Following the Book App example in play 2 for scala, I now have a basic working app.
What I want now is to add some features like
User registration
User authenetication to access some pages
What is the best way to do it in play for scala? Should I manage it by my own? is there a plugin for that?
Note: I'm the maintainer of Silhouette.
I can suggest you Silhouette which is a core only fork of Secure Social with the intention to built a more customizable, non-blocking and well tested implementation.
For the first stable version there are only two open issues which must be resolved. And these issues are only future requests. There are no API changes planed. The documentation must be improved and a sample application is started. The unit tests are also a good starting point.
If you plan to follow the authentication flow as stated by Secure Social then stick with it. It exists since more than two years and it is well tested by many companies. Otherwise take a look at Silhouette.
You have two options:
Secure Social (http://securesocial.ws/)
But it has unusual registration flow, where the user have to enter your email first, and receive link to registration form.
However, there is a pull request that address this issue (https://github.com/jaliss/securesocial/pull/260)
Play Authenticate
It doesn't support Scala out of the box. But there is a workaround created by me here: https://github.com/joscha/play-authenticate/issues/92
Both of them requires you to write the interface layer to database. An important drawback in both of them, is that you won't be able to make use of reactive database drivers like Reactive Mongo. they assume that you will return the results immediately, not a Future of the result.
There is a securesocial plugin (http://securesocial.ws). Covers most common authentication methods, has registration stuff. I found it very usefull.
The drawback is it's documentation. If you want to do something a bit differ from the simplest scenarios - be prepared to read through the source code.
Related
I am currently evaluating the framework "wolkenkit" [1] for using it in an application. Within this application I will have a user interface for tenant-based data management. Only authenticated users will have access to this application.
Additionally there should be a public REST API following common standards and being callable by public (tenant security done with submission of a tenant-based API Key within the request headers).
As far as I have found out, the wolkenkit REST API does not seem to fit these standards in forms of HTTP verbs.
But as wolkenkit at all appears to me as a really flexible and easy-to-use framework, I wonder how to basically implement such a public API.
May it be e.g. a valid approach to create an own web application which internally connects to the wolkenkit backend? What about the additional performance overhead then?
[1] https://www.wolkenkit.io/
In addition to the answer of mattwagl, I would like to point out a few things that you may be interested in.
First of all, since wolkenkit is based on CQRS, the application has a separate API for writing and reading. That means, that if you send a command (whose intent is to change state) this goes to the write API. If you subscribe for events or run a query, this goes to the read API.
This again means, that if you send a command, it's up to the write side to respond to it. As the write side is not meant to return application state, all it says is basically: "Thanks, I have received the command." To get the actual result you have to wait for the appropriate event, which means subscribing to the read API.
In the wolkenkit documentation there is a nice diagram which shows this in a clear way:
If you now add a separate REST API (which actually fulfills the requirements of REST), this means that you need to handle waiting for the result internally. In other words: Clients in wolkenkit are always meant to be asynchronous, REST is not. Hence it's your job to handle the asynchronous behavior of the wolkenkit APIs in your REST API. I think that this is the hardest part.
Once you have done this, you will have a synchronous REST API, and of course it will have some overhead. But I think that since its overhead is limited to passing through and translating network requests, it should be negligible.
Oh, and finally, there is another thing that you have to watch out for: Since REST as it was meant originally relies on the HTTP verbs to transport semantics, you need to map GET / POST / PUT / DELETE to the semantic commands of wolkenkit. As long as this can be done 1:1, everything's fine – problems start when there are multiple commands that (technically speaking) do an UPDATE.
PS: I'm also one of the developers of wolkenkit.
PPS: However you are going to solve this, I would be highly interested to hear from you! It would be very great if you could share your experiences with us, as you are most probably not the last one with this idea. If you want to contact us, the easiest way would be via Slack.
wolkenkit applications can be accessed using an HTTP- and a Websocket-API. These APIs are both provided by the tailwind module that wolkenkit uses under the hood. In the tailwind repo you can find a very simple documentation of the available HTTP routes.
You're right, the wolkenkit HTTP-API is not a classic REST-API. It's more RPC-style which in our experience is a good fit for applications. There are only 3 routes that your clients/tenants need to support: /v1/command (POST) is used for issuing commands. The commands you post should follow the command schema. /v1/events (POST) can be used for streaming events to clients. These events will follow the event schema. Finally you have /v1/read/:modelType/:modelName (POST) to read models. You can simply use HTTPie to test these routes.
Authentication of these APIs is currently done using OpenID-Connect. There's a very detailed article on how to setup authentication using Auth0. I'm not quite sure if this fits your use-case but you could basically use any Authentication Service that follows this standard or that is able to issue JWT tokens.
Finally you could also build your own JavaScript client-SDK that runs inside browsers by building a module that uses the wolkenkit-client-js under the hood. This SDK can just use the same API as any other client to connect to your application.
Hope this helps.
PS: Please note that I am one of the authors of wolkenkit.
I am programming a Symfony2 App. The structure of my Symfony2 app like:
Login (username / password)
Get Survey for this Login / for this User
User input / click answers. After each click a Ajax request save the answer
User submit survey after answering every question
I have no experience with mobile apps like IOS, Android or Windows. The mobile will created by an other team. The question ist quite common, but which steps i must realize? Are there any literature that you can recommend me?
What was the right way to create an API?
How far Symfony2 supports to create an API for this use cases?
Unfortunately I have no experience on REST, but i suspect this is necessary, right?
I look forward to each answer.
Let me state the obvious first, if you start building a project with technologies you don't know enough about, it WILL be a nightmare. So by all means take your time to learn what you need.
REST is the reccomended standard to build an API since it's native http native and it's quite simple and flexible at the same time. There are tons of simple tutorials on REST, starting from Wikipedia, so I won't link them here.
But I'll tell you a secret, a web service can simply be any web page that reply to your requests with structured data. I.e. even a non-REST series of "webpages" the reply with JSON data can be defined a web service.
By now you see that you can easily do that with Symfony. If you already know how to do stuff and show pages with Symfony, only add JSONResponse to the mix , and also the _format routing parameter, and you should be on a good way.
You just create a path (i.e. an action) for whatever the mobile application needs to do. Of course later on you will learn the beauty of REST and refactor your API accordingly, but first thing you build a working system.
Reading this blog post is a good start. Now if your application will only serve API responses there is the very good Symfony REST Edition which already includes all bundles and tools needed to create an API centric application with Symfony2.
You also have the Lionframe framework but I didn't tested it yet.
I am in the process of creating an app (cross-platform with Ionic framework) and during my research about app with this framework I found the one created for HabitRPG and it is using an API to retrieve data, it totally suits my app as well, but I don't know where to start to create an API nor what to use.
I allready did some quick test with Spring, NodeJS and Symfony (with FOS) but I'm looking for something really easy to use and to setup but still to have a lot of flexibility (like manage security, users, and data visibility).
Is there a specific technology easy enough to start with ?
If you want to create a Web API and host it, you can perhaps have the look at APISpark (http://restlet.com/products/apispark/). It's an online plateform that allows to design your APIs following REST principles and then host them. The data are also managed by the platform.
Hope it helps.
Thierry
I have to create a project in iPhone which uses the Tin Can API. The Tin Can API is an advanced distributed learning process.
I have no idea about where to start in Objective-C.
I have read the site http://tincanapi.com.
For implementation, I have some basic questions:
How and to create my own LRS?
How Tin Can API can communicate with my own LRS and LMS with ASIHTTPRequest programatically?
There are two parts to TinCanAPI at play here. I'm suspecting you only need to handle one of them on iPhone. One part is the client-side that sends the statement date to the second part (the LRS server-side). It would be very odd to create the LRS server part on an iOS device, so I'm going with the thought that you need to send TinCan statements from an iOS device to an existing LRS.
An LRS accepts statement data via a REST interface and this data can be POSTed using a standard NSURLConnection or using AFNetworking. There are a couple of options for abstracting all those calls with a library one of which is a new OSS version of the basics appearing very soon from Rustici Software found here http://rusticisoftware.github.io/TinCanObjC/. There is no link for it just yet, but feel free to contact me for more details and I'll update this answer with the link as soon as there is a public link.
For your specific questions:
1.) You can create your own LRS by understanding the spec document and creating the REST endpoints as specified. This is not a trivial undertaking by any means.
2.) Your best bet is to use an SDK or simple GET and PUT/POST statements from AFNetworking to the TCAPI endpoint.
I'm, going to write a web app, which should be CRUD accessible from both, the web and native mobile device apps. For the latter i'm definitely committed to a REST API. Is it possible to realize that with Meteor.com ? Would it be an option to use Meteor for just the web and a second REST interface to directly talk to the mongo? Since the meteor client listens for changes in the mongodb this should not cause conflicts, does it?
As of 2015, look at Gadi's answer for the Meteorpedia entry on REST APIs, and at krose's answer comparing REST API packages. Discussion for folding REST APIs into core is on Hackpad. This question is a duplicate of How to expose a RESTful service with Meteor, which has much better answers. -- Dan Dascalescu
Old answer (2012) below.
For adding RESTful methods on top of your data, look into the Collection API written for Meteor:
https://github.com/crazytoad/meteor-collectionapi
As for authentication for accessing the database, take a look at this project:
https://github.com/meteor/meteor/wiki/Getting-started-with-Auth
Both are definitely infantile in development, but you can create a RESTful API and integrate it with a mobile native client pretty easily.
There are a lot of duplicates of this question. I did a full write-on on this in Meteorpedia which I believe covers all issues:
http://www.meteorpedia.com/read/REST_API
The post reviews all 6 options for creating REST interfaces, from highest level (e.g. smart packages that handle everything for you) to lowest level (e.g. writing your own connectHandler).
Additionally the post covers when using a REST interface is the right or wrong thing to do in Meteor, references Meteor REST testing tools, and explains common pitfalls like CORS security issues.
If you are planning to develop a production application, then Meteor is not an option right now. Its under constant change, and there are still many common features it has to support before its ready to use, which will be quite some time.
For your Question, Somebody has already asked and answered the question about support for file uploading in meteor(also contains HTTP handing related information).
How would one handle a file upload with Meteor?