[WIP] work on #541 #731
[WIP] work on #541 #731
Conversation
42b650e to
a2ed20e
Compare
|
yay! i'm so excited there's progress happening on this front. i'll do an in-depth code review in a bit. |
|
Now, this is starting to look good (in my opinion). I think there are still some modifications to do design wise (especially regarding the dialog when you create a key, which might not be up to standards), but I'd like your opinion on it before I go refining things anymore. Anyway take your time, I won't be here next week to check out your response anyway ^^ |
05f0a75 to
1123ce7
Compare
There was a problem hiding this comment.
Finally had a chance to take a look at this, and I added a couple of comments. I'm going to keep thinking about the overall design.
Do you have an idea about how to implement the api token authentication? I think it should be basic authentication, the same way that you can authenticate on the github api with your username and personal access token.
| @@ -0,0 +1,74 @@ | |||
| import PropTypes from 'prop-types'; | |||
There was a problem hiding this comment.
I'm not totally convinced this should be a separate page. it might be nice if it were in a lower section on the settings page. This is the current design for the settings page, though obviously it is not totally implemented. Maybe it would make sense to put the "Advanced Settings" under the user settings with a dashed border?
There was a problem hiding this comment.
The thing is, I don't think we should overwhelm "normal" users who are only interested in writing a few sketches with some advanced options like this; that's why I wanted to hide such advanced options on another page. But your guess is as good as mine.
|
Basic auth seems like the best way to do it yes, but we should also think of how the API will end up evolving. Right now we're only planning on using it for sketch uploads right ? Do you have an idea of which other features will be available through the API later on ? |
25d1a7f to
4919f08
Compare
|
For API features, I'm thinking pretty basic CRUD for sketches. The goal is for the web editor to be able to interface with other platforms, e.g. a user could have their code on the web editor and GitHub, could upload examples they have locally on their computer easily. |
|
That makes sense. Should I'll get working on the basic authentification as soon as I can ! |
5caf307 to
9271124
Compare
|
Okay, I have added a Strategy for Basic Auth using passport-http. Changes dans fixes asides, I think this is starting to look correct. Tell me what you think ^^ |
|
i'm not sure how to test if the basic authentication with the key is working. do you have a test route? also, i haven't had a chance to think about the design, but i will. |
|
Locally yes, I added : You can then test with |
|
@catarak Is there anything I can do to further progress on that front ? |
9271124 to
4bbe551
Compare
|
sorry for the delay, i'm not sure! i have a bit of a backup of PR's and i'm trying to get through some of those right now. |
4bbe551 to
a4ead6c
Compare
Before your pull request is reviewed and merged, please ensure that:
npm run lintFixes #123I started work on #541 (adding API keys to a user profile). I already worked on the design of the "Advanced Settings" page, which you can find by clicking on "Advanced Settings" in the
/accountpage (or by navigating to/account/advanced).As you can see by the mockup, users won't be able to see keys on their interface (since we'll store them hashed), so the only time they'll be able to copy them will be at creation (I took inspiration in GitHub's Personal Access Token system).
Next, I'll be working on adding this keys to the database, and to add the logic to generate, hash them, and store them.