aleyasen / darshanvis-ui Goto Github PK

Overall, too much white space and scrolling.
Third component (at bottom RHS) needs to take up less room, like the first component at top. Labels in third component might need to be shorter to help make this happen.
Make LHS component narrower.

All DB access by the app should be read-only. If an attacker successfully takes over a DarshanViz session, we don't want the attacker to be able to do more than read the DB. That means that the app's userID at the DB should only have read access to the DB. In other words, it's not enough for all of the app's SQL calls to be read-only. The app's userID at the DB has to be restricted to read-only-ness.

fix sorting modal for breakdown chart.

Change browser tab name to say something like DarshanViz.

Add the top apps page to dashboard, it should be first option in the LHS menu.

Fix percentage breakdown to only go up to 100.

Currently have a configuration file to set the choice of DB. This is too cumbersome. Add a feature that allows the user to choose between multiple dbs on their settings page. A link to the Settings page can be added at the top left of the screen, which is not very crowded.
Default for a new user should be the test database backend, so that a new user sees something interesting immediately. Default for a returning user should be the last DB they looked at.
Say somewhere at the top of the screen which db the user is looking at. (OK to use a nickname chosen by the user, as real names might be kind of awful.)

Currently, refresh URL in browser --> lose all state. This is undesirable. Add a cookie that remembers the user's state across browser refreshes.

The SQL statements need to be constructed and submitted differently than they are now. Each kind of call (i.e., with certain clauses in it and kinds of conditions, such as a date range or a user name or app name and group by or order by or whatever) needs to be defined as a template with placeholders for the actual values of dates/username/app name/etc. There might be around 8-10 of these templates. DarshanViz needs to make the MySQL call "Prepare" on each of these templates. This is super important. Then for the actual call, you just make a SQL call with the previously prepared template and the placeholder values that you want to use. This is super important for security.

Highlight the analysis on the LHS component that the user is looking at.

• For this admin version: change it to show one of the top apps screens at startup
• For ordinary users: change it to show the app they ran last. The user field should be filled in automatically with their name, so they don't get confused.

a Docker with a MySQL that ANL can add more data into.

Change default dates to be the first and last dates in the dataset, rather than today and whenever.

If the default chart for sysadmins includes all users and all apps: it needs to say so in the boxes where the user can choose a user and an app. More generally, "All" should be an option to choose, and it should be displayed if it is the default.

Change the default to be linear scale, not logarithmic, on all axes.

add a fake login page with stub where a supercomputing site could add a call to their own authentication service and return success or failure. For now it can just always return success and log people into a superuser identity/role, because we are in a friendly user mode now. In the longer run, users must authenticate to an identity on the supercomputer whose jobs we will see, unless they are a superuser. In general, we should not write any authentication code ourselves -- use existing libraries/services. Find one that sanitizes the username input, and possibly the password.

Change date interface to support last day/week/month/year, in addition to picking exact dates.

The cookie mentioned below needs to have a token/nonce/whatever in it to make it unforgeable and unreplayable (you should be able to use pre-existing code to make this happen. Don't write this code yourself. You don't want to have to think about the kinds of subtle attacks that attackers love to dream up.)