bobaboard / boba-backend Goto Github PK
View Code? Open in Web Editor NEWBobaBoard's Backend
Home Page: https://www.bobaboard.com
License: MIT License
BobaBoard's Backend
Home Page: https://www.bobaboard.com
License: MIT License
This is a catch-all bug for standardizing variable names in the server (feel free to propose more changes, and create an appropriate bug for each change as you decide to work on it/feel like doing some filing work):
thingStringId
.Zod is a library that allows us to define and validate the shape of a JavaScript object and automatically generates the corresponding TypeScript types.
We want to create Zod types for all the SELECT queries in our database to provide strong typings to the data coming out of the database.
If getUserStarFeed
also returns the cursor, check whether the cursor is returned correctly. You might want to have jersey devil have TWO starred posts so you can do a page of 1 and get a "next page" pointer.
Originally posted by @essential-randomness in #38 (comment)
REALM_MEMBER_PERMISSIONS
arrayrealm_user_roles
to have a Realm idensureRealmPermissions
handler in handlers/permissions.ts
invites endpoint
on the existence of the "create invite" permission.POST
on /realms/invites
Add realm_users
table with:
users
)realms
)Unique index on realm_id, user_id
(there shouldn't be more than one entry where both of these are the same)
From Discord:
we have every type of permission in this object currently https://github.com/essential-randomness/bobaserver/blob/39ab7bd0f9c19a313a9b0c2bdf7071e869fec4cc/types/open-api/permissions.yaml#L3
but then the realm permissions are somewhere else
it's ok like this for now, we should just document it somewhere and also figure out whether we want a unified system
See Allow creating a new bobadex from a gSheet #126 for more information.
not a big one, but there are still a few cases where a number id is being passed when it should be an external id (ie- realm accessories). extending from standardizing variables
Fetching of Realm notifications is really slow and needs to be redesigned. Luckily, we already did some work splitting the "realm data fetching" endpoint (/realms/slug/{realm_name}
) and the "realm notifications" endpoint (/realms/{realm_id}/notifications
). However, the data fetching endpoint still uses the query that also fetches notifications, which is less than ideal.
Let's fix that!
getRealmBoards
is our entry point into the infamous "white whale query", the worst performing boba query that we have declared unfixable.getRealmBoards
query as data comes out of the database/realms/slug/{realm_name}
endpoint/realms/{realm_id}/notifications
endpoint/realms/slug/{realm_name}
endpoint/realms/slug/{realm_name}
endpoint to use that querygetRealmBoards
query is used in other parts of the codebase that don't need it.While this gets fixed we'll be working on improving the performance of the notifications query by leveraging Redis.
We made the GoreMaster role global so boba-tan could have the admin role permissions. We should have a specific admin role for that case.
threads/:thread_id/hide
endpoint HTTP method to PUT{ hidden_thread_note: string | null }
Modify endpoint and related queries such that:
Should add realm_id for invite in account_invites
table: https://github.com/essential-randomness/bobaserver/blob/main/db/init/000_init.sql#L29
The server should only return the invite code and let the client construct the invite URL. If we don't do this, then we leak info that the client is in charge of to the server.
Endpoints to be updated:
/realms/{realm_id}/notifications
endpoint to users/@me/notifications/realms/{realm_id}
users/@me/permissions/realms/{realm_id}
and have it return the user's realm permissions instead of /realm/{realm_slug}
getUserPermissionsForRealm
query to check that user is a member of the realm and append default realm member permissionsensureBoardAccess
handler to check for accessLockedBoardOnRealm
permissionensureRealmPermission
(will have to include realm_id in req for any gated route, or extract it from existing info)[Currently the get /realms/realm_id/invites/
endpoint is setup to only return the pending invites for the realm.]
The "right" way of doing it would be to return all the invites (with pagination), then have a status
get param which allows to filter by status. For example, our request could be:
/realms/v0/invites?status=PENDING
to only get the pending invites.
Two things that I didn't add in the design that prevents us from doing this the right way:
expired_at
and didn't want to duplicate the information, but I was wrong. We should have a status field which has at least: PENDING
, ACCEPTED
, EXPIRED
(potentially for the future REVOKED
).Originally posted by @essential-randomness in #53 (comment)
many error messages are non-descriptive and unhelpful (ie: 500 error
)
note
field to user_hidden_threads
tablehiddenThreadNote
to DbThreadType
type definitionhiddenThreadNote
to ThreadSummary
type definitionCurrently all Realm invites have the potential to create a new user account.
Before the implementation of additional Realms beyond Fandom Coders, we need the ability to control how many new Boba users a given Realm's leadership team has the ability to create in a given time period. Possible options for the design of this mentioned so far include:
a) Splitting off sign-up invites from Realm invites entirely and giving them separate endpoints.
or
b) Simply adding a boolean to check whether an invite has the power to create an account in the invites table
Some previous history of this issue can be found here: #46
Further consideration of the design of the invite flow is required to resolve this issue.
/users/invites/
thread-by-string-id
SQL query to SELECT the note, if existshiddenThreadNote
to the returned data from makeServerThreadSummary
ThreadSummary
GET
endpoint for realms/invites
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.