Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add frontend api for snapshots upload #294

Closed
wants to merge 6 commits into from
Closed

feat: add frontend api for snapshots upload #294

wants to merge 6 commits into from

Conversation

dbajric
Copy link
Contributor

@dbajric dbajric commented Dec 3, 2021
edited
Loading

Details

Results can now be stored in the database through an REST API exposed by the frontend instead of directly connecting to the database. This provides a more secure model by allowing BEST deployments to not have to expose the database to the public.

In addition to the new provider and the new API in frontend, I have also added a simple JSON Web Token-based authorization with a revocation list support. Currently, only the new API used to publish results is using this auth filter.

Does this PR introduce a breaking change?

  • Yes
  • No

@dbajric dbajric requested a review from alrra December 3, 2021 08:04
@alrra alrra requested review from jodarove, nolanlawson and pmdartus and removed request for nolanlawson, jodarove and pmdartus December 3, 2021 08:19
dbajric
dbajric commented Dec 3, 2021
View reviewed changes
.circleci/config.yml Show resolved Hide resolved
scripts/auth-token-manager.js Show resolved Hide resolved
packages/@best/frontend/server/auth.ts
import jwt from 'jsonwebtoken';

const TOKEN_SECRET = process.env.TOKEN_SECRET as string;
const REVOKED_TOKENS = (process.env.REVOKED_TOKENS || "").split("\n");
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This could also be read from a file. Maybe that would be better. Thoughts?

Copy link
Collaborator

@alrra alrra Dec 6, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This could also be read from a file. Maybe that would be better. Thoughts?

@dbajric A commonly used convention is to have them stored in a .env file (see also: dotenv).

@dbajric dbajric closed this Dec 6, 2021
@dbajric dbajric reopened this Dec 6, 2021
alrra
alrra reviewed Dec 6, 2021
View reviewed changes
scripts/auth-token-manager.js Outdated Show resolved Hide resolved
packages/@best/frontend/server/auth.ts Outdated Show resolved Hide resolved
@alrra alrra closed this in 04c67b1 Dec 6, 2021
alrra pushed a commit that referenced this pull request Dec 6, 2021
@sf-v
chore: convert auth manager script to use arrow functions
65cb034 
Close: #294
@alrra alrra deleted the dbajric/rest branch December 6, 2021 23:27
sf-v pushed a commit that referenced this pull request Apr 7, 2022
@sf-v
feat: add frontend api for snapshots upload
a198ce5 
Ref: #294
Fix: #294
sf-v pushed a commit that referenced this pull request Apr 7, 2022
@sf-v
chore: convert auth manager script to use arrow functions
633d089 
Close: #294
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alrra alrra alrra approved these changes

@jodarove jodarove Awaiting requested review from jodarove

@nolanlawson nolanlawson Awaiting requested review from nolanlawson

@pmdartus pmdartus Awaiting requested review from pmdartus

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@dbajric @alrra