Use an API Library to validate and define the API endpoints about kapowarr HOT 4 OPEN

I figured that would be the response. (libraries are too large, rather build it myself)

Well I just linked that library because its the first search result. maybe a better fit for this project would be https://github.com/plangrid/flask-rebar or https://github.com/python-restx/flask-restx.

I'm not 100% that your getting the experience of developing a secure API if you are not marshalling your data.

I think my system shines in its simplicity
I think this is incorrect. from my perspective I've looked at defensive logic that makes the code look weird because you're not validating your input correctly.
https://github.com/Casvt/Kapowarr/blob/development/backend/volumes.py#L216 is an example of this. the request should be required to pass a full validation, match a set of inputs with correct values so that when you write code interacting with the data you aren't writing around weird edge cases like values not being set or being set incorrectly. my linter doesn't like this code either.

The swaggerUI part is just a bonus. I've found it quite handy when debugging a webapp to have it to run specific commands against the API.

As I've shown above. just because the data is simple doesn't mean that the data interaction can't be complex. Without proper validation/marshalling you're going to end up with weird code smells, edge cases and insufficient error messages.

edit:
sorry forgot to add. that this is a piece of software to download and manage comic books. the code should be focused on that rather than building in functionality that could be easily handled by a library.

from kapowarr.

We both agreed that the current system works (sort of...), but isn't ideal. It indeed needs a more professional approach, that's scalable, more pythonic and easier to maintain. Instead of immediately going to work for Kapowarr, I decided to first try to improve the system for MIND, which used the same input validation system, but on a smaller scale.

In the last few commits to MIND, I've built an entire input validation system that is exactly as professional as it should be. This new system also makes it possible to automatically generate API documentation (the generate_api_docs.py script in the repo generates this) (result).

I think this is the way to go for Kapowarr too, if you agree.

from kapowarr.

I won't argue it looks good. but I would caution against reinventing the wheel. The advantages of using a library for this are considerable but main ones I would say are.

• Built in and extensive typing system is done already. with many of the gotcha's already encountered and resolved.
• API Documentation in a common format (SwaggerUI or similar) which provides an interactive interface to run queries against your code. This also provides a JSON spec file that can be used to generate stubs for JS code.

My concern is that auth and validation are hard problems and rolling your own can lead to a lot of pitfalls.

from kapowarr.

The library you linked is very big with loads of features, and I only need one of them. I don't like the ratio between the size of the library and how much of it I would be using. I'd rather build a solution myself then. And it's a nice addition that I also get extra experience on security and making secure API's. I'm coding to gain experience after all.

Built in and extensive typing system is done already. with many of the gotcha's already encountered and resolved.

I think my system shines in its simplicity. It checks the type of the input, it can check if the value is one of the allowed ones, a function that can check anything we want about the input. It's quite robust. Fixing all the gotcha's is simply expanding the validation function of the input. I added checks for all gotcha's that I could think of. I can always look through the library to see if I missed any.

API Documentation in a common format (SwaggerUI or similar) which provides an interactive interface to run queries against your code. This also provides a JSON spec file that can be used to generate stubs for JS code.

Honestly, don't really care that it's not in a common format. It's clear and simple. Does exactly what it needs to do.

For example when logging in, you need to give a password (if set). The value of the request is checked to be a string and not empty, then we hash it and compare the hashes. It's that simple and that's why there also isn't much that can go wrong (or can be "hacked"). In this context, the simpler something is, the more secure it is. And almost all inputs are this simple...

from kapowarr.