Skip to content

What you see is what you REST #1052

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 45 commits into
base: main
Choose a base branch
from
Open

What you see is what you REST #1052

wants to merge 45 commits into from

Conversation

@ctrekker
Copy link
Collaborator

@ctrekker ctrekker commented Apr 2, 2021
edited by fonsp
Loading

Watch the presentation!

https://www.youtube.com/watch?v=xsxJt4prFG4

Try it out!

julia> ]
pkg> activate --temp
pkg> add https://github.com/ctrekker/Pluto.jl#wysiwyr2
julia> import Pluto; Pluto.run()

@lungben
Copy link
Contributor

lungben commented Apr 2, 2021

Awesome!

With this, one could build powerful micro-services with very little effort. Thinking about use cases e.g. in financial industry, it would be important to protect the notebooks, so that the user of the API cannot modify the notebook (i.e. the running microservice) itself.
For this, the following features would be great in my opinion:

  1. The notebook should define which variables are modifyable with the API and which variables should be requestable. Possible syntax:
@listen a, b
@publish y, z

Variables not explicitly defined should not be accessible from the API. Maybe the default could be to listen / publish all variables, unless @listen / @publish is explicitly written in the notebook?

  1. It should be possible to allow users access of the API without allowing them to open the notebook itself. This could e.g. be archieved by using different secrets.

@ctrekker
Copy link
Collaborator Author

ctrekker commented Apr 4, 2021

Your first point makes a lot of sense! Not only would explicitly defining which variables users can change via the API (in production/deployment settings) enhance notebook protection, but it would also allow for further optimization since execution plans can be computed beforehand and only once.

For your second point, I was thinking about adding a configuration option which would allow users to run Pluto in an "API only" mode which would disable notebook editing and access features, restricting use to the API only. Perhaps this mode will also default to only serving "endpoints" defined by the @listen and @publish macros mentioned earlier and will otherwise fall back to serving all variables but give a warning message in the console about notebook security.

@ctrekker ctrekker mentioned this pull request Apr 5, 2021
Closed
@fonsp fonsp added backend Concerning the julia server and runtime reactivity The Pluto programming paradigm HTTP/WS The connection between backend and frontend online deployment About deploying to binder, heroku, self-hosted labels Apr 7, 2021
@Roger-luo Roger-luo mentioned this pull request Jun 11, 2021
Closed
@lungben lungben mentioned this pull request Jun 29, 2021
Closed
lungben
lungben reviewed Jul 1, 2021
View reviewed changes
src/Configuration.jl Outdated
disable_writing_notebook_files::Bool = false
notebook::Union{Nothing,String} = nothing
simulated_lag::Real=0.0
enable_rest::Bool = false
Copy link
Contributor

@lungben lungben Jul 1, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a significant performance impact of having the REST API enabled?
Otherwise, I would suggest to enable it as default.

Copy link
Collaborator Author

@ctrekker ctrekker Jul 1, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There isn't any performance impact, but right now there are zero security features at all. It's probably not a big deal though, so I will update that

@ctrekker
Copy link
Collaborator Author

ctrekker commented Jul 1, 2021
edited
Loading

The client functionality is now in a separate package https://github.com/JuliaPluto/PlutoRESTClient.jl. I haven't published it nor removed the client code from the PR yet though

@fonsp fonsp added the WYSIWYR What you see is what you REST label Jul 7, 2021
@ctrekker ctrekker marked this pull request as ready for review November 10, 2021 19:39
@fonsp
Copy link
Owner

fonsp commented Feb 15, 2022

@ctrekker frontend tests are fixed on main!!! ✅✅✅

@fonsp fonsp mentioned this pull request Mar 8, 2022
Open
@fonsp fonsp mentioned this pull request Apr 26, 2022
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@lungben lungben lungben left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

backend Concerning the julia server and runtime HTTP/WS The connection between backend and frontend online deployment About deploying to binder, heroku, self-hosted reactivity The Pluto programming paradigm WYSIWYR What you see is what you REST

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@ctrekker @lungben @Roger-luo @fonsp