collactionteam / collaction_backend Goto Github PK
View Code? Open in Web Editor NEWBackend code for CollAction
Backend code for CollAction
Issue: https://github.com/CollActionteam/collaction_backend/runs/4453953747
Potential solution: Explicitly define the dependencies in the template (see aws/serverless-application-model#192 (comment))
The crowdaction IDs in the example event JSON files do not match the pattern of IDs in the table (e.g. sustainability%23food%23veganMonth22-12
)
see docs/api2.yaml
⚠ Please notify the frontend team about the changed endpoint in the API when merging.
If the template parameter for FirebaseProjectId
is empty, allow unsigned JWTs for easier testing.
see /auth/auth.go
Use Hashcash (or a derivative algorithm) to protect the email contact endpoint against spam.
The following regex pattern should be enforced for the field app_version: ^(?:ios|android) [0-9]+\.[0-9]+\.[0-9]+\+[0-9]+$
Pagination in the API should be implemented as an extension to JSend.
A successful response may include the field nextPage
(null
, if it does not exist) and should accept the query parameter page
with a default value if not present.
Example request:
GET /some/path?page=<PAGE_ID>
Example response:
{
"status": "success",
"data": { ... },
"nextPage": <PAGE_ID>
}
⚠ Please update the API documentation when implementing pagination.
(This ticket should remain open until all "legacy" features have been switched to pagination)
Replace all uses of APIGatewayProxyRequest
with APIGatewayV2HTTPRequest
Encoding issue when fetching values from DynamoDB ("&" becomes "\u0026" in the image URLs e.g. on /crowdactions?status=ended
).
(DynamoDB uses UTF-8 which should also be what GoLang uses by default)
Create and document a GNU Make makefile that invokes all frequently used commands as suggested in #90.
see docs/api2.yaml
⚠ Please notify the frontend team about the changed endpoint in the API when merging.
Should we use godoc to generate and host code documentation using the CI/CD pipeline?
This is confusing: https://github.com/CollActionteam/collaction_backend/blob/development/docs/api.yml#L101
Change to: "Get participatiON..."
⚠ Blocked until friend or follower feature is defined and planned
list of (name, phone_number)
to list of (name, userID)
phone_number
-> userID
)It may take up to 24h for an updated profile picture to show up in the app because this is the default expiration time for the Cloudfront distribution.
Instead, the cache should be invalidated as soon as the new profile picture was uploaded (see https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Invalidation.html).
We should filter the fields that we return when looking up a user profile.
It is not necessary to include the user id, since it was already used in the request.
We should definitely not include the phone number, since this may be abused to collect phone numbers of our users.
https://github.com/CollActionteam/collaction_backend/blob/development/email_contact/main.go#L58
We should not return the MessageId, since it is internal information and not a useful API response for the user.
Instead, return a "generic" confirmation as JSON like { "message": "message sent successfully" }
.
Tasks:
/crowdactions
) under /profiles/{userID}/participations
top_participants
) under /crowdactions/{crowdactionID}/participations
Event for /whoami seems to be missing.
Create and test in AWS console.
⚠ Blocked by #111
From Jira CAN-99:
Currently, there is no pagination needed as the list of actions is small but hopefully, there will be a lot of them so pagination will be mandatory in the end
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Query.Pagination.html
Outline:
New query parameter page: e.g. api-dev.collaction.org/crowdactions?status=ended&page=eyJwayI6ImFjdCIsInNrIjoic3VzdGFpbmFiaWxpdHkjZm9vZCN2ZWdhbk1vbnRoMjAtMTIifQ==
New response:
{
data: [...], // The list of crowdactions returned by the backend
next_page: "eyJwayI6ImFjdCIsInNrIjoic3VzdGFpbmFiaWxpdHkjZm9vZCN2ZWdhbk1vbnRoMjAtMTIifQ==" // Next page key as Base64 or null
}
Obtaining value for next_page
to return from models/crowdactions.go#listCrowdactions:
startFrom
is of type utils.PrimaryKey
(aka map[string]*dynamodb.AttributeValue
){"pk":"act","sk":"sustainability#food#veganMonth20-12"}
)startFrom
for models/crowdactions.go#listCrowdactions
:Shorter page IDs:
Instead of converting the primary key to a JSON file, concatenate pk and sk and obtain the base64 string which should reduce the length of the generated page ID. Here is an example using the same primary key:
JSON → eyJwayI6ImFjdCIsInNrIjoic3VzdGFpbmFiaWxpdHkjZm9vZCN2ZWdhbk1vbnRoMjAtMTIifQ==
pk.sk
→ YWN0LnN1c3RhaW5hYmlsaXR5I2Zvb2QjdmVnYW5Nb250aDIwLTEy
Use $ref: './part.yaml'
as described here.
From Slack:
Thoughts on using a page out of Java's book with the class StringBuilder
(and maybe method chaining) to consistently and maintainably implement request handling on the backend?
Example:
func handler(ctx context.Context, req events.APIGatewayV2HTTPRequest) (events.APIGatewayV2HTTPResponse, error) {
handlerChain := new(HandlerChain)
.append(validateRequestMyHandler) // Check parameters
.append(authentiate) // (optional) Store user info in ctx
.append(processRequestMyHandlerPart1)
.append(processRequestMyHandlerPart2) // There could be multiple steps to processing a request
.append(processRequestMyHandlerPart3)
return handlerChain.handle(ctx, req)
}
Every handler only invokes the next one if there is no error, otherwise it returns the error response.
This way we can return an error using shared code without adding unrelated logic to the handlers.
Please discuss! 🙂
To ensure that all features are working, we should perform regression testing on the entire backend:
Depends on #56
see docs/api2.yaml
⚠ Please notify the frontend team about the changed endpoint in the API when merging.
Use the cfn-include preprocessor to combine several smaller template files into the final template file to be deployed.
(Similar to #98)
This requires NodeJS.
I we actually end up using this, we might want to look into using NodeJS/NPM for other things as well, such as porting scripts to NodeJS and also using it for other automation tasks/tools (see #91)
RegEx: ^(?:ios|android) [0-9]+\\.[0-9]+\\.[0-9]+\\+[0-9]+$
(see: https://github.com/CollActionteam/collaction_backend/blob/development/internal/models/contact.go#L8)
Also: Add line break between message and app version.
Some crowdactions should require/offer periodic check-in by participants to continuously track/confirm their participation.
This requires some changes to the API, backend logic and internal state of the participations.
Changes:
PAY_PER_REQUEST
) for DynamoDB (see docs)template.yaml
file.After a user joins a crowdaction, they may see a "pop-up" with additional steps to take in order to improve retention and increase engagement. (see design)
The content is specific to each crowdaction and is stored (DB field post_join_call_to_action
containing JSON string).
The following example shows the required fields and implied schema:
{
"title": "Where to start?",
"subtitle": "Need help hetting started? Here is an idea for your first groery list, let's go shopping!"
"action_items": {
"is_numbered": true,
"items": ["Garlic", "Rosemary", "Thyme"]
},
"call_to_action_subtitle": "Need more ideas? Feel free to join our WhatsApp group and ask around, we would love to help you!",
"button_dismiss": "Ready to get started",
"button_action": {
"text": "Join us on WhatsApp",
"link": "https://chat.whatsapp.com/..."
}
}
Steps:
There should only be one place in which the API is documented.
Delete individual README.md
files for functions and update docs/api.yml
.
⚠ Confirm with design and frontend if the specification for this feature is ok!
Tasks:
*Implement using flag, so comments can be "un-deleted".
Tasks:
/crowdactions/{crowdactionID}
only returns if the correct password is provided in the request (only if password not empty)/crowdactions
(e.g. commitment options should not be returned)/crowdactions?status=featured
should return the top_participants
see docs/api2.yaml
⚠ Please notify the frontend team about the changed endpoint in the API when merging.
/hello
, /whoami
)Bug:
Error: Failed to create changeset for the stack: dev-some-developer, ex: Waiter ChangeSetCreateComplete failed: Waiter encountered a terminal failure state: For expression "Status" we matched expected path: "FAILED" Status: FAILED. Reason: Template format error: Unresolved resource dependencies [StaticContentDistribution] in the Resources block of the template
How to reproduce it:
Follow the instructions for deploying a developer stack here.
Issue:
StaticContentDistribution
is not defined when deploying without the parameter DomainParameter
.
Solution:
Conditionally set value of the environment variable CLOUDFRONT_DISTRIBUTION
using:
!If [shouldUseCustomDomainNames, !Ref StaticContentDistribution, ""]
(ternary operator).
A condition to ignore empty values for this environment variable parameter already exists, so no further action should be required. (Nonetheless the corresponding feature should be tested after this change)
https://github.com/CollActionteam/collaction_backend/blob/development/models/crowdaction.go#L36
The name of the JSON-field should be subcategory
, not sub_category
.
Currently, date values are stored as serialized strings.
This has a few disadvantages:
To mitigate this, we should switch to using unix timestamps instead.
Things this approach would not solve:
❗ This is merely a suggestion that has pros and cons. Feel free to discuss 🤔💬
Steps
see /contact
in docs/api2.yaml
X-CollActionAPI-Version
is optional in request and loaded, but not further processed (maybe leave todo in the code)A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.