-
Notifications
You must be signed in to change notification settings - Fork 28
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
2830 persistent endpoints for downloads #2936
base: development
Are you sure you want to change the base?
Conversation
Minor features for Project creation and show.
Codecov ReportAttention:
❗ Your organization needs to install the Codecov GitHub app to enable full functionality. Additional details and impacted files@@ Coverage Diff @@
## development #2936 +/- ##
===============================================
- Coverage 85.80% 85.74% -0.07%
===============================================
Files 2013 2015 +2
Lines 73745 73622 -123
===============================================
- Hits 63277 63126 -151
- Misses 10468 10496 +28
☔ View full report in Codecov by Sentry. |
Is my understanding correct that POST/DELETE require user token and project token alone is not enough to authorize access? Was about to raise concerns about download request flooding but found out that there is protection against that by not allowing more than a download. Perhaps will need some security measures to prevent supplying any download type, but at least I tried with |
Yes, POST/PATCH should require user. Only specific download types are allowed, and n=1 right now, so hopefully that is not an issue. Thanks for testing. |
@LordFlashmeow I think this is tracking your file download requirements?
|
|
Yes. Ideally we could provide a list of predicate IDs to include as a parameter to the request. |
@LordFlashmeow Predicate params should be there already, I should have say "Allows", i.e. they need testing, not implementation to pass that check: params.permit(collecting_event_predicate_id: [], collection_object_predicate_id: [] ).transform_keys(&:to_sym).to_h |
3395b65
to
c7f7e2b
Compare
@LocoDelAssembly @LordFlashmeow I'd like to merge this, but do need help confirming the last 3 checks are OK. |
|
||
after_action -> { set_pagination_headers(:downloads) }, only: [:api_index], if: :json_request? | ||
|
||
skip_forgery_protection only: [:api_build, :api_destroy] |
Check failure
Code scanning / CodeQL
CSRF protection weakened or disabled
I tested COLDP and DarwinCore dashboard downloads with development merged and both still worked. |
If you delete a Download while it is running, the job completes and the download file is generated (but it may not be a problem as discussed with @mjy). At least you can't access the file for a deleted download at: http://localhost:3000/api/v1/downloads/{id}/file I'm not sure how to do a call with the data_attributes or couldn't get it to work. |
This adds the following endpoints, allowing for the creation of DwC Archive dumps via the external api:
http://127.0.0.1:3000/api/v1/downloads/build?project_token=<>&token=<>&type=Download::DwcArchive::Complete
http://127.0.0.1:3000/api/v1/downloads/123?project_token=<>&token=<>
http://127.0.0.1:3000/api/v1/downloads/123?project_token=<>
http://127.0.0.1:3000/api/v1/downloads/123/file?project_token=<>
# return the binaryTODO:
Changelog
Added