Allow only one vote per user on resources

[chynh]

Changes

• Added VoteInformation model that stores a user's vote information on a resource.
• Modified/refactored API routes to require authentication when voting and implement the one-vote-per-user requirement.
• Modified/Added tests to accommodate model and routes change.

Stopped short of adding more tests to get an opinion on the changes so far. Let me know what you think.

Fixes #211

[aaron-junot]

@chynh I don't see it on here, but I previously recall discussing how this leaks the API keys of all users that have voted for a resource. Were you planning on coming back to this to redesign in a more secure way?

[chynh]

Not sure what happened there. But I just pushed it up again so let me know if you still don't see it. I believe with the security concern has been addressed with the redesign.

[aaron-junot]

Looks good so far. This PR has taught me a few things about python/flask that I didn't know, so I want to research those and make sure I understand everything that's going on before we merge, but it's looking really good. I should have it merged in the next couple days if no one else has any comments

[aaron-junot]

I love this. Much better than making this two separate endpoints. ❤️👍

[aaron-junot]

I ran this and I only get 400 errors:

172.20.0.1 - - [08/Mar/2020 16:41:55] "PUT /api/v1/resources/2/upvote HTTP/1.1" 400 -
172.20.0.1 - - [08/Mar/2020 16:40:47] "PUT /api/v1/resources/2/downvote HTTP/1.1" 400 -

Additionally, I don't get the 404 when it's something other than upvote/downvote, I still get a 400

172.20.0.1 - - [08/Mar/2020 16:40:19] "PUT /api/v1/resources/2/bogus HTTP/1.1" 400 -

Does this code actually work for you?

[chynh]

192.168.176.1 - - [08/Mar/2020 18:59:08] "PUT /api/v1/resources/5/upvote HTTP/1.1" 200 -
192.168.176.1 - - [08/Mar/2020 18:59:13] "PUT /api/v1/resources/5/downvote HTTP/1.1" 200 -
192.168.176.1 - - [08/Mar/2020 18:59:13] "PUT /api/v1/resources/5/downvote HTTP/1.1" 200 -
192.168.176.1 - - [08/Mar/2020 18:59:26] "PUT /api/v1/resources/5/down HTTP/1.1" 302 -
192.168.176.1 - - [08/Mar/2020 18:59:26] "GET /404 HTTP/1.1" 404 -

hmm... not sure what's going on there. Above are the results that I got. I did run into the issue of not getting 404 but other than that, hitting upvote and downvote should work.

I did fix the 404 issue and pushed it up again. Let me know if it still does not work for you.

[aaron-junot]

@chynh I realized that the 400 error is coming from the fact that my PUT body was empty. I'll have to double check the documentation but I don't think we need to require a {} in the body, do we? What are you putting in your body?

[aaron-junot]

Ok, I looked at the docs, we don't have docs for this endpoint yet 😅 Can you go ahead and update the openapi file to add docs for these endpoints? We'll need one section for /upvote and another for /downvote

[chynh]

I'll have to double check the documentation but I don't think we need to require a {} in the body, do we? What are you putting in your body?

Ah okay. And yes we don't need the body when making this request.

Can you go ahead and update the openapi file to add docs for these endpoints?

Got it. I never wrote openapi docs before but looking at the file it seems pretty straight forward. I'll push it up again after adding those sections.

[aaron-junot]

It's possible that Flask just automatically tries to parse a body on PUTs, or maybe it was the client I was using was trying to send some sort of whitespace... If there's a way to configure it to ignore the body altogether that would be nice...

[chynh]

It's possible that Flask just automatically tries to parse a body on PUTs, or maybe it was the client I was using was trying to send some sort of whitespace... If there's a way to configure it to ignore the body altogether that would be nice...

I figured out that 400 error was coming from log_request trying to parse json payload when no payload/invalid json is provided. So I added error handling for those cases. Also, added openapi docs for upvote and downvote