Skip to content

API

Jump to bottom
Abrash Mikhail edited this page May 14, 2020 · 5 revisions

coreService

Code is in coreService folder. README

It consists of 3 parts:

  • Wiki pages API
  • Autosuggest API
  • Authorization API

All of these use same mongodb database, named "wikiDB" with collections: "wikipage_collection", "wiki_roles_collection", "wiki_users_collection".

Frameworks/libs:

  • pymongodb lib for client to mongo
  • flask backend framework
  • flask-restx used for nice REST and autodocumentation with SwaggerUI
  • flask-admin provides admin panel and db models for Authorization API

Flask application for authorization is independent from main api app and attached to it with werkzeug.middleware.dispatcher.DispatcherMiddleware

All the environment variables used in service can be passed via .env file in coreService/

API documentation for /api/wiki is on http://wf.csteer.pro:5000/api/wiki/doc
API documentation for /api/wiki/auth/login is on http://wf.csteer.pro:5000/api/wiki/auth/doc
Admin panel is on https://wf.csteer.pro/api/wiki/auth/admin/

API validates all the post requests with schema.json. All the communications with api are implemented over HTTP with json body. Examples of requests can be found on SwaggerUI page. /web/ container can work as a reverse proxy for this service.

Stable/Unstable

Each document (wiki page) has property 'label', which indicates whether it's final version of document or not. Only documents with 'Unstable' label can be modified with put requests on /api/wiki. 'Unstable' value is default for this label, if you didn't specify this property in payload. Label can be changed only by users with ADMIN role via put request on /api/wiki/page_label.

Roles

Each user should get it's own access_token on /api/wiki/auth/login (for example /api/wiki/wuth/login?mail=my@mail.com). This token is required for all requests except GET on /api/wiki.

GET on /api/wiki/auth/login will return new user info or existing one. Default role is USER. You can pass mail/tg_login as params together, and if user with such mail/tg_login exist, new information about mail/tg_login will be added to user (if it wasn't there before).

All the actions with users/roles can be done on /api/wiki/auth/admin. There is basic access authentication there, so you'd better use https :)

Each role has TTL = 3 days.

There are 3 different roles with different permissions now:

PERMISSIONS = {
"ADMIN" : ["create", "delete", "edit", "view", "set_label"],
"USER" : ["view"],
"MODERATOR" : ["edit", "view"],
}

All of the settings related to roles/users are set in coreService/authorization/auth_dao.py

Token validation is emplemented in main api with coreService/wiki_api/token_protection.py decorator.

Author and maintainer: Mikhail

Clone this wiki locally