Standardize rule endpoint client identification#643
Conversation
bracyw
left a comment
bracyw
left a comment
There was a problem hiding this comment.
actually looking at this I think it would be better to add the client-id as a Header, instead of in the url param because rule_id forcing you to add the client_id after the "/rules/ " which makes querying possible conflict based on client_id. (so disregard the ticket recommendation of path param or body)
TLDR: let's pivot to Header based client-id
You can check rust axum docs on how to write the backend code for this. |
…tification-and-remove-basic-auth
…ient-identification-and-remove-basic-auth' into 561-standardize-rule-endpoint-client-identification-and-remove-basic-auth
bracyw
left a comment
bracyw
left a comment
There was a problem hiding this comment.
A few TODO's for ticket creation. But LGTM to merge!
| 'Content-Type': 'application/json', | ||
| Authorization: basicAuthHeader(clientId) | ||
| }, | ||
| headers: { 'Content-Type': 'application/json', ...clientIdHeader(clientId) }, |
There was a problem hiding this comment.
For another ticket, task we can make: transitioning to a slightly more abstracted tool than fetch, or further abstracting headers into multiple lambdas or a recursive lambda setup... something along those lines.
| }); | ||
| }; | ||
|
|
||
| export interface RuleSubscriptionRequest { |
There was a problem hiding this comment.
in the future a type like this could be good, but rn no abstraction needed.
| @@ -73,9 +73,11 @@ export class RulesTableComponent implements OnInit { | |||
| } | |||
|
|
|||
| async onToggleSubscription(rule: ClientRule, subscribed: boolean): Promise<void> { | |||
There was a problem hiding this comment.
a follow up ticket. I didn't really investigate the quality of toggle subscriptions when initially made. I will make this a ticket.
| client_id: String, | ||
| const CLIENT_ID_HEADER: &str = "x-client-id"; | ||
|
|
||
| /// client id comes from the x-client-id header, keeping it out of conflict-prone route paths |
There was a problem hiding this comment.
can you link to rust docs on this. like to keep everything more complex to the docs.
2 participants
Changes
Standardized client identification across all rule endpoints by moving
client_idinto the URL path. Previouslyadd_ruleanddelete_rulepulled it from a Basic Auth header whilesubscribe_rulesandunsubscribe_rulespulled it from the JSON body. Instead, all rule endpoint readsclient_idnow. The frontend API layer was updated to match this.Checklist
It can be helpful to check the
ChecksandFiles changedtabs.Please review the contributor guide and reach out to your Tech Lead if anything is unclear.
Please request reviewers and ping on slack only after you've gone through this whole checklist.
package-lock.jsonchanges (unless dependencies have changed)Closes #561