Our models have decent tests, but not the controllers :\

EDGI is standardizing on GPL3 for now; need to add that to the repo.

The root/home page for the site should be a simple “what is this???” with some info on the basics of the API.

The readme file does not have instructions to create development database and to edit the corresponding file to append their passwords for proper firing of rails server

For development it would be easier if admin password was not random uuid, but "PASSWORD", because it's written like this in default processing's .env file.

This way it would work out of the box.

Random password is ok for setting production env, but then you are not seeding data, right?

This will allow us to do custom diffs and filtering later as needed. For now, probably store them in S3, but maybe that will change to Google Could Storage if we are going to all Google services.

Right now, we have a special admin? flag on users that mainly controls whether they can get into the admin area to invite or delete users. We should make the permissions system a little more granular and separately grant users:

• Admin capability
• Permission to annotate versions
• Permission to import/create versions/pages

For safety, we probably want services that import things to only be able to import and not create annotations, while we might want most users to only be able to create annotations but not import.

We recently added API documentation to the home page using Swagger: #58
We ALSO recently added an API for getting diffs between two versions of a page: #60

Sadly, these were poorly coordinated and done at the same time, so the docs don’t cover the diff API. We should add documentation for it by updating the swagger.yaml file in the root of the project.

(For more details on Swagger, see: http://swagger.io)

We originally wanted to produce a nice audit trail by making annotations append-only, but after discussing on a call yesterday, @danielballan and I think enabling a nicer analyst UI that doesn’t require explicit commits is probably more important than the benefits of being append-only.

The API probably shouldn’t change for this. Instead, POST /api/v0/pages/{id}/versions/{id}/annotations should edit an existing annotation by the current user if there is one.

New Relic may be a good basic approach, but we should probably have some specific error monitoring. Some options:

• Sentry (https://sentry.io) I am a fan, but lament the name confusion it will inevitably have with the archives project
• Airbrake (https://airbrake.io) It does its job, but I have spent a great deal of time butting heads with its UI in the past; I prefer Sentry
• Rollbar (https://rollbar.com) I've seen this advertised all over the place, but have never used it.
• ?

When querying /api/v0/pages and using both the include_version and capture_time query args, versions can occasionally be returned out of order. Here’s an example in practice:

https://web-monitoring-db-staging.herokuapp.com/api/v0/pages?site=DOI%20-%20doi.gov&capture_time=2017-05-31..&include_versions=true

Once upon a time, in the very first implementation of all this, I had JSON + HTML routes at:

• /pages
• /pages/{page_id}
• /pages/{page_id}/versions
• /pages/{page_id}/versions/{version_id}
• /pages/{page_id}/versions/{version_id}/annotations

Those have all long-since been superseded by the /api/v0/* routes and I’m not aware of any clients using them. We should take them out.

I think we still need to handle authorization locally, but we should be using the shared identity infrastructure, at least.

Marking as v1 for now.

Add a JSON API for getting data in/out of the DB. For writing, this depends on #1.

• I'm operating on seed data.
• In UI I've opened first link
• I've clicked Update Record
• I got following error:

Started POST "/api/v0/pages/9c1b56f8-b044-47f4-8d1e-1cea8be1788a/versions/50b2b776-3390-4f94-ae6c-da988a514087/annotations" for 127.0.0.1 at 2017-06-09 13:47:33 +0200
Processing by Api::V0::AnnotationsController#create as */*
  Parameters: {"page_id"=>"9c1b56f8-b044-47f4-8d1e-1cea8be1788a", "version_id"=>"50b2b776-3390-4f94-ae6c-da988a514087"}
  User Load (0.4ms)  SELECT  "users".* FROM "users" WHERE "users"."id" = $1 ORDER BY "users"."id" ASC LIMIT $2  [["id", 1], ["LIMIT", 1]]
  User Load (0.4ms)  SELECT  "users".* FROM "users" WHERE "users"."email" = $1 ORDER BY "users"."id" ASC LIMIT $2  [["email", "[email protected]"], ["LIMIT", 1]]
   (0.1ms)  BEGIN
  SQL (0.3ms)  UPDATE "users" SET "current_sign_in_at" = $1, "last_sign_in_at" = $2, "sign_in_count" = $3, "updated_at" = $4 WHERE "users"."id" = $5  [["current_sign_in_at", "2017-06-09 11:47:34.068000"], ["last_sign_in_at", "2017-06-09 11:47:15.051779"], ["sign_in_count", 3], ["updated_at", "2017-06-09 11:47:34.068546"], ["id", 1]]
   (1.2ms)  COMMIT
  Version Load (0.2ms)  SELECT  "versions".* FROM "versions" WHERE "versions"."uuid" = $1 LIMIT $2  [["uuid", "50b2b776-3390-4f94-ae6c-da988a514087"], ["LIMIT", 1]]
  Page Load (0.1ms)  SELECT  "pages".* FROM "pages" WHERE "pages"."uuid" = $1 LIMIT $2  [["uuid", "9c1b56f8-b044-47f4-8d1e-1cea8be1788a"], ["LIMIT", 1]]
  Version Load (0.2ms)  SELECT  "versions".* FROM "versions" WHERE "versions"."page_uuid" = $1 AND (capture_time < '2017-05-09 10:48:44') ORDER BY "versions"."capture_time" DESC LIMIT $2  [["page_uuid", "9c1b56f8-b044-47f4-8d1e-1cea8be1788a"], ["LIMIT", 1]]
  Change Load (0.2ms)  SELECT  "changes".* FROM "changes" WHERE "changes"."uuid_from" IS NULL AND "changes"."uuid_to" = '50b2b776-3390-4f94-ae6c-da988a514087' ORDER BY "changes"."uuid" ASC LIMIT $1  [["LIMIT", 1]]
   (0.1ms)  BEGIN
   (0.1ms)  ROLLBACK
Completed 500 Internal Server Error in 139ms (ActiveRecord: 3.2ms)


  
NoMethodError (undefined method `capture_time' for nil:NilClass):
  
app/models/change.rb:79:in `from_must_be_before_to_version'
app/models/change.rb:36:in `annotate'
app/controllers/api/v0/annotations_controller.rb:28:in `create'

The Rails server currently queries separate servers ("diffing services") with two URLs the the service should fetch and analyze. That query should include the hash of the URL's content, which is already stored in the db, so that the diffing service can verify that the content it fetches is what is expected.

Recently discussed on a quick call with @Mr0grog -- put here for tracking.

We just recently began to document the REST API for the database using Swagger in the swagger.yaml file (see #58 for the original work on this). Some things that are missing or could be improved:

• Clear written descriptions of each endpoint and of the various parameters each one can take
• Many endpoints can take query parameters for filtering results or searching, but they aren’t well documented (see #41 for more on this)
• Notes about which endpoints require authentication (and how to authenticate generally using basic auth)
• The swagger document is invalid in a couple of spots (we use .. in some endpoints, which Swagger doesn’t seem to like, and we have optional path parameters). If you can figure out how to format these things so the doc is valid, that would be awesome!

If you think you can make the docs look better or be easier to navigate and read, that would also be wonderful. If you can write way more awesome docs without using Swagger at all, that’s also fine. We want to have docs that make the database API easy to learn and use for a variety of research, archival, and analysis purposes more than we want Swagger :)

gem 'postmark-rails' is an external paid service. It would make more sense to put it in the :production bundler group.

It shouldn't be required for development.

Starting with a fresh database and attempting to run the migrations, I get the error

uninitialized constant AddVersionistaAccountToPage::VersionistaPage

Do I have to run the Versionista ingest first?

The full output up to the error is here:

$ git status
On branch 19-post-new-versions
Your branch is up-to-date with 'upstream/19-post-new-versions'.
nothing to commit, working tree clean

$ ruby --version
ruby 2.4.0p0 (2016-12-24 revision 57164) [x86_64-darwin16]

$ bundle exec rails db:migrate RAILS_ENV=development
== 20170221061825 CreateVersionistaPages: migrating ===========================
-- create_table(:versionista_pages)
   -> 0.0398s
== 20170221061825 CreateVersionistaPages: migrated (0.0399s) ==================

== 20170221071740 CreateVersionistaVersions: migrating ========================
-- create_table(:versionista_versions)
   -> 0.0433s
== 20170221071740 CreateVersionistaVersions: migrated (0.0433s) ===============

== 20170302233652 DeviseCreateUsers: migrating ================================
-- create_table(:users)
   -> 0.0463s
-- add_index(:users, :email, {:unique=>true})
   -> 0.0041s
-- add_index(:users, :reset_password_token, {:unique=>true})
   -> 0.0038s
== 20170302233652 DeviseCreateUsers: migrated (0.0545s) =======================

== 20170303213937 CreateInvitations: migrating ================================
-- create_table(:invitations)
   -> 0.0161s
== 20170303213937 CreateInvitations: migrated (0.0162s) =======================

== 20170307220127 SplitUpVersionMetadata: migrating ===========================
-- change_table(:versionista_versions)
   -> 0.0793s
== 20170307220127 SplitUpVersionMetadata: migrated (0.0795s) ==================

== 20170309010632 AddVersionistaAccountToPage: migrating ======================
-- change_table(:versionista_pages)
   -> 0.0006s
rails aborted!
StandardError: An error has occurred, this and all later migrations canceled:

uninitialized constant AddVersionistaAccountToPage::VersionistaPage

I was recently alerted to Carrierwave, which may provide a lot of the work we currently do in the FileStorage module. If we can use it instead of our own code, that will probably be more reliable and make it easier for us to switch to other storage locations.

It should be possible to ask only for the pages in a particular site, for example. But would probably be good to have arbitrary filtering rules.

We need site-based filtering at the very least, though, since that is how analysis work is divided up.

See #57 for the original discussion on this.

Since page titles can change over time (and are really just part of a page’s content), we should add a title field to the Version model and make Page’s title merely a reflection of the latest Version’s title.

This can probably be best handled in the after_save callback on Version or the after_add callback on Page’s association with versions. We should also keep in mind that the Page’s title should always reflect the version with the latest capture_time, not necessarily the last one added to the database (they can be added out of order).

If I understand correctly, the current import mechanism matches new Versions to their Pages using page_url. When it receives a page_url it doesn't recognize, it creates a new Page. Page attributes (like title, site, agency) are provided inline with the Version attributes. I can imagine some sources of ambiguity:

• a known page_url but a new page_title
• a new page_url that we actually want to keep as part of the same logical Page (a case that we don't quite support yet but want to support in the future)

I think I would prefer if the app required any new Page to be created explicitly in a separate request, returning a page_uuid that must then be included in requests to import Versions for that Page. This change would push the work of resolving ambiguities onto the caller requesting an import. Also, since a new Page needs special primer-related metadata that is not as automated as Version ingest, separating page creation from bulk Version importing seems logical.

This alternative did not occur me when reviewing #32 and I don't think it has been discussed anywhere.

Right now you can ask for a given page of results (with the ?page={number} querystring arg), but you can’t alter how many items are on that page. We might also want to move away from “page” terminology, too, since that can be confusing with the actual web pages we are tracking.

…or just squash the migration history. There are a few migrations that use models for tables that were removed—their purpose was really to keep production data in the right shape. People keep trying to migrate an empty database from an initial state all the way to current, though, which does not work because of the removed models. (Rails style is to start a new database by loading the current schema rather than migrating from scratch.)

We should just squash/remove the no-longer-functional migrations so people can migrate across all of history.

Can I count on the uuids of the Pages and Versions ingested from Versionista beings stable at this point? And are they the same between the staging and production deployments, or independently generated?

(Apologies for the cross-post, Rob -- I asked this in Slack and then realized the answer might be useful to others too.)

Pretty hard to use as a pure API without it :(

We really should have CI support for this. I am a fan of CircleCI.

EDGI project guidelines now include linting, which is definitely something I should have set up here… a while ago. Probably easiest to start with Rubocop, though a service like CodeClimate could also be good.

See also https://github.com/bbatsov/ruby-style-guide and https://github.com/bbatsov/rails-style-guide

E-mail is currently sent through a GMail account, which was simple and expedient at first, but really very error prone, as its security mechanisms are designed for human users interacting with a UI. We should really be interfacing (still via SMTP) with a service like:

• Postmark (https://postmarkapp.com)
• Mailgun (https://www.mailgun.com)
• Sendgrid (https://sendgrid.com)
• Mandrill (add-on to Mailchimp)
• Amazon SES (https://aws.amazon.com/ses/)
• Sendinblue (https://www.sendinblue.com)
• ?

Versionista scraping is now handled by an external service that uses the importing API. We should get rid of the binary dependency on Phantom and all the Ruby stuff for Versionista scraping here since it is no longer used.

This is important so people know which account to log in with if they want to look at the data or a diff on Versionista.

@lightandluck noted that sometimes we get them imported with a scheme (e.g. http://) and domain, but sometimes not. This should definitely be normalized on input into the DB so that all URLs include a scheme and domain.

I think I fixed this in https://github.com/Mr0grog/versionista-edgi-node (it always outputs a full URL), but we still have legacy data that needs cleanup. We will also be receiving data from other sources in the future that might not have these guarantees.

• Normalize URLs on model when setting/before saving
• Migrate and normalize existing data

Services managed by web-monitoring-processing will need to be able to POST their data to the DB. Probably:

POST /api/v1/pages/{page_id}/versions

…though it may be useful to be able to post without knowing a page ID. Two ideas there:

1. POST /api/v1/pages/{html_encoded_page_url_OR_page_id}/versions (and make that work for all routes)

2. POST /api/v1/versions (this might mean making all versions available at this route—not just nested underneath /pages/{page_id})

^ Any thoughts on this, @danielballan?

This also means we should probably add a real permissions model for users; not just our current admin/not-admin model. Permissions so far:

• Add/remove/edit users
• Annotate versions
• Add new versions

Look into setting up CodeClimate and turning Rubocop off in CI tests. It’s probably better if it logs comments/warnings in PRs rather than failing the build.

Inspired by #79

I was wondering whether folks were interested in taking cues from the login.gov setup scripts. I came across it last year, and for such a complicated system, it was truly a thing of beauty.

Basically, after service setup, just:

make setup
make run

• Do we even think it's a good idea to hide the setup steps? (i can imagine valid rationale to expose new follks to basic commands)
• Does make feel like a good choice of tool? (ie not requiring some lang-specific build tool)
• Do we use advanced postgres features? If not, is it worth entertaining the idea of using sqlite for first-time bootstrap, to remove one more piece that might be a bump? We could always encourage people to use postgres after they've been around for a bit and going deeper, but might be cool to not require it for first contribution? (login.gov codebase relies on advanced postgres features, but maybe we don't use things like jsonb extension, etc.)

Per an earlier conversation with @danielballan, it would be better (for auditing, require multiple analysts, etc) to store a series of annotations rather than just a simple object of metadata.

That is, we currently store a metadata JSON object for each version that I intended to be a simple blob storing whatever the analysts are currently marking up, e.g. this from the spreadsheet:

{
  "change_type": {
    "1 - Date and time change only": true,
    "2 - Text or numeric content removal or change": true,
    "3 - Image content removal or change": true,
    "4 - Hyperlink removal or change": true,
    "5 - Text-box, entry field, or interactive component removal or change": true,
    "6 - Page removal (whether it has happened in the past or is currently removed)": true,
    "7 - Header menu removal or change": true,
    "8 - Template text, page format, or comment field removal or change": true,
    "9 - Footer or site map removal or change": true,
    "10 - Sidebar removal or change": true,
    "11 - Banner/advertisement removal or change": true,
    "12 - Scrolling news/reports": true
  },
  
  "significance": {
    "1 - Change related to energy, environment, or climate": true,
    "2 - Language is significantly altered": true,
    "3 - Content is removed": true,
    "4 - Page is removed": true,
    "5 - Insignificant": true,
    "6 - Repeated Insignificant": true
  }
}

…but @danielballan had a smarter view of storing a list of annotations here, allowing things like auditing, the ability for multiple analysts to look at a single bit of data, etc:

[
  {
    "uuid": "1234-1234-1234-1234",
    "created_at": "2017-02-22T13:53:26Z",
    "annotation": {
      "change_type": {
        "1 - Date and time change only": true,
        "2 - Text or numeric content removal or change": true,
        ...
      },
  
      "significance": {
        "1 - Change related to energy, environment, or climate": true,
        "2 - Language is significantly altered": true,
        ...
      }
    }
  },
  
  {
    "uuid": "6789-6789-6789-6789",
    "created_at": "2017-02-22T14:53:26Z",
    "annotation": {
      "change_type": {
        "1 - Date and time change only": true,
        "2 - Text or numeric content removal or change": false,
        ...
      },
  
      "significance": {
        "1 - Change related to energy, environment, or climate": false,
        "2 - Language is significantly altered": true,
        ...
      }
    }
  },
  
  ...
]

And, for ease of application use, we could do both and store all the annotations alongside a single, actualized view (which most applications would probably focus on for ease of use):

{
  "annotations": [
    {
    "uuid": "1234-1234-1234-1234",
    "created_at": "2017-02-22T13:53:26Z",
    "annotation": { ... }
    },
    ...
  ],

  "actualized": {
    "change_type": {
      "1 - Date and time change only": true,
      "2 - Text or numeric content removal or change": false,
      ...
    },
  
    "significance": {
      "1 - Change related to energy, environment, or climate": false,
      "2 - Language is significantly altered": true,
      ...
    }
  }
}

It’d be helpful to display some sort of banner on the top of pages on the test/staging site (and maybe in dev, too?) to remind someone that they aren’t looking at the production instance of the app.

For the API, we could potentially include a special key in the JSON object or an x-environment HTTP header (less obvious, but probably a more wise approach).

We’ll want this for two things:

1. Better control of how/when to scrape (currently using Heroku Scheduler to run a rake task; not great)
2. Ability to divide scraping work up over several processes or machines working in parallel so it goes much faster.

For people who want to do more complicated analyses offline, it might be helpful to dump just the "data" tables (i.e. not including permissions, users, etc)

We should switch to using https://github.com/Mr0grog/versionista-edgi-node for importing from Versionista; it’s much faster and outputs data in a bit more manageable format.

Ours predates the one specified at https://github.com/edgi-govdata-archiving/overview/blob/master/PROJECT.md#license--copyright-readme-block; we should update to match it.

It would be nice to have a way to associated legacy Annotations, which I assume will be subjected to a lot of analysis, with Versions in our app. Somehow getting the uuids generated by the old outputter (and now stored only in Google Sheets, I think) sounds slightly painful but possible and useful.

We probably want to eventually have a more nuanced way to calculate diffs (see also: “scraping notes” on edgi-govdata-archiving/versionista-outputter#4 (comment)). This should probably be a separate service and should be configurable pluggable.

See also https://github.com/edgi-govdata-archiving/differ

site is currently a property of the Page model, but we already know there are a couple pages that are tracked by multiple Versionista sites. So far, we have stored these as separate Page records here, too, but as we are moving towards integrating multiple sources (#15), we need to handle this better. It’s been mentioned before that we should think of sites as something more akin to tags.

A few ideas:

1. Sites as another model with an N:M relationship to pages
2. Sites as a JSON array belonging to a page
3. Have a more generic tagging system and have tags like site:[site name] that are applied to pages

This also brings up the question: is agency similar? I’m thinking it’s fine as it is now—a direct property of a Page—but maybe worth thinking about in this context.

@danielballan Any thoughts on this? I’m thinking either 1 or 3 is best here.

Get this live and running on Google Cloud. Need to determine whether to use:

• Compute Engine (pretty straightforward; just a VM)
• App Engine (should be fancier and easier; the “flexible” environment w/ Ruby support is also managed via docker files, so maybe this ties in w/ #16 nicely)
• Container Engine (managed container support on top of Compute Engine, definitely ties in w/ #16)

The database should probably be run through Google Cloud SQL (rather than self-managed). Need to determine whether it is reasonable to try using the new Postgres support (in beta, but would be nice) or switch over to MySQL.

Notes from a conversation:

web-monitoring-db will broker responses from "diffing services"

• diff/start..end/ -> UNIX-style diff
• diff/start..end/pf -> PageFreezer JSON response
• maybe temporarily support diff/start..end/versionista but only versionista-source pages would support that

Response formatted as JSON. Maybe support richer types later.

{'page_id': ...,
 'version_id', ...,
 'diff_service': ...,
 'diff_service_version': ...,
 'content': VERBATIM_RESPONSE_FROM_DIFFING_SERVICE}

Probably keep it dumb simple and have e-mail/password combos, but maybe could do auth with Github? Need this to restrict who can add/update metadata about page versions.