username to username
Rename all other arguments to <model_name>_id
(but after tests are available, because breakage will occur)

Integrate TravisCI
Generate reports with coverage
Test permissions for all endpoints
Test functioning of endpoints
Test mixins for all endpoints
Report (number of) queries per endpoint operation (with a populated db, so duplicated queries will be shown)
Test configured features: pagination
Basic acceptance test of dependencies not used in own endpoints: cors headers, redis cache, allauth, raven
Test dependency customizations: facebook email verified, usename generated from email, confirmation emails sent

Check locking order from parent to child.

All write operations that follow reads should be atomic with the read objects locked?

Test consistency of rank order. If possible, enable sort after search.

For writable sync, checking 'until' is not reachable because it filters the queryset and non-matching results will not be returned.

Write condition 'at' may cause race conditions.

It may be possible for a write operation to a parent object's children to fail if the parent is removed by cleardeleted.py just before the child operation is performed. In this case, the client would receive an 500 internal server error status, instead of 404 not found.

This may be prevented (if necessary) by locking the child object for (for update and delete requests), which will block a delete of the parent because it would cascade to the child. As for creates, they would require explicit locking of the parent (unless the rest framework selects the parent for update during validation of the parent field against the parent queryset).

C:\Users\vsemi_000\venv\boomerang\lib\site-packages\rest_framework\pagination.py:208: UnorderedObjectListWarning: Pagination may yield inconsistent results with an unordered object_list: <class 'django.contrib.auth.models.User'> QuerySet.
paginator = self.django_paginator_class(queryset, page_size)

• separate limits into their own mixin
• separate dynamic serializers into a separate file
• separate parent lookups and/or locking into their own mixin?
• refactor disabled mixins with common code
• remove view-mixin relationships
• redundancy of perform_search and disabled search mixin?
• independence of mixin order (e.g. perform_*() calls parent and is transactional)
• move mixins into a package
• other cleanup?