Refactor lectern-client Rest Module to work in Browser or on Server#247
Conversation
joneubank
requested review from
MitchellShiell,
SaqAsh,
justincorrigible and
leoraba
ciaranschutte
left a comment
ciaranschutte
left a comment
There was a problem hiding this comment.
couple of comments. tests + validation are looking great.
| @@ -22,11 +22,15 @@ | |||
| "homepage": "https://github.com/overture-stack/lectern#readme", | |||
| "devDependencies": { | |||
| "@types/body-parser": "^1.19.5", | |||
There was a problem hiding this comment.
remove types for unused body-parser package
| "@types/chai-http": "^4.2.4", | ||
| "@types/cors": "^2.8.18", | ||
| "@types/errorhandler": "0.0.32", | ||
| "@types/express": "^4.17.21", |
There was a problem hiding this comment.
upgraded express package but not it's types
There was a problem hiding this comment.
This helped me spot an underlying type issue, thank you.
| "dependencies": { | ||
| "@overture-stack/lectern-dictionary": "workspace:^", | ||
| "@overture-stack/lectern-validation": "workspace:^", | ||
| "axios": "^1.7.2", |
There was a problem hiding this comment.
comment.
web standard fetch is available in node
axios is overkill
aligns with removing things we don't need (body-parser removes in preference for native express api)
There was a problem hiding this comment.
fetch in any of its flavors doesn't include cancelling (you'd have to instantiate an AbortController separately), which is something we've been meaning to start implementing consistently.
does that add any nuance to this choice?
| // export const fetchDiffAndAnalyze = async (serviceUrl: string, name: string, fromVersion: string, toVersion: string) => { | ||
| // // const changes = await restClient.fetchDiff(serviceUrl, name, fromVersion, toVersion); | ||
| // return analyzeChanges(changes); | ||
| // }; |
There was a problem hiding this comment.
delete or add comment explaining why code is commented out
| const allAvailableDictionariesResult = await lectern.rest.listDictionaries(lecternUrl); | ||
| const filteredByNameDictionariesResult = await lectern.rest.listDictionaries(lecternUrl, {name: dictionaryName}); | ||
|
|
||
| const exampleDicionaryResult = await lectern.rest.fetchDiff(lecternUrl, {name: dictionaryName, version: dictionaryVersion}); |
There was a problem hiding this comment.
is fetchDiff removed? description of PR says
"Future work is needed to also include a getDiff or getSchema/getField. All the POST/PUT endpoints that modify data will also require auth integration, and these have been left for future tasks."
| # AUTH_ENABLED=false | ||
| # EGO_API= | ||
| # SCOPE= | ||
| # # CORS allowed origins can be a comma separated list of the allowed domains. |
There was a problem hiding this comment.
does this parse spacing? e.g. a,b,c vs a, b, c
There was a problem hiding this comment.
no, this takes whitespace as part of the value. very simple implementation
| pnpm nx build @overture-stack/lectern-server | ||
| ``` | ||
| or | ||
| ```shell | ||
| pnpm build |
There was a problem hiding this comment.
what's the difference, if any? otherwise, line 43 should suffice as "lower complexity" choice
| pnpm nx start @overture-stack/lectern-server | ||
| ``` | ||
| or | ||
| ```shell | ||
| pnpm start |
There was a problem hiding this comment.
same here. difference? otherwise, simpler is best
| | -------------------- | ------------------------------ | ------------ | ----------- | ------------------------------------------------------------------------------------------------------------------------------------------------------- | | ||
| | OPENAPI_PATH | No | String | `/api-docs` | Path to Swagger UI with API documentation. | | ||
| | PORT | No | Number | `3000` | Port Lectern Server API will listen to. | | ||
| | CORS_ALLOWED_ORIGINS | No | String[] | - | List of domains that will be allowed by CORS. Multiple domains can be listed, separated by commas. Example: `http://localhost:5173,https://example.com` | |
There was a problem hiding this comment.
ah, looks like this is the answer to my earlier question. perhaps examples would be useful in the .env.example? (unless the intent was to create a .env.template instead)
| | CORS_ALLOWED_ORIGINS | No | String[] | - | List of domains that will be allowed by CORS. Multiple domains can be listed, separated by commas. Example: `http://localhost:5173,https://example.com` | | |
| | CORS_ALLOWED_ORIGINS | No | String[] | - | List of domains that will be allowed by CORS. Multiple domains can be listed, separated by commas. No spaces. Example: `http://localhost:5173,https://example.com` | |
There was a problem hiding this comment.
I'll add the trim thing instead.
| }; | ||
| return res.status(200).send(resBody); | ||
| res.status(200).send(resBody); | ||
| return; |
There was a problem hiding this comment.
naive question: return is implicitly undefined, so it must be to end the condition. what's the purpose of putting it separately from the response? surely return res... has the exact same effect without looking unnecessarily verbose, and following a well established expressjs pattern.
There was a problem hiding this comment.
The updated version of Express's request handlers have a return type that doesn't allow returning the response function, so the existing returns were breaking build. I add the explicit return by habit to end the function after sending the response to prevent accidentally modifying a response that's already been sent (which causes exceptions in express).
There was a problem hiding this comment.
ugh Express! le why you le break? 😞
it was a nice pattern! are you sure it's not just their TS implementation that's the problem?
Co-authored-by: Anders Richardsson <2107110+justincorrigible@users.noreply.github.com>
joneubank
force-pushed
the
fix/client-for-browser
branch
from
c061713 to
b714db8
Compare
…verture-stack#247) * Enable CORS for server by configuration * Refactor client rest module to work in browser or server * Update client README for latest Rest module function usage * Remove distracting comments from test * Remove unused code and references to old dependencies * Upgrade @types packages and update affected code * Remove vestigial change analysis code imported from legacy client * Organize imports, format code example in readme * Trim cors allowed origins values Co-authored-by: Anders Richardsson <2107110+justincorrigible@users.noreply.github.com> * Remove tests associated with removed code --------- Co-authored-by: Anders Richardsson <2107110+justincorrigible@users.noreply.github.com>
3 participants
Description
This includes the final changes needed for the lectern-client to run inside a browser, while still running succesfully on the server.
This requires removing two dependencies that only work inside NodeJS (winston and node-fetch), and refactoring the modules that were using them. The client's rest module was re-written from scratch to provide functions to list all dictionaries on a server, and to fetch a single Dictionary either by ID or by Name and Version.
Future work is needed to also include a getDiff or getSchema/getField. All the POST/PUT endpoints that modify data will also require auth integration, and these have been left for future tasks.
This is a breaking change in that it changes which fetch functions were available in the client, but it should also unblock any browser integrations.
Server CORS
In addition to the client changes, the Lectern Server needed to have CORS configuration added so that requests from a browser would succeed. The server has the Express library updated to latest and the expressjs/cors middleware added. An environment variable is now provided that will allow configuration of the allowed CORS domains. By default, CORS will reject all domains, so no security changes for existing servers.
Fixes
Type of change
Please choose only the relevant options and remove the others.
How Has This Been Tested?
Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration.
Future Work
Checklist:
You do not need to fullfill all requirements of this checklist, select all that apply: