# |
Apr 24th 2017, 10:15 |
bravo-kernel |
@birdy use muffin/obfuscate if you want to hide your (auto incremental) ids |
# |
Apr 24th 2017, 10:14 |
Neon1024 |
You can thanks bravo-kernel |
# |
Apr 24th 2017, 10:14 |
birdy247 |
the JsonApi is also sweet as |
# |
Apr 24th 2017, 10:14 |
birdy247 |
Man, CRUD + API + Search = happy |
# |
Apr 24th 2017, 10:05 |
Neon1024 |
https://youtu.be/3Neq2ey3mgE?t=18 |
# |
Apr 24th 2017, 10:05 |
Neon1024 |
But you’ve got a CMS so you’ve already got SSL |
# |
Apr 24th 2017, 10:04 |
Neon1024 |
So worth some SSL at an absolute minimum |
# |
Apr 24th 2017, 10:04 |
Neon1024 |
Will just get session hijacked, or man-in-the-middle’d etc etc |
# |
Apr 24th 2017, 10:04 |
Neon1024 |
So something like example.com/api/v1/secret-endpoint/918?password=foobar |
# |
Apr 24th 2017, 10:03 |
Neon1024 |
Plus, urls are transparent. Whatever is in the url is readable by anyone |
# |
Apr 24th 2017, 10:03 |
Neon1024 |
Not that I like Phil Sturgeon, but that was a point he made in one of his api talks, and it’s a good one |
# |
Apr 24th 2017, 10:02 |
birdy247 |
:+1: |
# |
Apr 24th 2017, 10:02 |
Neon1024 |
If you happened to have a security hole, I could suck your database dry |
# |
Apr 24th 2017, 10:01 |
birdy247 |
ah right |
# |
Apr 24th 2017, 10:01 |
Neon1024 |
Making it very easy for me to automatically hit every record in your database |
# |
Apr 24th 2017, 10:01 |
Neon1024 |
Well if it’s public Birdy, and you’re urls are something like example.com/api/v1/secrets/2 it’s safe to assume that example.com/api/v1/secret/3 will be a something as well |
# |
Apr 24th 2017, 09:49 |
birdy247 |
Neon1024 you mentioned to hide primary keys in any responses |
# |
Apr 24th 2017, 09:45 |
hagen00 |
sorry, will delete, it does work. I had a template error |
# |
Apr 24th 2017, 09:45 |
birdy247 |
the resource |
# |
Apr 24th 2017, 09:44 |
birdy247 |
Neon1024 got it :slightly_smiling_face: |
# |
Apr 24th 2017, 09:43 |
Neon1024 |
https://crud.readthedocs.io/en/latest/listeners/jsonapi.html |
# |
Apr 24th 2017, 09:42 |
Neon1024 |
https://github.com/FriendsOfCake/crud/blob/master/src/Listener/JsonApiListener.php |
# |
Apr 24th 2017, 09:42 |
Neon1024 |
https://book.cakephp.org/3.0/en/development/routing.html#resource-routes |
# |
Apr 24th 2017, 09:41 |
birdy247 |
api/v1/events/add with POST does add a new event |
# |
Apr 24th 2017, 09:41 |
birdy247 |
instead if gives a list of events |
# |
Apr 24th 2017, 09:41 |
birdy247 |
api/v1/events with POST does not add a new record |
# |
Apr 24th 2017, 09:40 |
birdy247 |
api/v1/events with GET gives a list of events |
# |
Apr 24th 2017, 09:38 |
birdy247 |
any ideas? |
# |
Apr 24th 2017, 09:35 |
birdy247 |
rather than anyting to suggest its trying to add a new record |
# |
Apr 24th 2017, 09:35 |
birdy247 |
but I always get back a list of results |
# |
Apr 24th 2017, 09:35 |
birdy247 |
I am using POST |
# |
Apr 24th 2017, 09:34 |
birdy247 |
I am trying to ADD a record via my API |
# |
Apr 24th 2017, 09:06 |
theaxiom |
Yo dawg |
# |
Apr 24th 2017, 09:06 |
theaxiom |
Maybe I will use both, haha |
# |
Apr 24th 2017, 09:05 |
Neon1024 |
Well core team recently switched from Coveralls to CodeCov for what it’s worth |
# |
Apr 24th 2017, 09:05 |
theaxiom |
Which is better, codecov or coveralls? |
# |
Apr 24th 2017, 09:03 |
Neon1024 |
But #minor |
# |
Apr 24th 2017, 09:03 |
Neon1024 |
Sometimes index templates are missing associations |
# |
Apr 24th 2017, 09:03 |
Neon1024 |
The RelatedModelsListener needs a little love though imho |
# |
Apr 24th 2017, 09:03 |
theaxiom |
You can also override the methods and then pass back to CRUD when you are done hi-jacking the event. |
# |
Apr 24th 2017, 09:02 |
Neon1024 |
s/event/exception |