eldelshell / amforeas Goto Github PK

The idea is to allow different JSON formats which can be used with different REST clients.

The default format is:

{
  "success":true,
  "status":"OK",
  "rows":[
    {
      "roi":0,
      "cells":{
        "birthday":"1982-12-13",
        "name":"foo",
        "id":0,
        "lastupdate":"2020-05-08T21:17:21.993+02:00",
        "credit":32.50,
        "age":30
      }
    }
  ],
  "resource":"users",
  "pagination":{
    "page":1,
    "size":6,
    "pages":1,
    "total":6
  }
}

To allow this, we can either use:

• a map JSON file set with configuration
• During runtime with a POST endpoint which receives the format JSON data.
• Allow GET endpoints to accept POST requests with the format JSON data.

The format data would look like:

{
  "formats": [
    {
      "resource": "users",
      "meta": {
        "success": true,
        "status": false,
        "pagination": true
      },
      "model": {
        "id": "number",
        "name": "string",
        "birthday": "dd/MM/yyyy",
        "credit": "number"
      }
    },{
      "resource": "cars",
      "meta": null,
      "model": {
        "id": "number",
        "maker": "string",
        "lastUpdate": "ddMMyyyyhhmmss"
      }
    }
  ]
}

A response from users then would be formatted as:

{
  "success":true,
  "pagination":{
    "page":1,
    "size":6,
    "pages":1,
    "total":6
  },
  "entities": [
    {
      "id":0,
      "name":"foo",
      "birthday":"13/12/1982",
      "credit":32.50
    }
  ]
}

And a response from cars (with no metadata) would look like:

{
  "id":0,
  "maker":"foo",
  "lastUpdate":"13121982040130"
}

Create Dockerfile

Analyze the chances of adding a JWT abstraction so requests are authorized from an external authentication service.

Sometimes you won't have admin access to a database instance so allow database access rules to be applied on runtime.

For example, something like:

[{
  "alias1": {
       "users": {
         "allow": "all",
         "deny": "head, delete, post, get, put"
     }
  }
}]

Here we would have to add another file to the classpath or load it (like the JKS file) which means
that custom docker images would have to be created everytime a change is required (unless a volume is used...)

Or with properties, like a complemetely locked down database:

amforeas.alias1.jdbc.rules.deny=all
amforeas.alias1.jdbc.rules.catalog.allow=head, get

$ curl -X GET "http://.../amforeas/alias1/catalog/1" > 200
$ curl -X DELETE "http://.../amforeas/alias1/catalog/1" > 405 Method Not Allowed
$ curl -X GET "http://.../amforeas/alias1/foo/1" > 405 Method Not Allowed

Or a fine grained ACL:

amforeas.alias2.jdbc.rules.deny=none
amforeas.alias2.jdbc.rules.users.allow=head, get
amforeas.alias2.jdbc.rules.cars.allow=head, get, delete, post, put
amforeas.alias2.jdbc.rules.photos.allow=all

$ curl -X GET "http://.../amforeas/alias2/users/1" > 200
$ curl -X DELETE "http://.../amforeas/alias2/users/1" > 405 Method Not Allowed
$ curl -X GET "http://.../amforeas/alias1/bar/1" > 200

Create a tool to generate encrypted passwords which can be used in the jongo.properties file.

Add a first level cache

Since we're already configuring ACLs on the resource level, we can also add the option for an admin to limit the columns a client has access to.

amforeas.alias3.acl.rules.users.allow=read
amforeas.alias3.acl.rules.users.columns=id, email, name, age

This would affect inserts and updates, so non-defined (i.e. password in users) columns need to be nullable or any of these operations would fail.

We could also force that if the allow has any of all, insert or update rules, the columns property cannot be set. It would also be possible to show a warning:

Resource ${table} is limited to columns ${columns}. It's recommended the allow rule only applies "read" permissions or ignored columns are nullable.

Hi-

Please tag the last commit that compile and ran. This is a cool project but I don't have the time to fix it up.

Thanks!

Implement jongo-gae with support for App Engine Datastore

Currently, JSON data is made of strings only:

"cells": {
  "birthday": "1991-01-15",
  "name": "bar5",
  "id": "5",
  "lastupdate": "2020-05-08T20:48:25.090+02:00",
  "credit": "0.00",
  "age": "20"
}

In this situation, age & credit should be numbers:

"cells": {
  "birthday": "1991-01-15",
  "name": "bar5",
  "id": "5",
  "lastupdate": "2020-05-08T20:48:25.090+02:00",
  "credit": 0.00,
  "age": 20
}

I'm not totally sure about this, but we might accept an array of objects in a POST like:

[{"name":"foo","age":20},{"name":"bar","age":30}]

Currently all request return all fields on the results (SELECT * FROM) like:

/amforeas/demo1/users/1
/amforeas/demo1/users/name/foo

We should allow the request to indicate the fields we want back (SELECT name,age):

/amforeas/demo1/users/1?fields=name,age
/amforeas/demo1/users/name/foo?fields=name

I know https://github.com/Eldelshell/amforeas/wiki/Examples allows retrieving by other fields, but my MySQL database schema does not have an id field, so it bugs out:

$ curl -sL "http://127.0.0.1:8080/amforeas/db/tbl/fld/val" -H "Accept: application/json"
{"resource":"tbl","success":false,"status":"BAD_REQUEST","message":"Unknown column 't.id' in 'order clause' Query: SELECT t.* FROM tbl.fld t WHERE t.fld = ? ORDER BY t.id ASC LIMIT 0,25 Parameters: [val]","sqlState":"42S22","sqlCode":1054}

There also doesn't seem to be any provision for composite primary keys?

Support for Firebird

Reported by samarjit.samanta, Yesterday (17 hours ago)
What steps will reproduce the problem?

1. Currently input can be there for limits and offset. But in the result the values are not reflected. It would be good to reflect the actual page no., actual number of records sent back, total records in the DB table at the time of query, offset and limit which were in input data.

What is the expected output? What do you see instead?

This type of data is available in query result then using it to create pagination grids will be more robust against quick varying tables data.

What version of the product are you using? On what operating system?

0.2 on windows 7, jdk 7.

Please provide any additional information below.

Also is it safe to use it directly in browser environment? as it exposes column names directly. I would rather build some kind of column lookup for safety from SQL injection. I know prepared statements will guard a lot against but still.

Provide an script or executable to run Jongo in a Windows environment as a standalone application or as a service.

Hi,
I added H2 compatibility.
jongo-core/src/main/java/jongo/enums/JDBCDriver.java
jongo-core/src/main/java/jongo/sql/dialect/H2Dialect.java
jongo-core/src/main/java/jongo/config/DatabaseConfiguration.java
jongo-core/src/main/resources/jongo.properties

I also felt that having opportunity to control creation of JDBC URL in config file is a good option.

https://github.com/ubersoldat/jongo

Support for DB2

Allow PUT requests to accept application/x-www-form-urlencoded

Provide an script or executable to run Jongo in a MacOSX environment as a standalone application or as a service.