admin/raven
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2bb5a9f713b1a00bece675cb7c5305e6e14cced5
raven/devdocs/todo.txt
John Cardinal 2bb5a9f713
2020-05-13 00:17:19 +00:00

108 lines
7.7 KiB
Plaintext
Raw Blame History

PRIORITY - ALWAYS Lowest level stuff first
=-=-=-=-
TODO: check non-ops user can login during seeding operation
TODO: BizRoles.cs seems to get hammered on every single request, is it efficient?
- Why is it not cached in some way?
- Look into Lazy initialization (i.e. private static readonly Lazy<IDictionary<string, string>> mappings ....etc)
- Maybe break it out into separate objects
if do so then ideally put them into the biz object responsible?
- it has to instantiate that anyway on any meaningful operation
or...is this worse than actually caching in a lifetime cache because it will need to load on every route hit whereas a lifteimte cache is just there from being loaded once?
TODO: API REFACTORING (note: workordercontroller / biz should be following all these rules so it's the template if need reference)
todo: consider and then get rid of PATCH in all routes
unless compelling reason to keep
Would there be a place in the UI where I would want to patch part of an object?
Because I already ditched that for the workorder which is the heaviest and most patchable object in the bunch
if I change a name would I patch it or just put the whole record?
supporting it only for the use of third party users is not a good idea
todo: consider renaming ConcurrencyToken to a shorter string?
todo: all api route parameters, post object sb "newObject", put="putObject"
IN BIZ TOO
todo: all api routes, re-arrange code in controller in this order POST (and postlike such as duplicate), GET, PUT, DELETE for consistency and logicality
BIZ TOO
todo: all api route URI's sb lower case with dashes if necessary (use plural noun scheme)
https://docs.microsoft.com/en-us/azure/architecture/best-practices/api-design#organize-the-api-around-resources
todo: Controllers should not need to know about databases
refactor code so controller never fetches or deals with saving an object, all that is biz responsibility
todo: Routes should check rights *BEFORE* they fetch the object, not after, all routes affected
i.e. delete route instantiates biz object, then it fetchs object from db *then* it checks if they have rights to delete (generically, not specific to that object)
This is out of order as it triggers a db call even if they have no rights to do it
todo: all biz objects "ExistsAsync" is this required / necessary?
todo: add query fail logging to datalist just like done with picklist so in production can catch mysterious problems more easily
todo: AUTO ID GENERATOR
change to a dedicated spot in global rather than inferring as it is not right practically for reasons
Get the auto-id most recent values at boot time
internal static void SetMostRecentAutoIdValuesFromDatabase(AyaNova.Models.AyContext ct)
todo: Search get search result for workorder descendents doesn't fit into existing system due to it being a biz object wide feature but workorder having sub-get results
- CHILD objects need to point to their parent and be readable in code for searching and for opening objects based on child object
- so all child objects need a typeandid of the immediate parent
- Not sure where to document this so putting it here for reference
- Required for opening a search result of a descendent that is not directly openable an
- Need parent AyaType as an ENUM ATTRIBUTE in the AyaType table for easy traversal
todo: search tables in schema, I think there is a missing index here, need to look at the search query section again as it was changed several times from the original schema creation
todo: api / server landing page is shitty on a mobile
and really just shitty, add a logo or some shit
todo: Should server show uptime somewhere?
todo: BACKUP & related stuff that should be in v.initial release https://rockfish.ayanova.com/default.htm#!/rfcaseEdit/3369
todo: (BREAK THIS OUT INTO LATER/NOW/CASES) there are several outstanding AUTHENTICATION related cases in rockfish for RAVEN
e.g. https://rockfish.ayanova.com/default.htm#!/rfcaseEdit/1924
https://rockfish.ayanova.com/default.htm#!/rfcaseEdit/1835
https://rockfish.ayanova.com/default.htm#!/rfcaseEdit/1998 <---this is an important case for consideration
https://rockfish.ayanova.com/default.htm#!/rfcaseEdit/3367 <--time limited accounts for support or temporary access?
https://rockfish.ayanova.com/default.htm#!/rfcaseEdit/2059 <--- time restricted accounts so user can only login during business hours (still to be considered)
2fa stuff, some logging and lockout stuff
Go through the auth related cases and notes in client side and implement or close
todo: 2fa? (if not in first release, is there something needed to support it in future dbwise?)
todo: Auth Backdoor reset password feature
how to code it here, pretty easy to do:
https://rockfish.ayanova.com/default.htm#!/rfcaseEdit/3250
todo: Look into 2fa
https://rockfish.ayanova.com/default.htm#!/rfcaseEdit/3395
todo: Log configuration into server log at startup? https://rockfish.ayanova.com/default.htm#!/rfcaseEdit/3523
log all config settings into server log on boot
TODO: Is there a log that records past jobs, how long can they be viewed?
TODO: Rename the link to AyaNova App on the server page to just "AyaNova"
TODO: translation cjkindex, no way to set this value currently
TODO: Licensing - make sure tech type use license works properly: a tech license is consumed if a user has **any one** of the four roles of TechFull, TechLimited, SubcontractorFull, SubcontractorLimited
TODO: API docs, make separate page for datalists and remove from api-response-format.md doc but put a reference link to it there.
-------------------------------
### LATER (TURN INTO CASES IN ROCKFISH WHERE POSSIBLE AND REMOVE FROM HERE)
todo: hang trial off of App.ayanova.com or make that domain and put a landing page there because it's going to be needed for self host eventually and trials now
todo: some kind of ops specific event log or system that triggers alerts to ops people, I guess notifications would be the word I'm looking for...
- Once that exists a lot of backfilling needs to be done for example attachment files missing notification etc etc etc
todo: Server ops EMAIL address for server to send health messages to!!!!
- also maybe whatever other methods people use these days (text?)
- Boot config setting
- maybe this should be mirrored as a setting in global biz admin as well because the biz admin needs to know about critical server issues or impending doom of the server (disk space etc) just as much as OPS
- also OPS people are not always trustworthy
TODO: API RATE LIMITING / THROTTLING (NOTE: THIS IS MOST IMPORTANT WHEN GET INTO SELF SERVE / HOSTING)
- Return code 429
- Going to need rate limiting to save people from themselves
- Have this link from solutions.txt about this: https://github.com/stefanprodan/AspNetCoreRateLimit
- All the big api's have hourly limits on requests and also limits on total data throughput per hour
- (minute as well which actually makes more sense since it means they would only be down for a minute if they exceed it) too
- Find out what others do
- Twitter: https://developer.twitter.com/en/docs/basics/rate-limiting
- Zendesk = 100 requests per minute max
- https://developer.yammer.com/docs/rest-api-rate-limits
- Good developer info here: https://medium.com/clover-platform-blog/conquering-api-rate-limiting-dcac5552714d
- Would be nice to have a switch to set for if we host as maximum rates they pay for maybe
- On the other hand it's likely a can of worms and maybe it's best they pay for their own hosting and we just set it up or something?
- but then it's going to be hard to self serve them where it's all done easy peasy unless we host
- Maybe it's a cadillac problem that can wait?
- Maybe DigitalOcean has rate limits we can set for the entire server and just mention it as a hard cap to customers
Reference in New Issue View Git Blame Copy Permalink