treflehq / trefle-api Goto Github PK

For example, with this query

https://trefle.io/api/plants?q=rose

How does the API search based on the given keyword? Some of the common names returned does not have any rose inside.

Describe the bug
When querying anything from the API, the response headers contain the link header. It always points to http even when the request comes from https. The redirection works fine, but https should always be there.

To Reproduce
Steps to reproduce the behavior:

1. Query any endpoint with https
2. Check response headers for link header
3. See the value of the link header

Expected behavior
link value should have https endpoints

Describe the bug
When a browser issues a CORS pre-flight request (using the OPTIONS HTTP method), all endpoints return a HTTP 404 status code and do not provide information on the allowed CORS methods.

When a website attempts to request a resource from a difference resource (ie a website using the Trefle.io API), the browser will send a pre-flight request using the OPTIONS HTTP method. This method returns information on the CORS policy of the specified resource.

As the Trefle.io API does not return a valid OPTIONS response, the browser assumes that the CORS policy does not allow the specified request and throws an error.

To Reproduce

Using Curl
Make a request to any API endpoint using the HTTP OPTIONS request:

curl --location --request OPTIONS 'https://trefle.io/api/kingdoms' --header 'Access-Control-Request-Method: OPTIONS ' --header 'Access-Control-Request-Headers: origin, x-requested-with' --header 'Origin: https://example.com'

This request will return a status code 404 with the content:

Page not found

Using the browser

Alternatively the browser can be used to simulate this functionality by executing the following JavaScript in the browser:

let request = new XMLHttpRequest(); request.addEventListener("load", console.log); request.addEventListener("error", console.log); request.open("GET", "http://trefle.io/api/plants?page_size=3?cachebust=998"); request.setRequestHeader("Authorization", "<REDACTED>") request.send();

This will result in the browser issuing a similar error message (tested in Safari 13.1):

Preflight response is not successful

Expected behaviour
When the OPTIONS HTTP method is requested on a given resource, the resource should respond with status code 204 and the standard CORS response headers. For example:

HTTP/1.1 204 No Content Connection: keep-alive Access-Control-Allow-Origin: https://foo.bar.org Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE Access-Control-Max-Age: 86400

Additional context

More information on the pre-flight request can be found here: https://developer.mozilla.org/en-US/docs/Glossary/Preflight_request

The pre-flight (OPTIONS) request may need to take into account the API key in order to issue the correct Access-Control-Allow-Origin header. Alternatively, providing a wildcard response ("*") and issuing a separate Access-Control-Allow-Origin (and an error, if necessary) when an API key is used would also function but allow more requests than necessary to be made.

Some of the primary photos that are used are not the best identifiers, and sometimes there are no photos, so it would be nice to be able to 'submit a correction' for images like you can for other categories.

Describe the bug
CORS support not properly implemented for client-side tokens.

To Reproduce
Steps to reproduce the behavior:

1. Try to use fetch() in a Node.js app to get a client-side token

fetch(
    `https://trefle.io/api/auth/claim?token=${TREFLE_TOKEN}&origin=${PUBLIC_WEBROOT}`,
    {method: "POST", header: {"Content-Type": "application/json"}}
  ).then(t => console.log("client-side token", t));

2. fetch() fails with error stating that CORS policy blocks access to the fetch data because there is no Access-Control-Allow-Origin set in the response header

Access to fetch at 'https://trefle.io/api/auth/claim?token=***&origin=***' from origin '***'
has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present
on the requested resource. If an opaque response serves your needs, set the request's
mode to 'no-cors' to fetch the resource with CORS disabled.

TrefleDB.js:5 POST https://trefle.io/api/auth/claimtoken=***&origin=*** net::ERR_FAILED

Uncaught (in promise) TypeError: Failed to fetch

Expected Results

curl -i -X POST "https://trefle.io/api/auth/claim?token=***&origin=***"

On the other hand, in cURL which does not use CORS policy because it is not a browser script, the client side token is returned.

HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Sat, 17 Aug 2019 21:55:03 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 372
Connection: keep-alive
cache-control: max-age=0, private, must-revalidate
x-request-id: 2mtt8tp7c4f6ilqi4s133c53
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff

{"token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpcCI6WzQ4LDQ2LDQ4LDQ2LDQ4LDQ2LDQ4XSwiaXNzdWVyX2lkIjoxMTE2LCJvcmlnaW4iOiJodHRwOi8vbG9jYWxob3N0OjMwMDAiLCJhdWQiOiJKb2tlbiIsImV4cCI6MTU2NjA4NjEwMywiaWF0IjoxNTY2MDc4OTAzLCJpc3MiOiJKb2tlbiIsImp0aSI6IjJtdHQ4dHA3aGs5c2tscWk0czVyajUxMiIsIm5iZiI6MTU2NjA3ODkwM30.mmZ6QWyESWAbgTde3jJWaJrys-qnCTZ230a8tbzBtdU","expiration":1566086103}

As I understand the standard, setting 'nosniff' for X-Content-Type-Options will always enable Cross-Origin Read Blocking on content types of 'application/json', so I think that might have to change along with setting Access-Control-Allow-Origin so that the fetch results can be read in browser code. Not that I really understand much of this, I'm pretty new to interacting with credentialed APIs. But it seems to me there are some more headers that need to set in the response on Trefle.io side for us to be able to actually use these client-side tokens in browser code.

Thanks for working on this.

Describe the bug
Link to issues board on readme goes to https://github.com/orgs/treflehq/projects/1 whereas it should go to https://github.com/orgs/treflehq/projects/2

To Reproduce
Steps to reproduce the behavior:

1. Go to 'readme' on https://github.com/treflehq/trefle-api
2. Scroll down to 'How to contribute' section
3. Click 'Issues board' link

Hi, the current limit when fetching species/plants is 20. It would be useful to have more control over this by having the limit parameter exposed as part of the API, which would be optional and would default to 20.

Example

https://trefle.io/api/v1/plants?token=<Token>&limit=6

Done via Headway: https://headwayapp.co/trefle-changelog

156 results for both yes/no

Describe the bug
Text is confusing

To Reproduce

1. Go to https://docs.trefle.io/docs/guides/reporting-errors
2. At bottom of page, look at text under "Testing"
3. Read it. The second sentence reads "They will be not reviewed, and automatically rejected after some time."

Expected behavior
A clear explanation of whether testing a report will be reviewed (by treflehq) and whether and under what conditions the report will be accepted or rejected

Additional context
Reading this, it sounds to me like if you test then your report will not be reviewed (by a human) and will be automatically rejected (by a machine). That's not the case, is it?

When I first opened the api docs it appears the responses are formatted according to the JSON:API specification, only after inspecting the data property it turned out to not be the case. The likeness is really close though, even upon further inspection in the source code it looks like its already akin to a JSON:API formatter (in /app/serializers).

This is an actual example response from the docs.

{
  "data": [
    {
      "id": 1,
      "name": "Plantae",
      "slug": "plantae",
      "links": {
        "self": "/api/v1/kingdoms/plantae"
      }
    }
  ],
  "links": {
      "self": "/api/v1/kingdoms",
      "first": "/api/v1/kingdoms?page=1",
      "last": "/api/v1/kingdoms?page=1"
  },
  "meta": {
    "total": 1
  }
}

and this is how it would look like with JSON:API:

{
  "data": [
    {
      "id": 1,
      "type": "kingdom",
      "attributes": {
        "name": "Plantae",
        "slug": "plantae",
      },
      "links": {
        "self": "/api/v1/kingdoms/plantae"
      }
    }
  ],
  "links": {
      "self": "/api/v1/kingdoms",
      "first": "/api/v1/kingdoms?page=1",
      "last": "/api/v1/kingdoms?page=1"
  },
  "meta": {
    "total": 1
  }
}

The most notable changes are a 'resource type' property, and the attributes being wrapped in an 'attributes' field (if there's relationship fields in a response, these will be wrapped in a 'relationships' object similarly).

The advantage of JSON:API is that it allows the usage of sparse fieldsets and compound documents, both aimed towards flexibility and reducing/optimizing the payload, allowing to pick and choose resources, much like GraphQL.

Another great benefit is the predictability of each response, and on top of that the plethora of tooling available to parse JSON:API documents. The nice thing about sparsefield sets and compound documents is that they are optional, allowing for an iterative upgrade path, with only (relatively) small changes to start out with.

For example, GET api/plants?max_height=4.0 would return any plants up to 4.0 feet.

And GET api/plants?flower_color=Red,Pink would return any plants with Red or Pink flowers.

From the discord channel (#help):

When retrieving plants in a given distribution, I'm trying to use the filter functionality on the common_name field, but it appears that this has to be an exact name in order for it to return results. Is it possible to make this return values based upon a 'like' operator? So, if for example I used the word 'tulip' at the end, it would return plants where the common_name contained words 'like' tulip. Is that possible?

/api/v1/distributions/{zone_id}/plants?token={token}&filter[common_name]=tulip

I'm just trying to return plants on a given search name based upon a selected distribution but I couldn't make it work in the way I wanted/hoped.

when fetching a plant there's status and rank which are listed as required but the enum states null as an option

Hello,

First of all thank you for the big work behind this API!

I am developping a Flutter application using the Trefle API, on my android phone when waiting for a response from the API I get this error in the console:

Unhandled Exception: HandshakeException: Handshake error in client (OS Error:
CERTIFICATE_VERIFY_FAILED: unable to get local issuer certificate(handshake.cc:354))

I searched for the certificate using the Chrome or Firefox app on my phone and it seems that trefle.io is using a HSTS technology for the certificate as described here:

Le site www.trefle.io est actuellement inaccessible, car il utilise la technologie HSTS. Les erreurs réseau et les attaques sont généralement temporaires. Vous devriez donc pouvoir accéder à cette page plus tard.

Let's say I search a plant on my app, say "basil", the uri would look like that:

https://trefle.io/api/v1/plants?token=[PERSONAL_KEY]&q=basil

If I type it directly on Chrome or Firefox (desktop) I get a JSON.
If I type it from my android mobile phone Chrome or Firefox I get a certificate issue.

What's wrong? Do you think it has a issue with https instead of http?

Describe the bug
The LetsEncrypt certificate for trefle.io is expired as of July 13, 2019 at 7:36:16 AM PDT.

To Reproduce
Steps to reproduce the behavior:

1. Go to https://trefle.io
2. See certificate validation error.

If you are trying to find plants that are "appropriate" for your geo location then you need to know whether the plant will survive in your geo area...and that is what the USDA Plant Hardiness Zone is supposed to tell you. Without that information you can't be sure whether the plant is suitable for your climate. So please add plant hardiness zone info to the DB for every plant....It may be that you'd provide a way to filter on plants based on a range of PHZ values (e.g., between 9a and 11b) as plants will likely be able to survive in a range of PHZs.

Thanks for your consideration.

Describe the bug
Attempting to get a client side token returns a 404

To Reproduce
Navigate to https://trefle.io/api/auth/claim

Expected behavior
A client side token an expiry are returned in order to make client side requests to the api

Describe the bug
Everything was working fine, but all of a sudden all plant objects were returned with all values for "common_name" as null. I increased the page size to be sure that it wasn't just the first 25, and all 100 had no common_name. I haven't changed anything in my queries or server, so I am wondering if it's something on Trefle's end.

To Reproduce
Steps to reproduce the behavior:

1. GET "/plants"
2. All results common_name are null

Expected behavior
Expect most to have common_name values

Describe the bug
Submitting the form on the "add a missing species page results in a 500 error and a plain text "Internal server error" message.

To Reproduce
Steps to reproduce the behavior:

1. Go to https://trefle.io/species_proposals/addition
2. Fill the form, e.g. with http://dbpedia.org/page/Echinopsis_peruviana
3. Submit
4. See error

Note: I did not fill out the "Species Type" field because I wasn't clear what that maps to.

Expected behavior
Expected a success message or a validation error

We should be defaulting the API to use the metric system only. It's the only system used in science and any other system should be converted by the consumer of the API to meet localisation.

Try to get links from seeds providers and show them in the API

I stumbled upon an inconsistency in the planting density fields - I couldn't figure out how the values in acres and square meters relate.

Take for example the American Hornbeam (https://trefle.io/api/plants/117252):
planting_density_minimum: sqm: 2832802, acre: 700

700 trees per acre amount to 5.78 square meters per tree.
2 832 802 per square meter is obviously too many. If I assume 'sqm' refers to a square kilometer, I get 35.3 square meters per tree.

What am I missing?

Describe the bug
A clear and concise description of what the bug is.
Getting a 504 Gateway Time-out response
To Reproduce
Steps to reproduce the behavior:

1. Submit API GET request on Postman to 'https://trefle.io/api/v1/plants/search?q=rose&token={{token}}'
2. Hit Send
3. See error, no valid JSON response

Expected behavior
A clear and concise description of what you expected to happen.
A JSON object should return with zero or more entries of plants in the database.

Screenshots
If applicable, add screenshots to help explain your problem.
Also, I notice the site is also down currently.

Additional context
Add any other context about the problem here.
This is an intermittent problem. Sometimes the responses come back just fine, but every other time seems to be an issue.

Provide translations of Plants common name in major languages

find out if there are any matches where the minimum_temperature > deg f is equal to minimum_temperature > deg c and then the same for maximum_temperature > deg f is equal to maximum_temperature > deg c

Describe the bug
On the landing page, under A Complete Plants API for ... students, "Get in touch ! We try to support as much as we can educational projects !" should be changed to "Get in touch! We try to support educational projects as much as we can!"

I found that Trefle is really lacking of a Getting started guide for unexperimented developpers

It would be great to have at least one plant id that had complete data within it. This would be a great help when working on apps that want to use trefle.io. Thanks!

I'm using the API to prefill data for plants in our app's admin, when we add/create them. There are a few that Trefle returns as empty [] or complete_data = false and I'm wondering if you're considering adding the ability to add or update data via the API. That way, when we complete adding a plant to our database, we could also add it to Trefle or update incomplete data. Thoughts?

Right now I feel overwhelmed when I try to browse plants, because there is way too many.

It would be interesting to split "all the plants" and just the vegetables, maybe by making a specific set of API calls for farming plants.

Describe the bug
I could not find any license information for the data that can be downloaded or that is uploaded by users.

Expected behavior

1. A clear, concise description and legal implications about what is allowed with the data fetched trough the trefle.io API and/or a data license.
2. A clear, concise description and legal information on the data uploaded through the "Complete our data" feature at https://trefle.io/species_proposals/create.

The plant input field has autocomplete that doesn't works (the suggestions can't be selected)

To Reproduce:

1. Go to any contribution page
2. Enter any plant name
3. Try to select a suggested plant

Is your feature request related to a problem? Please describe.
Trying to do large-scale processing of the Trefle dataset takes a long time due to the hardcoded page size of 10.

Describe the solution you'd like
A page size parameter across all resource-bearing endpoints that changes the amount of results returned. It would be excellent if this went up to at least 1000. The /plants endpoint is a specific painpoint for my use case.

Describe alternatives you've considered
The only possible alternative is making tens of thousands of requests instead of hundreds

Hi there.

I'm using trefle for a simple web app, and I was trying to use the family_common_name as a filter for querying plants when I noticed something: there're some plants that have a family definition, but don't have a family_common_name value, as the example below (plant id = 220023).

{
 [...]
  "duration": null,
  "family": {
    "common_name": "Arum family",
    "id": 65,
    "link": "http://trefle.io/api/families/65",
    "name": "Araceae",
    "slug": "araceae"
  },
  "family_common_name": null,
  "forms": [],
[...]
}

My suggestion is to use the family object property common_name when querying for family_common_name instead of having a property on the plant model to do it. Is it possible?

Fix the spelling of “propagation” in the parameters as propogation.

Note: does it need removing from the range parameter section because it doesn't contain numbers?

My specific use case was to get all plants with a minimum temperature

Originally posted by @tabuckner in #6 (comment)

Is your feature request related to a problem? Please describe.
When I attempt to add more species to the API (specifically Jalapeno in this case) I'm unable to due to the author field requiring an input. When attempting to use null I receive a 500 Internal server error from the application.

Describe the solution you'd like
Allowing the Author field to not require an input would allow species without a clear author to be added to the Trefle API and make it easier for contributors to add more species.

Describe alternatives you've considered
Allow the Author field to use null as a replacement for an empty value. The API already does this for lots of other fields.

The images fields on the API are not fully complete, is there a way to:

• Complete them
  OR
• Allow contributors to complete them ?

Support the Swagger API schema and make the final JSON file downloadable for further uses.

Hi,
I keep doing researches on the API but few characteristics seems never appear (shade_tolerance or root_depth_minimum seems always equal to null).
I tried for phacelia, sorrel, carot and few other vegetables.

To Reproduce
Steps to reproduce the behavior:

1. Go to 'https://trefle.io/api/species/104914?token=L0I0bG0za25sTE1CVnl1bzdsYnBDUT09&164822'
2. Search for root_depth_minimum
3. Appear null

Expected behavior
A string variable which complete the plant characteristics.

Screenshots

Additional context
I hope these are only particular cases but I still not get anything else than a null value for those characteristics.

Describe the bug
The USDA Leaf Retention field maps correctly when the USDA reports a "Yes" value. Trefle states "true". However, when the USDA reports a "No" value, Trefle does not report a value and simply states "null". "null" and "false" are not the same thing.

To Reproduce
To see "Yes" correctly mapped to "true":
https://plants.sc.egov.usda.gov/java/charProfile?symbol=ABFR
https://trefle.io/api/species/101129

To see "No" incorrectly mapped to "null":
https://plants.sc.egov.usda.gov/java/charProfile?symbol=ACSA3
https://trefle.io/api/species/101870

Describe the bug
The published swagger.yaml isn't valid according to the OpenAPI 3.0 specification.

To Reproduce
Steps to reproduce the behavior:

1. Go to https://petstore.swagger.io
2. Import https://docs.trefle.io/swagger.yaml
3. Scroll down to Invalid at the bottom of the page
4. Click to see errors (type properties on parameters etc)

Expected behavior
The swagger.yaml should pass OpenAPI 3.0 validation for improved interoperability.

In the plant response, show the measurements in feet and meters

I've tried sending multiple emails (on 5/2/2020, 5/3/2020) to [email protected] (email listed on website for contact info) and each and every time I get a failure to deliver notice. Is this email address no longer operational? Is there alternative email address where I could send questions?

Cheers