Comments (4)
I figured that would be the response. (libraries are too large, rather build it myself)
Well I just linked that library because its the first search result. maybe a better fit for this project would be https://github.com/plangrid/flask-rebar or https://github.com/python-restx/flask-restx.
I'm not 100% that your getting the experience of developing a secure API if you are not marshalling your data.
I think my system shines in its simplicity
I think this is incorrect. from my perspective I've looked at defensive logic that makes the code look weird because you're not validating your input correctly.
https://github.com/Casvt/Kapowarr/blob/development/backend/volumes.py#L216 is an example of this. the request should be required to pass a full validation, match a set of inputs with correct values so that when you write code interacting with the data you aren't writing around weird edge cases like values not being set or being set incorrectly. my linter doesn't like this code either.
The swaggerUI part is just a bonus. I've found it quite handy when debugging a webapp to have it to run specific commands against the API.
As I've shown above. just because the data is simple doesn't mean that the data interaction can't be complex. Without proper validation/marshalling you're going to end up with weird code smells, edge cases and insufficient error messages.
edit:
sorry forgot to add. that this is a piece of software to download and manage comic books. the code should be focused on that rather than building in functionality that could be easily handled by a library.
from kapowarr.
We both agreed that the current system works (sort of...), but isn't ideal. It indeed needs a more professional approach, that's scalable, more pythonic and easier to maintain. Instead of immediately going to work for Kapowarr, I decided to first try to improve the system for MIND, which used the same input validation system, but on a smaller scale.
In the last few commits to MIND, I've built an entire input validation system that is exactly as professional as it should be. This new system also makes it possible to automatically generate API documentation (the generate_api_docs.py
script in the repo generates this) (result).
I think this is the way to go for Kapowarr too, if you agree.
from kapowarr.
I won't argue it looks good. but I would caution against reinventing the wheel. The advantages of using a library for this are considerable but main ones I would say are.
- Built in and extensive typing system is done already. with many of the gotcha's already encountered and resolved.
- API Documentation in a common format (SwaggerUI or similar) which provides an interactive interface to run queries against your code. This also provides a JSON spec file that can be used to generate stubs for JS code.
My concern is that auth and validation are hard problems and rolling your own can lead to a lot of pitfalls.
from kapowarr.
The library you linked is very big with loads of features, and I only need one of them. I don't like the ratio between the size of the library and how much of it I would be using. I'd rather build a solution myself then. And it's a nice addition that I also get extra experience on security and making secure API's. I'm coding to gain experience after all.
Built in and extensive typing system is done already. with many of the gotcha's already encountered and resolved.
I think my system shines in its simplicity. It checks the type of the input, it can check if the value is one of the allowed ones, a function that can check anything we want about the input. It's quite robust. Fixing all the gotcha's is simply expanding the validation function of the input. I added checks for all gotcha's that I could think of. I can always look through the library to see if I missed any.
API Documentation in a common format (SwaggerUI or similar) which provides an interactive interface to run queries against your code. This also provides a JSON spec file that can be used to generate stubs for JS code.
Honestly, don't really care that it's not in a common format. It's clear and simple. Does exactly what it needs to do.
For example when logging in, you need to give a password (if set). The value of the request is checked to be a string and not empty, then we hash it and compare the hashes. It's that simple and that's why there also isn't much that can go wrong (or can be "hacked"). In this context, the simpler something is, the more secure it is. And almost all inputs are this simple...
from kapowarr.
Related Issues (20)
- Stall PP/Update All when the other is running (DB locking) HOT 6
- Add special handling for Omnibuses
- Ability to convert image files HOT 4
- UID/GID support for container HOT 5
- Crash when importing existing library HOT 1
- Problem searching for comic with many special characters and a slash in its series title HOT 6
- Downloads hang on importing HOT 12
- Ability to write tags to issues HOT 2
- Better clarity around convert settings HOT 7
- Make 'Save' button in settings keep track of changes HOT 1
- Converting comics should only convert known files HOT 1
- Ability to verify downloaded/known issues and volumes HOT 3
- Add progress reports for tasks HOT 2
- Unable to add root folder due to hard-coded (plex-related) path in root_folders.py HOT 2
- Override database location HOT 3
- Queue is frozen HOT 3
- Posters bug out when deleting volumes
- Download from WeTransfer
- Crash on comicvine parsing during library import: ValueError invalid literal HOT 1
- Title on get comics replaced / with – and it doesn't get found HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kapowarr.