Articles on sharmaaditya570191's Bloghttps://blogs.python-gsoc.orgUpdates on different articles published on sharmaaditya570191's BlogenMon, 31 Aug 2020 20:51:29 +0000From console.log to GSoC 2020https://blogs.python-gsoc.org/en/sharmaaditya570191s-blog/from-console-log-to-gsoc-2020/<p>It is time to share my wonderful journey to Google Summer of Code, tips and tricks to get selected and what all you can do before GSoC to take a step closer to your dream internship or job.</p> <p>I have written in detail about my journey here - https://medium.com/@sharmaaditya570191/from-console-log-to-gsoc-2020-1a6e9dc2334e</p> <p>Thank you EOS Design System and Python Software Foundation for this awesome opportunity.</p> <p>Signing off!</p>sharmaaditya570191@gmail.com (sharmaaditya570191)Mon, 31 Aug 2020 20:51:29 +0000https://blogs.python-gsoc.org/en/sharmaaditya570191s-blog/from-console-log-to-gsoc-2020/Final touches, Bug Fixing and last week nostalgiahttps://blogs.python-gsoc.org/en/sharmaaditya570191s-blog/final-touches-bug-fixing-and-last-week-nostalgia/<p>This is officially the last working week of Google Summer of Code 2020. This was one of the best experience of my life. I learnt a lot of new things. I saw my knowledge and technical skills growing exponentially with every passing week. I mastered the art of collaborating in a team and drawing inspiration and motivation from my hard working mentors and project partner.</p> <p>This week I fixed various client and server side issues related to the authentication system and the states depending on it.</p> <p>I spent time on making a final report for my project to identify the features we have completed. I also wrote about some interesting new ideas that can be added to our user story system.</p> <p>I will always be a part of my awesome organization and would keep contributing.</p> <p>I have published my report here - https://gitlab.com/sharmaaditya570191/gsoc-2020-project-report</p>sharmaaditya570191@gmail.com (sharmaaditya570191)Mon, 24 Aug 2020 18:17:30 +0000https://blogs.python-gsoc.org/en/sharmaaditya570191s-blog/final-touches-bug-fixing-and-last-week-nostalgia/Inches closer to the GSOC’20 finish linehttps://blogs.python-gsoc.org/en/sharmaaditya570191s-blog/inches-closer-to-the-gsoc20-finish-line/<p>Our sweet GSOC family literally coded the summer away with some of the best developers from around the world always ready to hold our hand in case we loose balance. Now the hardest week has come. Its time to say goodbye and I am not able to get over it. The end is getting closer as you read this but my heart is not designed to close the best doors so easily. My brain is full of brand new ideas to implement after the GSOC timeline. For now lets check out my latest patches which got merged this week.</p> <h2 class="jt ju bi bh eu jv jw ja jx jy je jz ka ji kb kc jm kd ke jq kf cw"><strong>What did I do this week?</strong></h2> <p class="iv iw bi ix b iy kg ja jb jc kh je jf jg ki ji jj jk kj jm jn jo kk jq jr js gf cw">We made a decision that we should polish and test the existing features before adding new ones so that we can find and fix bugs if any.</p> <p class="iv iw bi ix b iy iz ja jb jc jd je jf jg jh ji jj jk jl jm jn jo jp jq jr js gf cw">Result? We ended up making a list of 13 bugs. 😂</p> <p class="iv iw bi ix b iy iz ja jb jc jd je jf jg jh ji jj jk jl jm jn jo jp jq jr js gf cw">User authentication was the first thing I completed but I could still access the protected routes in the UI although some of them were not working because of the absence of the JWT token in the cookies. Still we had to maintain the user session on the client side as well.</p> <p class="iv iw bi ix b iy iz ja jb jc jd je jf jg jh ji jj jk jl jm jn jo jp jq jr js gf cw">I created a global state using <code class="ff kl km kn ko b">createContext</code> in React so that we can update the state when the user logs in to our system. I allowed users to access the protected routes by checking against this state. Users would be redirected to the login page in case they are not authenticated. Solved?</p> <p class="iv iw bi ix b iy iz ja jb jc jd je jf jg jh ji jj jk jl jm jn jo jp jq jr js gf cw">Not yet. Another corner case got us thinking. If we reload the page then the state is lost and user is logged out. It would be a terrible user experience to force the user to login every time they may refresh the page because of connection issues on their side.</p> <p class="iv iw bi ix b iy iz ja jb jc jd je jf jg jh ji jj jk jl jm jn jo jp jq jr js gf cw">This time I stored the state in <code class="ff kl km kn ko b">localStorage</code> so that we can save state across page refresh. Security was maintained by our <code class="ff kl km kn ko b">httpOnly</code> cookie.</p> <p class="iv iw bi ix b iy iz ja jb jc jd je jf jg jh ji jj jk jl jm jn jo jp jq jr js gf cw">This was solved but now users could vote more than once. Imagine allowing this in real government elections of your country.</p> <p class="iv iw bi ix b iy iz ja jb jc jd je jf jg jh ji jj jk jl jm jn jo jp jq jr js gf cw">Result? You may get the same president every time. 😂</p> <p class="iv iw bi ix b iy iz ja jb jc jd je jf jg jh ji jj jk jl jm jn jo jp jq jr js gf cw">Everyone may not like that right? (Trump smiling secretly 😝)</p> <p class="iv iw bi ix b iy iz ja jb jc jd je jf jg jh ji jj jk jl jm jn jo jp jq jr js gf cw">This was a simple fix by introducing a new state variable and updating it if the user has already voted for a story. You press again and your vote gets removed.</p> <p class="iv iw bi ix b iy iz ja jb jc jd je jf jg jh ji jj jk jl jm jn jo jp jq jr js gf cw">My mentor and I spent some time in trying to fix our <code class="ff kl km kn ko b">httpOnly</code> cookie attributes to work with the latest updates in Chrome. However, <code class="ff kl km kn ko b">none</code> of our solution worked in Chrome because Chrome was probably upset with us and did not set the <code class="ff kl km kn ko b">sameSite</code> attribute of the cookie to <code class="ff kl km kn ko b">none</code>.</p> <p class="iv iw bi ix b iy iz ja jb jc jd je jf jg jh ji jj jk jl jm jn jo jp jq jr js gf cw">We ended up creating a new sub-domain for our server so that the request is no longer a cross-origin one. 😂</p> <p class="iv iw bi ix b iy iz ja jb jc jd je jf jg jh ji jj jk jl jm jn jo jp jq jr js gf cw">Now some smart users were able to edit stories of others. Imagine editing and filling your friends stories with shit. 😂</p> <p class="iv iw bi ix b iy iz ja jb jc jd je jf jg jh ji jj jk jl jm jn jo jp jq jr js gf cw">Devesh (my awesome GSOC partner) saved all F.R.I.E.N.D.S here by updating the client side with a minor fix. Thankfully our server did not betray us here.</p> <p class="iv iw bi ix b iy iz ja jb jc jd je jf jg jh ji jj jk jl jm jn jo jp jq jr js gf cw">Then came my killer move. A full end-to-end test. Yes, I was able to complete a long test in Cypress to test all our main functionality like login, home page, creating new stories, editing them, commenting and even replying on comments. This will save a lot of time in the future by eliminating the need of manually testing all functionality before merging every patch. We may also consider running this test in the CI soon.</p> <h2 class="jt ju bi bh eu jv jw ja jx jy je jz ka ji kb kc jm kd ke jq kf cw"><strong>What is coming up next?</strong></h2> <p class="iv iw bi ix b iy kg ja jb jc kh je jf jg ki ji jj jk kj jm jn jo kk jq jr js gf cw">This is officially the last week of GSOC’20. I will make a final report for my project and get it reviewed from my awesome mentors.</p> <p class="iv iw bi ix b iy iz ja jb jc jd je jf jg jh ji jj jk jl jm jn jo jp jq jr js gf cw">I will extend my Cypress test to cover signup, notifications and logout functionality.</p> <p class="iv iw bi ix b iy iz ja jb jc jd je jf jg jh ji jj jk jl jm jn jo jp jq jr js gf cw">Finishing touches also make a great impact. I will add some decorations for the final celebration and release to production (heaven for developers). 🎉</p> <h2 class="jt ju bi bh eu jv jw ja jx jy je jz ka ji kb kc jm kd ke jq kf cw"><strong>Did I get stuck anywhere?</strong></h2> <p class="iv iw bi ix b iy kg ja jb jc kh je jf jg ki ji jj jk kj jm jn jo kk jq jr js gf cw">I firmly believe that as a developer if you are not stuck then you have not seen enough.</p> <p class="iv iw bi ix b iy iz ja jb jc jd je jf jg jh ji jj jk jl jm jn jo jp jq jr js gf cw">Some corner case bugs were a pain point. I also got stuck when trying to handle multiple cases for filters and pagination. It was a bit tricky to identify the points of optimization for enhancement of user experience but that gave me the real development experience. 🙂</p> <p class="iv iw bi ix b iy iz ja jb jc jd je jf jg jh ji jj jk jl jm jn jo jp jq jr js gf cw">My never give up attitude helped me to fly high above all obstacles to fix all bugs we identified till now.</p> <p class="iv iw bi ix b iy iz ja jb jc jd je jf jg jh ji jj jk jl jm jn jo jp jq jr js gf cw">Time flew and brought us close to the end. I honestly hate saying that and decided not to say a goodbye. Its that simple. Sometimes the best things deserve to be a special part of your life and EOS had already made its place in my heart long back. Loads of 💖 to my EOS family.</p> <p class="iv iw bi ix b iy iz ja jb jc jd je jf jg jh ji jj jk jl jm jn jo jp jq jr js gf cw">Cheers to a new beginning. Its not the end.</p> <p class="iv iw bi ix b iy iz ja jb jc jd je jf jg jh ji jj jk jl jm jn jo jp jq jr js gf cw">Signing off. Aditya Sharma.</p>sharmaaditya570191@gmail.com (sharmaaditya570191)Mon, 17 Aug 2020 18:10:47 +0000https://blogs.python-gsoc.org/en/sharmaaditya570191s-blog/inches-closer-to-the-gsoc20-finish-line/Pagination, Privacy Policy, Bug Fixing and Testing in the User Story system in GSOC’20https://blogs.python-gsoc.org/en/sharmaaditya570191s-blog/pagination-privacy-policy-bug-fixing-and-testing-in-the-user-story-system-in-gsoc20/<p>I started this week with a heavy heart. I entered the last coding phase of the best experience of my life. I made my mind that I will keep contributing to this project and organization and make the most of this awesome learning opportunity. I will not let it end here. I can already imagine a smile on my mentors face as they read this. You are the best people I have ever met and worked with. Now lets jump to my magic work. :)</p> <h2 class="jo jp bi bh eu jq jr ja js jt jd ju jv jg jw jx jj jy jz jm ka cw"><strong>What did I do this week?</strong></h2> <p class="iv iw bi ix b iy kb ja jb kc jd je kd jg jh ke jj jk kf jm jn gf cw">“Many solutions will work but keep solving the problem till you optimize it and reach the best possible solution.” I do not know which genius said this but I my mind got stuck with this and I decided to spend some time to add pagination for our beloved users. This means users can reach any page with a click and we do not have to load all stories in one go. Imagine our free Heroku servers burning on hitting the API to load 500+ stories in one go. LOL!</p> <p class="iv iw bi ix b iy iz ja jb jc jd je jf jg jh ji jj jk jl jm jn gf cw">The most important thing before going live was telling users how we are going to use their data. I worked on the privacy policy page and created a new model in the back end so that admins can manage its contents and update the privacy policy when needed.</p> <p class="iv iw bi ix b iy iz ja jb jc jd je jf jg jh ji jj jk jl jm jn gf cw">This also means that we have to notify users of a privacy policy update. I wrote a custom lifecycle hook in <code class="ff kg kh ki kj b">Strapi</code> which automatically creates a notification when the old policy is deleted and a new one is created. This special notification is displayed as a popup modal on the home page for users who are already logged in. They have the option to accept the new policy. If they do not accept then they can continue using our system but are logged out. This means they can only read existing stories.</p> <p class="iv iw bi ix b iy iz ja jb jc jd je jf jg jh ji jj jk jl jm jn gf cw">New users will not see the modal as they can access the updated policy when they register into our system.</p> <p class="iv iw bi ix b iy iz ja jb jc jd je jf jg jh ji jj jk jl jm jn gf cw">After pushing these heavy changes to production I fixed some bugs related to the my stories page and pagination not working along with product filters.</p> <p class="iv iw bi ix b iy iz ja jb jc jd je jf jg jh ji jj jk jl jm jn gf cw">Finally I studied Cypress docs for some time. I set up Cypress for our client side so that we can write, run and debug tests easily.</p> <h2 class="jo jp bi bh eu jq jr ja js jt jd ju jv jg jw jx jj jy jz jm ka cw"><strong>What is coming up next?</strong></h2> <p class="iv iw bi ix b iy kb ja jb kc jd je kd jg jh ke jj jk kf jm jn gf cw">I have identified some bugs on the client side and I will spend some time to fix them.</p> <p class="iv iw bi ix b iy iz ja jb jc jd je jf jg jh ji jj jk jl jm jn gf cw">I will try to give the remaining time for writing tests as they are really important to future proof our application.</p> <p class="iv iw bi ix b iy iz ja jb jc jd je jf jg jh ji jj jk jl jm jn gf cw">I have a lot of exciting new features in mind like Slack integration, email notifications etc and I will add them only if time permits.</p> <p class="iv iw bi ix b iy iz ja jb jc jd je jf jg jh ji jj jk jl jm jn gf cw">I understand that the best things take time and patience and I will keep adding a thousand more features to user story even after GSOC. :)</p> <h2 class="jo jp bi bh eu jq jr ja js jt jd ju jv jg jw jx jj jy jz jm ka cw"><strong>Did I get stuck anywhere?</strong></h2> <p class="iv iw bi ix b iy kb ja jb kc jd je kd jg jh ke jj jk kf jm jn gf cw">It is natural to get stuck while trying to do the best things.</p> <p class="iv iw bi ix b iy iz ja jb jc jd je jf jg jh ji jj jk jl jm jn gf cw">I got stuck at multiple places while trying to make the pagination feature work along with other filters. Covering all possible cases for the privacy policy model was also a bit tricky. Discovery of new bugs might be a bit easy but they can be difficult to solve. Cypress and software testing in general was absolutely new to me.</p> <p class="iv iw bi ix b iy iz ja jb jc jd je jf jg jh ji jj jk jl jm jn gf cw">I do not give up easily and kept trying to overcome all obstacles by the end of the week. All my efforts were really worth it. I learnt a lot.</p> <p class="iv iw bi ix b iy iz ja jb jc jd je jf jg jh ji jj jk jl jm jn gf cw">I am also blessed to have such awesome mentors for support and motivation. They work really hard everyday and I learn a lot just by observing them. :)</p>sharmaaditya570191@gmail.com (sharmaaditya570191)Mon, 10 Aug 2020 16:38:48 +0000https://blogs.python-gsoc.org/en/sharmaaditya570191s-blog/pagination-privacy-policy-bug-fixing-and-testing-in-the-user-story-system-in-gsoc20/Lifecycle hooks, threading and notification system in the user story system in GSOC'20https://blogs.python-gsoc.org/en/sharmaaditya570191s-blog/lifecycle-hooks-threading-and-notification-system-in-the-user-story-system-in-gsoc-20/<p class="graf graf--p">A whole new set of awesome features are here for our beloved users. Do not get worried by the heavy terms in the title. Sit back, relax and follow me to catch a glimpse of my implementation for giving you the best possible user experience. You will soon be able to write your own story, share with us how you use our products, relate to other users’ stories, vote them up and we’ll make sure we deliver cohesive solutions to you.</p> <h2 class="graf graf--h4"><strong>What did I do this week?</strong></h2> <p class="graf graf--p">This week it was time to design a personalized notification system for our users to notify them about the latest features when we launch them. Only author and followers(users who have voted) of the launched story should receive the notification so that we do not disturb other users who might be busy writing their own amazing stories.</p> <p class="graf graf--p">The admins update the status of a user story to “launched” via the back end <code class="markup--code markup--p-code">Strapi</code> panel when our team have successfully pushed a new feature to production.</p> <p class="graf graf--p">Now <code class="markup--code markup--p-code">Strapi</code> lifecycle hooks come into action. The lifecycle hooks are functions that get triggered when the <code class="markup--code markup--p-code">Strapi</code> queries are called. They will get triggered automatically when we manage our content in the Admin Panel or when we develop custom code using queries.</p> <p class="graf graf--p">I wrote a asynchronous <code class="markup--code markup--p-code">afterUpdate</code> hook in the user story model which checks if the status of a user story has changed to “Launched” after being updated. If the status has changed then it creates a new notification record on the server with a custom message, seen status, link to the story page and a list of users to whom the notification is to be shown. I did this by utilizing <code class="markup--code markup--p-code">Strapi</code> services which are a set of reusable functions. They are particularly useful to respect the DRY (don’t repeat yourself) programming concept and to simplify controllers logic. Every notification on the server is required to have a different and unique message.</p> <p class="graf graf--p">On the client side I fetch the notifications for the particular authenticated user using <code class="markup--code markup--p-code">GraphQL</code> queries. When the user has seen the notifications then they are marked as seen on our <code class="markup--code markup--p-code">Strapi</code> server too. This is done using <code class="markup--code markup--p-code">GraphQL</code> mutations which update the status of a notification. I made sure that we do not hit our API multiple times to update the status of a notification. </p> <p class="graf graf--p">The next major feature of the week was to add threading in comments. This allows users to reply to a particular comment on a story in a thread. I created a separate model on the server for user story comment replies. Each comment reply belongs to one comment, a user can have multiple comment replies, each reply belongs to one user and one comment can have multiple replies. Such was the complexity of relations between the models schema. You can also see the number of replies and even add your own reply via the client side. </p> <p class="graf graf--p">All these extra efforts will make your user experience super smooth. The blazing fast React re-renders and updates on the client side will be a icing on my cake. :P</p> <h2 class="graf graf--h4"><strong>What is coming up next?</strong></h2> <p class="graf graf--p">I will spend some time to polish and test the existing features.</p> <p class="graf graf--p">I will also work on the user story privacy policy to allow admins to manage and update the policies from the admin panel. Users should receive notifications whenever the privacy policies are updated. The user can then choose to accept them or remove their account.</p> <h2 class="graf graf--h4"><strong>Did I get stuck anywhere?</strong></h2> <p class="graf graf--p">I got stuck at multiple places be it writing hooks and custom controllers in <code class="markup--code markup--p-code">Koa </code>for my server or implementing mutations in an effective and optimized way on the client side.</p> <p class="graf graf--p">However, I did not give up and kept reading more about the topics and technologies involved. This way I was able to learn a lot of new things during the week. Debugging and troubleshooting became super easy after I hit my learning goals and covered all basic concepts properly.</p> <p class="graf graf--p">This ended the week with the second evaluation. I received a really nice feedback from my mentors. I expressed my sincere thanks to them today for always supporting, motivating and inspiring me to learn more.</p>sharmaaditya570191@gmail.com (sharmaaditya570191)Mon, 03 Aug 2020 18:16:09 +0000https://blogs.python-gsoc.org/en/sharmaaditya570191s-blog/lifecycle-hooks-threading-and-notification-system-in-the-user-story-system-in-gsoc-20/Boosting application security, voting and commenting in the user story system in GSOC'20https://blogs.python-gsoc.org/en/sharmaaditya570191s-blog/boosting-application-security-voting-and-commenting-in-the-user-story-system-in-gsoc-20/<p class="graf graf--p">This time I let the title reveal the much awaited features that are up and running by the time you read this. I am really excited to experience that adrenaline rush when I get a chance to vote in the real elections and choose our leaders of tomorrow. For now I can fulfill my desire by contributing in selecting the best and most wanted user story of the season. Follow me to understand how I solved the mystery of votes and relations.</p> <h2 class="graf graf--h4"><strong>What did I do this week?</strong></h2> <p class="graf graf--p">Recall that complex bug where <code class="markup--code markup--p-code">Strapi</code> could not find the schema for our user story model and kept flashing that weird error on my terminal despite repeated attempts. This time I dived deep inside to catch a glimpse of the internals of <code class="markup--code markup--p-code">Strapi</code> and finally solve that.</p> <p class="graf graf--p">The fields of the newly established relations in the user story model were overlapping with each other because <code class="markup--code markup--p-code">Strapi</code> does not drop or migrate the database when a model is deleted or updated. They do so because users may start their application with a production database and a model name may not match with one of the tables in the database. Crash! :/ This is a work in progress and <code class="markup--code markup--p-code">Strapi</code> is improving it. I solved it by choosing a different one sided relation type of one-to-many and renamed it to followers.</p> <p class="graf graf--p">Now I added client side logic for the voting system so that a user cannot vote more than once. Clicking on the like button for the second time removes the vote of the user and so on. Pushing all this to production gave me a sigh of relief. :)</p> <p class="graf graf--p">After a deep breath I moved on to allow users to leave their valuable feedback and suggestions on user stories. Yes, comments. This way we can take into account the views of more users and design our next awesome feature accordingly.</p> <p class="graf graf--p">Now it was time to step up the security as a lot of functionality was already in place. I wrote a custom controller in <code class="markup--code markup--p-code">Koa</code> which checks that the <code class="markup--code markup--p-code">localStorage</code> id matches with the id of the authenticated user and if the same user is the author of the story they are viewing. A positive response will allow the user to edit their story. I also modified the controller which creates a new story and now it can automatically assign the authenticated user to be the author of the story.</p> <h2 class="graf graf--h4"><strong>What is coming up next?</strong></h2> <p class="graf graf--p">I will work on the notification system. It would be great to have three types of notifications — in app, push and email notifications.</p> <p class="graf graf--p">These will notify the user story author and followers that their user story has been launched. Only organization admins can update the status of a story from the <code class="markup--code markup--p-code">Strapi</code> panel.</p> <p class="graf graf--p">If time permits I will try to setup <code class="markup--code markup--p-code">Cypress</code> for testing our application.</p> <h2 class="graf graf--h4"><strong>Did I get stuck anywhere?</strong></h2> <p class="graf graf--p">The <code class="markup--code markup--p-code">React</code> implementation to allow one time voting for each user was a bit tricky as there are a lot of state variables on our story page. However, I solved this by catching the previous state value by applying functional updates in my <code class="markup--code markup--p-code">useState</code> hooks to overcome the stale state problem which arises due to closures in <code class="markup--code markup--p-code">React</code>.</p> <p class="graf graf--p">Writing controllers for my server in <code class="markup--code markup--p-code">Koa</code> was also new but I was able to learn the basics quickly as it is similar to <code class="markup--code markup--p-code">Express</code>.</p> <p class="graf graf--p">This ended the week on a sweet note. Stay tuned and get ready to receive another set of notifications on your device. Do not worry. We will not throw those sales ads on you again. This time it will be about the launch of your own story. :P</p>sharmaaditya570191@gmail.com (sharmaaditya570191)Mon, 27 Jul 2020 18:10:58 +0000https://blogs.python-gsoc.org/en/sharmaaditya570191s-blog/boosting-application-security-voting-and-commenting-in-the-user-story-system-in-gsoc-20/Making and inspecting model relations for the user story system in GSOC’20https://blogs.python-gsoc.org/en/sharmaaditya570191s-blog/making-and-inspecting-model-relations-for-the-user-story-system-in-gsoc20/<p>The world is full of relationships. Everything around us is connected to each other in some way or the other. Sometimes relations can be hard to figure out. Join me as I help you create a unique relation with our user story system and some of its brand new features.</p> <h2 class="ji jj bi bh eu jk jl iu jm jn ix jo jp ja jq jr jd js jt jg ju cw"><strong>What did I do this week?</strong></h2> <p class="ip iq bi ir b is jv iu iv jw ix iy jx ja jb jy jd je jz jg jh fx cw">This week started with full action and thrill as usual and we decided to modify our models to align with our product name. This means all existing models had to be renamed according to the user story theme on the server side. A rename operation seemed like a small and simple task but I soon realized that <code class="ff ka kb kc kd b">Strapi</code> does not update the <code class="ff ka kb kc kd b">GraphQL</code> schema if we rename a model. This is because existing tables are not deleted or dropped from our <code class="ff ka kb kc kd b">MongoDB</code> database and instead new ones are created. This started breaking everything on the server side.</p> <p class="ip iq bi ir b is it iu iv iw ix iy iz ja jb jc jd je jf jg jh fx cw">I rolled back and created new models for user story system and imported all data from our staging database. This time the<code class="ff ka kb kc kd b"> shadow CRUD</code> functionality generated a perfect new schema for my use case. Server was good to go.</p> <p class="ip iq bi ir b is it iu iv iw ix iy iz ja jb jc jd je jf jg jh fx cw">The schema changed so the next task was to change all <code class="ff ka kb kc kd b">GraphQL</code> queries and mutations on the client side and align them with the new user story models. The docs for the schema helped me to complete this with ease.</p> <p class="ip iq bi ir b is it iu iv iw ix iy iz ja jb jc jd je jf jg jh fx cw">Next I created a new model for all the products at EOS and related it to the user story system model. This allows users to filter stories according to the product and enhances user experience by allowing them to navigate faster among hundreds of user stories. I worked on the filter feature on the client side to fetch all products and filter them according to their status and product selected by the user via a drop down.</p> <p class="ip iq bi ir b is it iu iv iw ix iy iz ja jb jc jd je jf jg jh fx cw">I eagerly wanted to allow users to respond to some amazing user stories so I moved on to implement the voting feature. This allowed users to vote for any user story to express their interest. Wait. It just sounds easy but some major problems and bugs were waiting for me at the end of the week before I could push the voting system to production.</p> <p class="ip iq bi ir b is it iu iv iw ix iy iz ja jb jc jd je jf jg jh fx cw"><code class="ff ka kb kc kd b"><a class="bw dl ke kf kg kh" href="https://stackoverflow.com/questions/20832126/missingschemaerror-schema-hasnt-been-registered-for-model-user">MissingSchemaError: Schema hasn’t been registered for model “user-story”</a></code></p> <p class="ip iq bi ir b is it iu iv iw ix iy iz ja jb jc jd je jf jg jh fx cw">My terminal kept flashing this message as I tried to figure out the problem in my new user story vote models and relations. It is still a mystery though because the same relations work fine with my comments model. I told you relationships can be hard sometimes. :/</p> <h2 class="ji jj bi bh eu jk jl iu jm jn ix jo jp ja jq jr jd js jt jg ju cw"><strong>What is coming up next?</strong></h2> <p class="ip iq bi ir b is jv iu iv jw ix iy jx ja jb jy jd je jz jg jh fx cw">I will work on the voting system for user stories. This involves establishing proper relations between the user story and user models. The mystery will be solved soon.</p> <p class="ip iq bi ir b is it iu iv iw ix iy iz ja jb jc jd je jf jg jh fx cw">Further I would try to think of a nice implementation for the user notification system to tell users that their wait for the next awesome feature is over. This would be implemented later this week. Users really want to make comments so lets give them that privilege first.</p> <h2 class="ji jj bi bh eu jk jl iu jm jn ix jo jp ja jq jr jd js jt jg ju cw"><strong>Did I get stuck anywhere?</strong></h2> <p class="ip iq bi ir b is jv iu iv jw ix iy jx ja jb jy jd je jz jg jh fx cw"><code class="ff ka kb kc kd b">MongoDB</code> relationships represent how various documents are logically related to each other. I faced a weird problem when I was establishing a one-to-many relation between my user story vote, users and user story models. <code class="ff ka kb kc kd b">MongoDB</code> could not identify the schema for my user story model for some reason and kept throwing an error. The bug came to us at the end of the week and I am still trying to solve the mystery with my mentors. Moving forward we created a map of all our relations to get a nice picture of all relationships and find the conflicts and resolve them.</p> <p class="ip iq bi ir b is it iu iv iw ix iy iz ja jb jc jd je jf jg jh fx cw">This ended the week with lots of rain which gave me some relief from the scorching heat. Stay tuned as I solve the mystery behind relationships and add new path breaking features to the user story system. The adventure is yet to begin. :)</p>sharmaaditya570191@gmail.com (sharmaaditya570191)Mon, 20 Jul 2020 17:20:25 +0000https://blogs.python-gsoc.org/en/sharmaaditya570191s-blog/making-and-inspecting-model-relations-for-the-user-story-system-in-gsoc20/Comment queries and edit mutations in the feature request system in GSOC’20https://blogs.python-gsoc.org/en/sharmaaditya570191s-blog/comment-queries-and-edit-mutations-in-the-feature-request-system-in-gsoc20/<p>Sometimes we are not able to express all our thoughts and ideas in one go. A great idea may strike later or you may want to comment and give some suggestions and feedback to stories of other users. Come explore with me some exciting features that I added to our feature request system using <code class="fe id ie if ig b">Strapi</code> , <code class="fe id ie if ig b">GraphQL</code> and <code class="fe id ie if ig b">React</code> this week.</p> <h2 class="ih ii bi bh ij ik il hp im in hs io ip hv iq ir hy is it ib iu cw"><strong>What did I do this week?</strong></h2> <p>A strange bug starts the week with some thrill and action. Our whole application breaks when a user logs in to the system and submits a new user story. Crash!</p> <p>We were checking and dividing our user stories on our client side according to their current status. No status gets assigned by default to a new user story as that is an admin or root level permission feature. In <code class="fe id ie if ig b">Strapi</code> I cannot assign a default status to a relation type field because relations between models can be of various types. I solved the bug on the client side by assigning every new user story a status of “Under Consideration” in my <code class="fe id ie if ig b">GraphQL</code> mutation.</p> <p class="hk hl bi hm b hn ho hp hq hr hs ht hu hv hw hx hy hz ia ib ic ej cw">A user may want to check out their own stories at some point of time so I implemented a <code class="fe id ie if ig b">GraphQL</code> query to fetch all user stories based on their user <code class="fe id ie if ig b">id.</code> Users need to be authenticated to access their own stories. They can check their stories for status updates, votes, likes and comments from other users.</p> <p class="hk hl bi hm b hn ho hp hq hr hs ht hu hv hw hx hy hz ia ib ic ej cw">The next was the most awaited feature of allowing our beloved users to edit their own user stories. However, they cannot change the already added description. Content can just be added to the existing information. This is just to avoid trolls. :P</p> <h2 class="ih ii bi bh ij ik il hp im in hs io ip hv iq ir hy is it ib iu cw"><strong>What is coming up next?</strong></h2> <p class="hk hl bi hm b hn iv hp hq iw hs ht ix hv hw iy hy hz iz ib ic ej cw">This week I will create a product model so that we can relate all our products at EOS Design System with a separate user story system. Users can filter their stories for different products.</p> <p class="hk hl bi hm b hn ho hp hq hr hs ht hu hv hw hx hy hz ia ib ic ej cw">I am also working on user comments system so that we can display all comments properly and further allow users to add more comments.</p> <h2 class="ih ii bi bh ij ik il hp im in hs io ip hv iq ir hy is it ib iu cw"><strong>Did I get stuck anywhere?</strong></h2> <p class="hk hl bi hm b hn iv hp hq iw hs ht ix hv hw iy hy hz iz ib ic ej cw">Development without getting stuck is no fun. We learn fast from our mistakes. Initially I was happy to complete the edit story functionality and it worked well. Then my mentors could hack into the system easily. Security compromised. :P</p> <p class="hk hl bi hm b hn ho hp hq hr hs ht hu hv hw hx hy hz ia ib ic ej cw">They could edit stories of other users as well after writing into the famous <code class="fe id ie if ig b">localStorage</code> . I solved the bug easily by implementing a function to verify and allow editing only if the user is the owner of the story.</p> <p class="hk hl bi hm b hn ho hp hq hr hs ht hu hv hw hx hy hz ia ib ic ej cw">This ended the week on a sweet note with quite some features added. Stay tuned for more fun and action. :)</p>sharmaaditya570191@gmail.com (sharmaaditya570191)Mon, 13 Jul 2020 15:09:39 +0000https://blogs.python-gsoc.org/en/sharmaaditya570191s-blog/comment-queries-and-edit-mutations-in-the-feature-request-system-in-gsoc20/Unleash content with Strapi and GraphQL in the feature request system in GSOC’20https://blogs.python-gsoc.org/en/sharmaaditya570191s-blog/unleash-content-with-strapi-and-graphql-in-the-feature-request-system-in-gsoc20/<p>You definitely received exactly what you wanted and you enjoyed using it. Now you just want to know how this actually works under the hood. Is it real magic? Did god just shaped it according to your needs and sent it down from heaven? Come with me and I’ll answer all your <code class="fi ia ib ic id b">GraphQL</code> queries.</p> <h2 class="ie if bx bw ig ih ii hm ij ik hp il im hs in io hv ip iq hy ir ap"><strong>What did I do this week?</strong></h2> <p class="hh hi bx hj b hk is hm hn it hp hq iu hs ht iv hv hw iw hy hz en ap">It took me some time to realize that <code class="fi ia ib ic id b">GraphQL</code> is not another programming language. It is a specification or a technical standard. This mean it can have several implementations and variations. <code class="fi ia ib ic id b">GraphQL.js</code> is the JavaScript reference implementation. Legends like <code class="fi ia ib ic id b">Strapi</code> implemented a fully customizable <code class="fi ia ib ic id b">GraphQL</code> plugin which creates a new endpoint <code class="fi ia ib ic id b">/graphql</code> and the <a class="cl dy ix iy iz ja" href="https://github.com/graphql/graphiql">GraphiQL</a> interface. The plugin adds a new layer to easily request the API using <code class="fi ia ib ic id b">GraphQL</code>, without breaking the existing endpoints.</p> <p class="hh hi bx hj b hk hl hm hn ho hp hq hr hs ht hu hv hw hx hy hz en ap"><code class="fi ia ib ic id b">GraphQL</code> secures all queries by default and the plugin plays well with the users and permissions plugin. When we are making a query with <code class="fi ia ib ic id b">GraphQL</code> we are hitting the same controller’s actions as we were doing with the <code class="fi ia ib ic id b">REST</code> endpoints.</p> <p class="hh hi bx hj b hk hl hm hn ho hp hq hr hs ht hu hv hw hx hy hz en ap">I utilized the introspection system of <code class="fi ia ib ic id b">GraphQL</code> to fetch all categories available to our user while making a new story.</p> <p class="hh hi bx hj b hk hl hm hn ho hp hq hr hs ht hu hv hw hx hy hz en ap">I also used a mutation to create a new user story which takes in all data entered by the user as parameter. I pass all my <code class="fi ia ib ic id b">GraphQL</code> queries through a set of custom policies before they hit my custom authentication controllers in the customized <code class="fi ia ib ic id b">Strapi</code> back end. This completed the feature to create a new user story.</p> <p class="hh hi bx hj b hk hl hm hn ho hp hq hr hs ht hu hv hw hx hy hz en ap">On the server side I created a new model for the comments on the stories which contains 3 fields. The first is a rich text field to write the comment and the remaining two are relation fields with user and feature requests models. This means I also had to add a relation field to the feature request model to connect it with my comments model.</p> <p class="hh hi bx hj b hk hl hm hn ho hp hq hr hs ht hu hv hw hx hy hz en ap">The next big feature of the week was to add functionality to display all stories on the home page according to their current status. The shadow CRUD feature of <code class="fi ia ib ic id b">Strapi</code> <code class="fi ia ib ic id b">GraphQL</code> plugin automatically generates the type definition, queries, mutations and resolvers based on our models. The feature also lets us make complex query with many arguments such as <code class="fi ia ib ic id b">limit</code>, <code class="fi ia ib ic id b">sort</code>, <code class="fi ia ib ic id b">start</code> and <code class="fi ia ib ic id b">where</code>. This helped me to implement a <code class="fi ia ib ic id b">GraphQL</code> query to fetch the required details of all user stories and sort them according to the highest number of votes and most recently created stories. I used the query response to display the title, description and the no. of votes and comments for all stories on the home page.</p> <p class="hh hi bx hj b hk hl hm hn ho hp hq hr hs ht hu hv hw hx hy hz en ap">All these features for the week helped me to catch up with <code class="fi ia ib ic id b">GraphQL</code> really fast. It was completely new to me and I was feeling stuck just a week before. Now by the end of the week I am happy that I am able to understand how it works so efficiently deep down the layers.</p> <h2 class="ie if bx bw ig ih ii hm ij ik hp il im hs in io hv ip iq hy ir ap"><strong>What is coming up next?</strong></h2> <p class="hh hi bx hj b hk is hm hn it hp hq iu hs ht iv hv hw iw hy hz en ap">I will work on displaying all information about each user story on a separate page. This requires a query to fetch all story details by the story id. The date of publishing and author details will be available on this page as well.</p> <p class="hh hi bx hj b hk hl hm hn ho hp hq hr hs ht hu hv hw hx hy hz en ap">The system needs an edit feature which may allow our beloved users to add information to their story. They will not be allowed to edit the existing description though.</p> <h2 class="ie if bx bw ig ih ii hm ij ik hp il im hs in io hv ip iq hy ir ap"><strong>Did I get stuck anywhere?</strong></h2> <p class="hh hi bx hj b hk is hm hn it hp hq iu hs ht iv hv hw iw hy hz en ap">Sometimes rare bugs can be difficult to catch and you may feel stuck while trying to solve them. This week I came across something strange.</p> <p class="hh hi bx hj b hk hl hm hn ho hp hq hr hs ht hu hv hw hx hy hz en ap">All my code and functionality was running successfully on my development environment. After getting merged, the Gitlab CI deployed it to our staging servers and the whole application crashed, both the client and server side.</p> <p class="hh hi bx hj b hk hl hm hn ho hp hq hr hs ht hu hv hw hx hy hz en ap">I finally solved all bugs and got to learn that <code class="fi ia ib ic id b">Strapi</code> stores all the roles and permissions that we assign to our users in the database. In this case our development and staging servers are using different database. Simple :)</p> <p class="hh hi bx hj b hk hl hm hn ho hp hq hr hs ht hu hv hw hx hy hz en ap">We just exported all our models data from the testing database to the one used by our staging server.</p> <p class="hh hi bx hj b hk hl hm hn ho hp hq hr hs ht hu hv hw hx hy hz en ap">Another bug was to specify the exact <code class="fi ia ib ic id b">cors</code> origin which can access our server as I used <code class="fi ia ib ic id b">withCredentials : true</code> in my <code class="fi ia ib ic id b">Axios</code> configuration to store the cookies in the browser and send them back in future requests.</p> <p class="hh hi bx hj b hk hl hm hn ho hp hq hr hs ht hu hv hw hx hy hz en ap">This ended the week with the first evaluations in which I received an awesome feedback from my mentors and passed with flying colors. I thanked them for all their support and guidance. Looking forward to a great journey ahead :)</p>sharmaaditya570191@gmail.com (sharmaaditya570191)Mon, 06 Jul 2020 12:12:08 +0000https://blogs.python-gsoc.org/en/sharmaaditya570191s-blog/unleash-content-with-strapi-and-graphql-in-the-feature-request-system-in-gsoc20/Magic with Strapi and GraphQL in the feature request system in GSOC’20https://blogs.python-gsoc.org/en/sharmaaditya570191s-blog/magic-with-strapi-and-graphql-in-the-feature-request-system-in-gsoc20/<p>It is a dream come true situation when you get exactly what you want, neither more nor less. This also gives a sense of satisfaction and fulfillment. You already know what I am talking about. If you feel lost by now then either you are not a <code class="fe hw hx hy hz b">GraphQL</code> fan or you are not aware of real magic. Follow along to catch a glimpse of <code class="fe hw hx hy hz b">GraphQL</code> in action with <code class="fe hw hx hy hz b">Strapi</code>.</p> <h2 class="ia ib bx bw ic id ie hi if ig hl ih ii ho ij ik hr il im hu in ap"><strong>What did I do this week?</strong></h2> <p class="hd he bx hf b hg io hi hj ip hl hm iq ho hp ir hr hs is hu hv ei ap">Users can register, login and logout from the feature request system by now. Some forget passwords really quick. I have got you covered. You can now reset passwords with a click. Now users would like to move on to ask for a new feature they really want to see. This demands an engaging interface where we can really engage users to fill in their needs.</p> <p class="hd he bx hf b hg hh hi hj hk hl hm hn ho hp hq hr hs ht hu hv ei ap">We are almost there. I completed client side implementation of the new request components along with Devesh (my awesome gsoc partner). My <code class="fe hw hx hy hz b">Strapi</code> server includes a field for description of the feature requests which has a type of rich text. Here is where I thought of using the same rich text editor <code class="fe hw hx hy hz b">React</code> component which is used by <code class="fe hw hx hy hz b">Strapi</code>.</p> <p class="hd he bx hf b hg hh hi hj hk hl hm hn ho hp hq hr hs ht hu hv ei ap"><code class="fe hw hx hy hz b">Strapi</code> internally builds on top of <code class="fe hw hx hy hz b">Draft.js</code> , an open source rich text editor framework for <code class="fe hw hx hy hz b">React</code> . This gives birth to the <code class="fe hw hx hy hz b">Wysiwyg</code> component (what you see is what you get). I could not reuse the exact same component as we wanted to allow for least text editing features to maintain consistency while displaying the requests and eliminating unnecessary pre-processing. I ended up using the <code class="fe hw hx hy hz b">ckeditor</code> API to come up with a custom editor which fulfills all our needs and use cases and provides basic formatting features as well.</p> <p class="hd he bx hf b hg hh hi hj hk hl hm hn ho hp hq hr hs ht hu hv ei ap">Next was my brief encounter with a beast, <code class="fe hw hx hy hz b">GraphQL</code>. APIs generated with <code class="fe hw hx hy hz b">Strapi</code> are, by default, REST APIs. The idea with the famous <code class="fe hw hx hy hz b">GraphQL</code> plugin was to add a new layer to easily request the API using <code class="fe hw hx hy hz b">GraphQL</code>, without breaking the existing endpoints. I had to fetch various feature request category names from my <code class="fe hw hx hy hz b">Strapi</code> <code class="fe hw hx hy hz b">GraphQL</code> server to fill the drop down in the UI with the available category values. <code class="fe hw hx hy hz b">GraphQL</code> allows us to fetch exactly what we need with queries. I used <code class="fe hw hx hy hz b">Introspection</code> feature of <code class="fe hw hx hy hz b">GraphQL</code> here to examine one specific type.</p> <p class="hd he bx hf b hg hh hi hj hk hl hm hn ho hp hq hr hs ht hu hv ei ap">The last thing was to implement a drag and drop component which can show a preview of the image files added without interacting with the server. I will explain the implementation in detail in my next blog post in this series.</p> <h2 class="ia ib bx bw ic id ie hi if ig hl ih ii ho ij ik hr il im hu in ap"><strong>What is coming up next?</strong></h2> <p class="hd he bx hf b hg io hi hj ip hl hm iq ho hp ir hr hs is hu hv ei ap">I will complete the logic to connect the new feature requests page to our server so that it can be pushed to our staging environment.</p> <p class="hd he bx hf b hg hh hi hj hk hl hm hn ho hp hq hr hs ht hu hv ei ap">I will also try to come up with implementation to display all the feature requests on the client side after fetching some specific fields using <code class="fe hw hx hy hz b">GraphQL</code> from our server.</p> <h2 class="ia ib bx bw ic id ie hi if ig hl ih ii ho ij ik hr il im hu in ap"><strong>Did I get stuck anywhere?</strong></h2> <p class="hd he bx hf b hg io hi hj ip hl hm iq ho hp ir hr hs is hu hv ei ap">I am quite new to <code class="fe hw hx hy hz b">GraphQL</code> so I faced some problems while trying to fetch data from the server. The concepts and syntax are really new to me but I will be good soon after I complete some reading and self study. I experimented with the playground to come up with the type introspection to solve it.</p> <p class="hd he bx hf b hg hh hi hj hk hl hm hn ho hp hq hr hs ht hu hv ei ap">I was also stuck when I tried to display previews of images which were being added via the drag and drop interface. However, it was a minor problem with my JavaScript function and I could solve it quickly.</p> <p class="hd he bx hf b hg hh hi hj hk hl hm hn ho hp hq hr hs ht hu hv ei ap">This ended the week with some really nice news for me on the professional front. I will share it soon in my next blog. Stay tuned as I come up with some exciting features involving extensive use of <code class="fe hw hx hy hz b">GraphQL</code> queries and mutations.</p>sharmaaditya570191@gmail.com (sharmaaditya570191)Mon, 29 Jun 2020 08:04:35 +0000https://blogs.python-gsoc.org/en/sharmaaditya570191s-blog/magic-with-strapi-and-graphql-in-the-feature-request-system-in-gsoc20/Diving deep into Strapi to build the EOS feature request system in GSOC’20https://blogs.python-gsoc.org/en/sharmaaditya570191s-blog/diving-deep-into-strapi-to-build-the-eos-feature-request-system-in-gsoc20/<p>Hola a todos! Give me company as I explain to you the internals of Strapi and how I am using various mechanisms to implement custom and secure solutions for our feature request system. Grab your drink, sit back and relax as I walk you through the details.</p> <h2 class="ho hp ap bx bw hq hr hs ht hu hv hw hx hy hz ia ib"><strong>What did I do this week?</strong></h2> <p class="gv gw ap bx gx b gy ic ha hb id hd he ie hg hh if hj hk ig hm hn dx">Strapi is the magic behind our awesome applications at EOS. It is the leading open-source headless CMS. It’s 100% Javascript, fully customizable and developer-first.</p> <p class="gv gw ap bx gx b gy gz ha hb hc hd he hf hg hh hi hj hk hl hm hn dx">This week I completed user authentication and authorization to our system. This includes register, login, logout, forgot password and reset password functionality. Lets have a look at how we can do this with Strapi and React.</p> <p class="gv gw ap bx gx b gy gz ha hb hc hd he hf hg hh hi hj hk hl hm hn dx">Strapi exposes a plugin system where each plugin is like a small independent sub-application. It has its own business logic with dedicated models, controllers, services, middlewares or hooks. It can also have its own UI integrated in the admin panel.</p> <p class="gv gw ap bx gx b gy gz ha hb hc hd he hf hg hh hi hj hk hl hm hn dx">I used the Roles and Permissions plugin to complete my tasks of the week. This plugin provides a way to protect our API with a full authentication process based on <code class="eu ih ii ij ik b">JWT</code>. Each time an API request is sent, the server checks if an <code class="eu ih ii ij ik b">Authorization</code> header is present and verifies if the user making the request has access to the resource. To do so, our <code class="eu ih ii ij ik b">JWT</code> contains our user ID and we are able to match the group our user is in and at the end to know if the group allows access to the route.</p> <p class="gv gw ap bx gx b gy gz ha hb hc hd he hf hg hh hi hj hk hl hm hn dx">The API response to the authentication route contains the user’s <code class="eu ih ii ij ik b">JWT</code> in the <code class="eu ih ii ij ik b">jwt</code> key. We will have to store this <code class="eu ih ii ij ik b">JWT</code> in our application, it's important because you will have to use it the next requests.</p> <p class="gv gw ap bx gx b gy gz ha hb hc hd he hf hg hh hi hj hk hl hm hn dx">We decided to store the <code class="eu ih ii ij ik b">JWT</code> in a <code class="eu ih ii ij ik b">httpOnly</code> cookie instead of the easy solution of storing it in <code class="eu ih ii ij ik b">localStorage</code> which makes our application prone to XSS attacks. This means that we need to customize Strapi to set the <code class="eu ih ii ij ik b">jwt</code> in the cookie instead of returning it in the API response. This will ensure that our front end application does not have to store sensitive data for future authenticated requests.</p> <p class="gv gw ap bx gx b gy gz ha hb hc hd he hf hg hh hi hj hk hl hm hn dx">Strapi internally uses <code class="eu ih ii ij ik b">Koa.js</code> , a new web framework designed by the team behind Express, which aims to be a smaller, more expressive, and more robust foundation for web applications and APIs. I quickly learnt basic syntax as I am already familiar with <code class="eu ih ii ij ik b">Node.js</code> and <code class="eu ih ii ij ik b">Express</code> .</p> <p class="gv gw ap bx gx b gy gz ha hb hc hd he hf hg hh hi hj hk hl hm hn dx">Now every plugin in Strapi follows a fixed architecture and all installed plugins can be found in the <code class="eu ih ii ij ik b">node_modules</code> folder with the naming convention of <code class="eu ih ii ij ik b">strapi-plugin-*</code> .</p> <p class="gv gw ap bx gx b gy gz ha hb hc hd he hf hg hh hi hj hk hl hm hn dx">To customize those installed plugins we can work in the <code class="eu ih ii ij ik b">/extensions</code> directory. It contains all the plugins' customizable files. I customized the <code class="eu ih ii ij ik b">user-permissions</code> plugin by modifying the <code class="eu ih ii ij ik b">Auth.js</code> controller file to issue a <code class="eu ih ii ij ik b">JWT</code> to the user and set it in a <code class="eu ih ii ij ik b">httpOnly</code> cookie after all server side validations are done. I also changed the response by the controller to return a “status” key with “Authenticated” value instead of the token. This confirms that the user has been authenticated.</p> <p class="gv gw ap bx gx b gy gz ha hb hc hd he hf hg hh hi hj hk hl hm hn dx">Wait! Strapi reads the token from the <code class="eu ih ii ij ik b">Authorization</code> header in the API request so this won’t work for now. I further added a <code class="eu ih ii ij ik b">permissions.js</code> file to the <code class="eu ih ii ij ik b">policies</code> folder where I attach the token to the header after reading it from the cookie which was set earlier.</p> <p class="gv gw ap bx gx b gy gz ha hb hc hd he hf hg hh hi hj hk hl hm hn dx">Policies in Strapi are functions which have the ability to execute specific logic on each request before it reaches the controller’s action. They are mostly used for securing business logic easily. Each route of the project can be associated to an array of policies.</p> <p class="gv gw ap bx gx b gy gz ha hb hc hd he hf hg hh hi hj hk hl hm hn dx">Now to implement the logout functionality I set up a custom <code class="eu ih ii ij ik b">/logout</code> route with a controller to set the token to null in the cookie. This destroys the user session safely in seconds.</p> <p class="gv gw ap bx gx b gy gz ha hb hc hd he hf hg hh hi hj hk hl hm hn dx">Patience folks! Our user can forget his/her password too. I used <code class="eu ih ii ij ik b">sendgrid</code> service to send email to users with a link which contains a URL param <code class="eu ih ii ij ik b">code</code> which is required to reset user password.</p> <p class="gv gw ap bx gx b gy gz ha hb hc hd he hf hg hh hi hj hk hl hm hn dx">I implemented the client side functionality including the requests to the API in a React custom hook named <code class="eu ih ii ij ik b">useAuth</code> to finally complete the agile task.</p> <h2 class="ho hp ap bx bw hq hr hs ht hu hv hw hx hy hz ia ib"><strong>What is coming up next?</strong></h2> <p class="gv gw ap bx gx b gy ic ha hb id hd he ie hg hh if hj hk ig hm hn dx">This week I will implement the functionality to create a new request and read and display the existing feature requests along with all attributes like votes and comments in an engaging UI.</p> <p class="gv gw ap bx gx b gy gz ha hb hc hd he hf hg hh hi hj hk hl hm hn dx">I will also try to setup providers which are currently broken due to an issue in Strapi v3.0.1 <a class="cm di iw ix iy iz" href="https://github.com/strapi/strapi/issues/6570">here</a>.</p> <h2 class="ho hp ap bx bw hq hr hs ht hu hv hw hx hy hz ia ib"><strong>Did I get stuck anywhere?</strong></h2> <p class="gv gw ap bx gx b gy ic ha hb id hd he ie hg hh if hj hk ig hm hn dx">We all are bound to fall. Any great thing does not start perfect. At first I could not figure out how to manage the user state properly and tried using a <code class="eu ih ii ij ik b">reducer</code> but the state reset itself to the initial one on page refresh. Finally I implemented the idea to read the state from <code class="eu ih ii ij ik b">localStorage</code> without saving any sensitive information.</p> <p class="gv gw ap bx gx b gy gz ha hb hc hd he hf hg hh hi hj hk hl hm hn dx">Strapi uses the <code class="eu ih ii ij ik b">sendmail</code> service by default to send mails to the users but it was not working and was always returning a <code class="eu ih ii ij ik b">400</code> status code. I added <code class="eu ih ii ij ik b">sendgrid</code> service to overcome this problem.</p> <p class="gv gw ap bx gx b gy gz ha hb hc hd he hf hg hh hi hj hk hl hm hn dx">All this hustle and bustle marked the end of my week with a mesmerizing annular solar eclipse on June 21, 2020. Stay tuned as we come up with some amazing features in the weeks ahead.</p>sharmaaditya570191@gmail.com (sharmaaditya570191)Mon, 22 Jun 2020 08:02:41 +0000https://blogs.python-gsoc.org/en/sharmaaditya570191s-blog/diving-deep-into-strapi-to-build-the-eos-feature-request-system-in-gsoc20/Inside look of the EOS feature request system in GSOC’20https://blogs.python-gsoc.org/en/sharmaaditya570191s-blog/inside-look-of-the-eos-feature-request-system-in-gsoc20/<p style="text-align: justify;">Hello everyone! Come join me to catch a glimpse of how things work under the hood in the EOS feature request system. You can enjoy the magic which happens behind the scenes to hold back our pleasing and engaging UI, a fit for all devices.</p> <h2 class="hp hq ap bx bw hr hs ht hu hv hw hx hy hz ia ib ic"><strong class="bk">What did I do this week?</strong></h2> <p>This week my focus was to implement a main part of the server side so that I have with me the API endpoints to interact with our applications data via the user interface.</p> <p>This includes working on a famous <code class="eu ii ij ik il b">Node.js</code> based open source headless CMS called <code class="eu ii ij ik il b">Strapi</code>. The best thing I learnt about <code class="eu ii ij ik il b">Strapi</code> is that I can customize it and add my own logic according to the needs of my application. <code class="eu ii ij ik il b">Strapi</code> internally uses <code class="eu ii ij ik il b">Koa.js</code>, a new web framework designed by the team behind <code class="eu ii ij ik il b">Express</code>, which aims to be a smaller, more expressive, and more robust foundation for web applications and APIs.</p> <p>I built a new content type for our feature request system. A content type is the schema of the data structure. I added suitable fields to it after some discussion about the design of our application with our mentors.</p> <p>I later added another new content type on the server side for the feature requests status labels. This allows admins to create custom status labels according to their organization workflow. These have a relation with the feature requests just like a user so that we can select a status while creating a feature request.</p> <p>I also came up with a custom solution for user authentication but updated it later as it did not fulfill all user cases. I customized the <code class="eu ii ij ik il b">JWT</code> authentication by storing it in a <code class="eu ii ij ik il b">httpOnly</code> cookie as discussed with my mentors earlier. This included some custom code in <code class="eu ii ij ik il b">Koa.js</code> to override the default behaviour of <code class="eu ii ij ik il b">Strapi</code>.</p> <h2 class="hp hq ap bx bw hr hs ht hu hv hw hx hy hz ia ib ic"><strong>What is coming up next?</strong></h2> <p>I will work on adding various OAuth and OAuth2 providers to enable authentication in our application. <code class="eu ii ij ik il b">Strapi</code> supports all major providers like <code class="eu ii ij ik il b">Github</code>, <code class="eu ii ij ik il b">Facebook</code>, <code class="eu ii ij ik il b">Twitter</code> and <code class="eu ii ij ik il b">Google</code>.</p> <p>Further I will also connect the remaining login and forgot password UI to my authentication logic.</p> <h2 class="hp hq ap bx bw hr hs ht hu hv hw hx hy hz ia ib ic"><strong>Did I get stuck anywhere?</strong></h2> <p><code class="eu ii ij ik il b">Strapi</code> internally uses <code class="eu ii ij ik il b">JWT</code> for user authentication. It returns the <code class="eu ii ij ik il b">JWT</code> along with the user information when the user registers or logs in. I had to customize the <code class="eu ii ij ik il b">users-permissions</code> plugin using the extension mechanism in <code class="eu ii ij ik il b">Strapi</code> .</p> <p>This ensures that our front end application does not have to store sensitive data such as <code class="eu ii ij ik il b">JWT</code> in client side local, session or cookie storage for future authenticated requests.</p> <p>I am familiar with <code class="eu ii ij ik il b">Express</code> and after learning basic <code class="eu ii ij ik il b">Koa</code> syntax I was good to go. I was then able to write some custom code in <code class="eu ii ij ik il b">Koa</code> to override the default behaviour of the plugin.</p> <p>This closed the week and helped me learn a lot about how <code class="eu ii ij ik il b">Strapi</code> works internally. Stay tuned for my next blog where I will explain in detail about how I implemented a custom and secure authentication with <code class="eu ii ij ik il b">React</code> on the client side.</p>sharmaaditya570191@gmail.com (sharmaaditya570191)Mon, 15 Jun 2020 12:00:43 +0000https://blogs.python-gsoc.org/en/sharmaaditya570191s-blog/inside-look-of-the-eos-feature-request-system-in-gsoc20/Laying out the foundations for the EOS feature request system in GSOC’20https://blogs.python-gsoc.org/en/sharmaaditya570191s-blog/laying-out-the-foundations-for-the-eos-feature-request-system-in-gsoc20/<p>Hey folks! My goal is clear, the stage is set and I am ready to hit the keyboard to light up your way to the EOS feature request system which aims to provide users an accessible interface within EOS to request new features or icons.</p> <h2 class="hq hr ap by bx hs ht hu hv hw hx hy hz ia ib ic id"><strong class="bk">What did I do this week?</strong></h2> <p class="gw hk ap by gy b gz ie hl hb if hm hd ig hn hf ih ho hh ii hp hj dy">The first task was to let users register or login to the system which means that I need to come up with the client side logic for user authentication to control if an incoming request can proceed or not.</p> <p class="gw hk ap by gy b gz ha hl hb hc hm hd he hn hf hg ho hh hi hp hj dy">The structure of our application is going to be a mix of <em class="ij">public</em> and <em class="ij">private</em> pages. We will have a <em class="ij">public</em> login page that will contain the login component to handle our authentication. We are going to be creating client only routes that are conditionally rendered using the <code class="ev ik il im in b">@reach/router</code> . The content in the private components is irrelevant for now but it’s important that the user must me logged in to access these routes.</p> <p class="gw hk ap by gy b gz ha hl hb hc hm hd he hn hf hg ho hh hi hp hj dy">Most of our authentication logic will be handled in a custom hook that I create which will be called <code class="ev ik il im in b">useAuth</code> and as the name implies will live inside the file <code class="ev ik il im in b">useAuth.js</code> in our <code class="ev ik il im in b">hooks</code> folder. This file will be utilizing the <strong class="gy io">useReducer API</strong> to manage our user state throughout the application. I used a <em class="ij">reducer</em> to receive our user state object and update our state by dispatching actions.</p> <p class="gw hk ap by gy b gz ha hl hb hc hm hd he hn hf hg ho hh hi hp hj dy">First, I defined our <code class="ev ik il im in b">DEFAULT_STATE</code> which I am assuming is an <strong class="gy io">unauthenticated</strong> user. I then created a reducer using the redux convention and switched our <code class="ev ik il im in b">action.type</code> so when I call a dispatcher function I can pass in the type of action we want to execute. I then defined various action types like <code class="ev ik il im in b">REGISTER</code> , <code class="ev ik il im in b">LOGIN</code> and <code class="ev ik il im in b">LOGOUT</code> .</p> <p class="gw hk ap by gy b gz ha hl hb hc hm hd he hn hf hg ho hh hi hp hj dy">For the server side implementation using <code class="ev ik il im in b">Strapi</code>, I have the user roles and permissions plugin installed at my disposal. The users and permissions role exposes a route located at <code class="ev ik il im in b">http://localhost:1337/auth/local</code> in which we can send a <code class="ev ik il im in b">POST</code> request with our users <code class="ev ik il im in b">identity</code> and <code class="ev ik il im in b">password</code>. The route will handle validation and upon successful authentication will return a <code class="ev ik il im in b">jwt</code> token to be used in further requests as well as a <code class="ev ik il im in b">user</code> object that contains information about our validated user.</p> <p class="gw hk ap by gy b gz ha hl hb hc hm hd he hn hf hg ho hh hi hp hj dy">I learnt that I<strong class="gy io"> can not</strong> user our admin username/password with this endpoint.</p> <h2 class="hq hr ap by bx hs ht hu hv hw hx hy hz ia ib ic id"><strong>What is coming up next?</strong></h2> <p class="gw hk ap by gy b gz ie hl hb if hm hd ig hn hf ih ho hh ii hp hj dy">Devesh (my awesome GSOC partner) built an amazing responsive and engaging UI for registering users. I will connect my authentication logic with his UI to complete the feature on the client side.</p> <p class="gw hk ap by gy b gz ha hl hb hc hm hd he hn hf hg ho hh hi hp hj dy">On the server side I will be coming up with solutions to differentiate our database collections and routes for the EOS Design System and the EOS feature request system so that it is easy to identify them.</p> <h2 class="hq hr ap by bx hs ht hu hv hw hx hy hz ia ib ic id"><strong>Did I get stuck anywhere?</strong></h2> <p class="gw hk ap by gy b gz ie hl hb if hm hd ig hn hf ih ho hh ii hp hj dy">Our EOS <code class="ev ik il im in b">Strapi</code> instance was running on a very old alpha version for which there was no support. My mentors did really nice work to update <code class="ev ik il im in b">Strapi</code> to the latest stable release.</p> <p class="gw hk ap by gy b gz ha hl hb hc hm hd he hn hf hg ho hh hi hp hj dy">Also <code class="ev ik il im in b">Strapi</code> uses JSON Web Tokens (JWT) internally for user authentication. Our team had a nice discussion on this with various ideas pouring in for the storage mechanism for the JWT which needs to be sent in an <code class="ev ik il im in b">Authorization</code> header with every request for making permission-restricted API requests.</p> <p class="gw hk ap by gy b gz ha hl hb hc hm hd he hn hf hg ho hh hi hp hj dy">We learnt that the JWT should not be stored in <code class="ev ik il im in b">localStorage</code> as an XSS attack can let an external attacker get access to the token.</p> <p class="gw hk ap by gy b gz ha hl hb hc hm hd he hn hf hg ho hh hi hp hj dy">We came up with two solutions for the storage of JWT :-</p> <ol> <li class="gw hk ap by gy b gz ha hl hb hc hm hd he hn hf hg ho hh hi hp hj ip iq ir"><em class="ij">React state or memory</em> with the only downfall that if a user refreshes the page that state is gone but we can get a new token on refresh too.</li> <li class="gw hk ap by gy b gz is hl hb it hm hd iu hn hf iv ho hh iw hp hj ip iq ir"><em class="ij">httpOnly cookie </em>which is<em class="ij"> </em>a special kind of cookie that’s only sent in HTTP requests to the server, and it’s never accessible (both for reading or writing) from JavaScript running in the browser.</li> </ol> <p class="gw hk ap by gy b gz ha hl hb hc hm hd he hn hf hg ho hh hi hp hj dy">This closed the week along with some rainfall and rainbows by our healing nature. Keep calm and stay tuned as the next batch of some amazing functionality gets loaded to our feature request system :)</p>sharmaaditya570191@gmail.com (sharmaaditya570191)Mon, 08 Jun 2020 08:37:48 +0000https://blogs.python-gsoc.org/en/sharmaaditya570191s-blog/laying-out-the-foundations-for-the-eos-feature-request-system-in-gsoc20/First check-in to GSOC’20 @ Python Software Foundationhttps://blogs.python-gsoc.org/en/sharmaaditya570191s-blog/first-check-in-to-gsoc20-python-software-foundation/<p style="text-align: justify;"><span style="font-size: 18px;">Hello! I am Aditya Sharma, a second year Computer Science student and a Linux enthusiast who is crazy about web performance. I am really excited to work with our team of amazing mentors, developers and designers at The EOS Design System. Cheers to my journey as I share what I did before the official coding period starts.</span></p> <p><span style="font-size: 22px;"><strong>What did I do this week?</strong></span></p> <p class="gw hk ap by gy b gz if hl hb ig hm hd ih hn hf ii ho hh ij hp hj dx" style="text-align: justify;"><span style="font-size: 18px;">“Live as if you were to die tomorrow. Learn as if you were to live forever.” — Mahatma Gandhi</span></p> <p class="gw hk ap by gy b gz ha hl hb hc hm hd he hn hf hg ho hh hi hp hj dx" style="text-align: justify;"><span style="font-size: 18px;">I spent much of my time in learning in-depth the technology stack involved for my project. This mainly includes <strong class="gy ik">Strapi</strong>, <strong class="gy ik">Node.js</strong> based headless CMS for the back end and <strong class="gy ik">React</strong> for the front end. I also learnt about <strong class="gy ik">MongoDB</strong> and <strong class="gy ik">API</strong> design principles by implementing a <strong class="gy ik">ToDo</strong> API with user authentication.</span></p> <p class="gw hk ap by gy b gz ha hl hb hc hm hd he hn hf hg ho hh hi hp hj dx" style="text-align: justify;"><span style="font-size: 18px;">My project work for the week included creating the base with router, linter and formatter configuration used at EOS for client side implementation with Create-React-App.</span></p> <p class="gw hk ap by gy b gz ha hl hb hc hm hd he hn hf hg ho hh hi hp hj dx" style="text-align: justify;"><span style="font-size: 18px;">To save time and energy in the future I followed DRY principle (Don’t repeat yourself) and built a <em class="il">custom template</em> which enables us to select a template to create our project from, while still retaining all of the features of Create React App without ejecting. This is maintained <a class="cl di im in io ip" href="https://gitlab.com/SUSE-UIUX/cra-template-eos">here</a> and we published it as a NPM package <a class="cl di im in io ip" href="https://www.npmjs.com/package/cra-template-eos">here</a> (also my first :P). My mentor Cynthia guided me really well on how to automate the package release with <a class="cl di im in io ip" href="https://www.npmjs.com/package/semantic-release"><strong class="gy ik">semantic-release</strong></a><strong class="gy ik"> </strong>and <a class="cl di im in io ip" href="https://docs.gitlab.com/ee/ci/"><strong class="gy ik">GitLab CI/CD</strong></a><strong class="gy ik">.</strong></span></p> <p class="gw hk ap by gy b gz ha hl hb hc hm hd he hn hf hg ho hh hi hp hj dx"><span style="font-size: 22px;"><strong class="gy ik">What is coming up next?</strong></span></p> <p class="gw hk ap by gy b gz if hl hb ig hm hd ih hn hf ii ho hh ij hp hj dx"><span style="font-size: 18px;">As planned with my mentors I will create some models in the eos-strapi instance. Models in <strong class="gy ik">Strapi</strong> are a representation of the database structure and are split into two separate files. A JavaScript file that contains the model options (e.g: lifecycle hooks), and a JSON one that represents the data structure stored in the database.</span></p> <p class="gw hk ap by gy b gz ha hl hb hc hm hd he hn hf hg ho hh hi hp hj dx"><span style="font-size: 18px;">I will further collaborate with Devesh(my awesome GSOC partner :) to implement authentication, authorization and identification of users on the client (React) and server side (Strapi) which internally uses JWT (JSON Web Token).</span></p> <p class="gw hk ap by gy b gz ha hl hb hc hm hd he hn hf hg ho hh hi hp hj dx" style="text-align: justify;"><strong><span style="font-size: 22px;">Did I get stuck anywhere?</span></strong></p> <p class="gw hk ap by gy b gz ha hl hb hc hm hd he hn hf hg ho hh hi hp hj dx" style="text-align: justify;"><span style="font-size: 18px;">I came across one strange problem while developing the template for Create-React-App. My implementation on running did not download the development dependencies for the project. After exploring the <a class="cl di im in io ip" href="https://github.com/facebook/create-react-app">create-react-app</a> repository by Facebook I found a recent commit which fixes the problem <a class="cl di im in io ip" href="https://github.com/facebook/create-react-app/commit/2473a7320b74f19e6ed4d393fd85120f72dcaf00">here</a>. It will be shipped to production soon. This also helped me to learn more about how our famous zero config create-react-app does that magic internally.</span></p> <p class="gw hk ap by gy b gz ha hl hb hc hm hd he hn hf hg ho hh hi hp hj dx" style="text-align: justify;"> </p> <p class="gw hk ap by gy b gz ha hl hb hc hm hd he hn hf hg ho hh hi hp hj dx" style="text-align: justify;"><span style="font-size: 18px;">This marks an outstanding start to my GSOC journey with PSF and EOS which may continue even beyond time can track. Cheers to an awesome never ending journey :)</span></p> <h2 class="hq hr ap by bx hs ht hu hv hw hx hy hz ia ib ic id" style="text-align: justify;"> </h2>sharmaaditya570191@gmail.com (sharmaaditya570191)Mon, 01 Jun 2020 05:08:19 +0000https://blogs.python-gsoc.org/en/sharmaaditya570191s-blog/first-check-in-to-gsoc20-python-software-foundation/