New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Data output agent #203
Data output agent #203
Conversation
delete("/users/6/webhooks/2/foobar").should route_to("webhooks#handle_request", resulting_params) | ||
end | ||
|
||
it "routes with format" do |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IMHO this example is not very needed as route uses default Rails behavior and it was tested in Rails :D
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fair enough-- match
goes away in Rails 4, though, so this is somewhat of a paranoid guard.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
AFAIK it will not be removed completely. In Rails 4, match
without :via
will be prohibited, so
match "/users/:user_id/webhooks/:agent_id/:secret" => \
"webhooks#handle_request",
:as => :webhooks
will be replaced with:
match "/users/:user_id/webhooks/:agent_id/:secret" => \
"webhooks#handle_request",
:as => :webhooks,
:via => :all
Just had a very brief scan over it all and it looks kinda cool to me. Without getting deep into the guts of it I feel I can't really comment further though. I'd support changing the name to |
…ort deprecated methods for now
Yup, just did that now! On Sat, Apr 5, 2014 at 6:43 PM, alias1 notifications@github.com wrote:
|
I'd agree about changing the name to For the url, I wonder if instead of having |
Query string isn't really RESTful though. Under what circumstances would it not be protected? Even if you end up publishing the 'secret' url somewhere public, the design should still be such that it's kept secret (eg. how do you differentiate different endpoints without the varying key?) For OAUTH, as I understand it, access/secret should only ever be used as part of the url between servers over SSL. I would imagine that most if not all usecases for this would call for something more public/flexible than this, in which case you would be passing the access_token (usually) via Auth header. Basically just braindumping, so feel free to question/correct me. |
Ah, fair enough point about OAUTH. I don't really fully understand how that part works. As far as query string being RESTful though... isn't the agent_id enough of an identifier? Whatever secret is in the url won't change the data being delivered, right? It'll always just be all the events that the DataOutputAgent has. The The most common case I can imagine for using this will be to set up a DataOutputAgent to a WebsiteAgent to make an ersatz RSS feed and then publishing a public URL that anyone can point their RSS feed reader at to subscribe to. |
It's true that |
I'm definitely a fan of secure by design. Given that you can still do all of the 'public' user cases as is, i'd be inclined to keep it in the path. (But to answer the above, yeah the agent id is sufficient to uniquely identify them, didn't really think about that aspect) |
Data output agent
This pull request adds a new
DataOutputAgent
that returns a RSS or JSON feed of incoming events. In order to do this, the EventHooksController will now accept all HTTP verbs, not just POSTs. (Perhaps the controller should now be renamed to WebRequestsController, or similar, since webhooks are traditionally limited to POST requests?)This is a solution to the output half of #11. Appreciate feedback @albertsun, @alias1, @Fluffums, and @snicker!