-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtodo.todo
191 lines (182 loc) · 11.1 KB
/
todo.todo
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
Moving to production:
☐ Use https instead of http on React server.
☐ Https cert
☐ Security: connection stringove razraditi: dev, prod
Front end:
☐ Add styles
☐ Bug:
☐ Stalno se reloada front end.
✔ Warning: [Deprecation] Synchronous XMLHttpRequest on the main thread is deprecated because of its detrimental effects to the end user's experience. For more help, check https://xhr.spec.whatwg.org/. @done (18. 02. 2021. 21:52:45)
☐ Tags textbox: every whitespace is a new tag in Redux store.
☐ Mislim da sam krivo dizajnirao komponente. Primjer:
☐ Novi question -> upiši vrijednosti -> stisni Clear.
☐ U callbacku za clear (onClearHandle) ja moram ručno (!) očistiti i lokalni `editedQuestion` i Redux store `draftQuestion`.
☐ U biti sam poništio one-way binding.
☐ Treba dobro razmisliti o dizajnu tih edit existing i add new komponenti.
☐ Error handling sa API-ja mi se ne čini da radi dobro. Simuliraj exception na Apiju pa vidi što se dogodi na front endu.
☐ Fix git client so as I don't have to re-enter user/pass on every push. Use SSL.
☐ Logging
✔ Error component. @done (18. 02. 2021. 23:12:48)
☐ Protected route: new question
☐ Integrirati UserManager u React Context: https://dev.to/tappyy/oidc-authentication-with-react-identity-server-4-3h0d
☐ AuthService.js - hardkodiran localhost sa portovima.
☐ Additional features:
☐ Unaccept answer.
☐ Tags are specified in UI using ids. This should be fetched from API and name should be represented. Should be clickable.
Backend:
Authentication And Authorization:
☐ User Management
☐ Should be unique email on IdP.
☐ Edit account on SU Api and front end.
☐ On logout, while still on IdP, before it redirects back, a page is shown briefly. Change text on it so it says "If it does not redirect yadda yadda yadda".
☐ API - add policies
☐ Komponenta signinOidc redirecta na '/'. Neka redirecta tamo gdje si zadnje bio. Pretraži IdS4 za "returnUrl" parametar.
☐ onDelete: ReferentialAction.Cascade
☐ Ako pogledaš 20210130221500_UserRole.cs vidjet ćeš taj redak. Što to točno znači?
✔ IdP: CORS za dev i prod env. @done (27. 02. 2021. 23:16:17)
✔ Roles @today @done (24. 02. 2021. 23:06:37)
✔ User @done (24. 02. 2021. 23:06:29)
✔ Moderator @done (24. 02. 2021. 23:06:30)
✔ Može editirati svaki resurs. @done (24. 02. 2021. 23:06:30)
Cross-Cutting Concerns:
☐ Security
✔ Avoid XSS in React @done (19. 02. 2021. 23:16:00)
✔ Sanitize outputs in React @done (19. 02. 2021. 23:16:05)
✔ Content Security Policy @done (25. 02. 2021. 22:16:36)
✔ Ne dopustiti inline scripts @done (21. 02. 2021. 22:13:57)
✔ Riješiti inlined React runtime js @done (21. 02. 2021. 21:42:28)
✔ Ne dopustiti inline styles @done (25. 02. 2021. 22:16:35)
✔ iframe za silent auth treba biti dopušten @done (21. 02. 2021. 21:42:41)
✔ Kako učiniti da CSP bude drugačiji preko raznih okolina? @done (22. 02. 2021. 00:11:30)
✔ CSP treba samo na produkciji. @done (22. 02. 2021. 00:11:29)
✔ Https to API @done (24. 02. 2021. 23:06:46)
☐ Https to Identity
☐ Https to Front end
✔ Add HSTS to API. @done (25. 02. 2021. 22:16:27)
✔ Secure Application Secrets @done (26. 02. 2021. 22:20:24)
☐ React: remove source maps in production
☐ Logging
☐ Problem: LoggingFilter je ok zasad, ali scopeovi se ne logiraju za exception. Valjda zato jer ApiExceptionHandlerMiddleware nije unutar Action filtera.
☐ To ću moći pokušati riješiti tek kad upogonim Identity Server. Onda bih mogao probati prebaciti kreiranje Scopeova u ApiExceptionHandlerMiddleware i otamo povući User Id i Claimove.
☐ Kako definirati logging folder na fleksibilan način?
☐ Good logging levels:
☐ For dev
☐ For prod
☐ Research što sve uopće logirati?
☐ Prepare for production.
☐ Migrate to net 5.0
☐ Upgrade libs:
☐ AutoMapper @Api
☐ Some projects are built against netstandard2.0, others against netstandard2.1
✔ Infrastructure project has interface in it. @done (29. 05. 2021. 07:46:29)
✔ Review other projects if there is anything in there that should be Infrastructure. Review in general for anything that is out of place. @done (29. 05. 2021. 07:46:32)
Testing:
☐ Review all unit tests
☐ Integration tests
☐ End-to-end tests
Must Have:
☐ ServiceBus/MT
✔ Nuget @done (29. 05. 2021. 06:33:22)
✔ dotnet add package MassTransit --version 7.1.8 @done (29. 05. 2021. 06:33:22)
✔ dotnet add package MassTransit.AspNetCore --version 7.1.8 @done (29. 05. 2021. 06:33:23)
✔ dotnet add package MassTransit.Extensions.DependencyInjection --version 7.1.8 @done (29. 05. 2021. 06:33:24)
✔ dotnet add package MassTransit.Azure.ServiceBus.Core --version 7.1.8 @done (29. 05. 2021. 06:33:25)
✔ MT creates a topic + subscription -> forward to queue. Can we make this more direct, w/o the queue? @done (29. 05. 2021. 06:50:35)
✔ On Api startup, topic and subscription are created which ignore names I wanted. After the first request, proper topic name is created, but no subscriber. @done (29. 05. 2021. 07:45:10)
✔ Had to move stuff around (Infra, Common). Do a quick test of caching. @done (29. 05. 2021. 15:03:41)
✔ Move DI stuff into a new DI class in Infrastructure.MessageBroker @done (29. 05. 2021. 15:38:49)
✔ Maknuti ref na MassTransit iz APIja. @done (29. 05. 2021. 15:38:47)
☐ Background service:
✔ MassTransit DI setup @done (30. 05. 2021. 08:00:28)
✔ Dockerize @done (30. 05. 2021. 08:00:30)
✔ Must wait for database. @done (30. 05. 2021. 08:00:31)
✔ No ports @done (30. 05. 2021. 08:00:32)
☐ Call consumer - write consumer properly, call Core points service
☐ Worker service error handling
☐ Logging
✔ Point calculation service in Core @high @done (04. 06. 2021. 12:07:38)
✔ No need for sp. Call from EF core if possible. Drop sp. @critical @done (04. 06. 2021. 12:06:48)
✔ Return value from sp. Out parameters in PG? @done (04. 06. 2021. 12:07:20)
✔ BaseLimits @done (04. 06. 2021. 12:07:23)
✔ new property UpvotePoints @done (04. 06. 2021. 12:07:24)
✔ new property DownvotePoints @done (04. 06. 2021. 12:07:26)
✔ Cache @done (04. 06. 2021. 12:07:31)
✔ Insert new values to Limits table. @done (04. 06. 2021. 12:07:32)
✔ Execute 2 migrations. @done (04. 06. 2021. 12:07:34)
✔ BaseLimits je scoped u Apiju!!! Zašto? Svaki se put nanovo cacheira! No good. @done (04. 06. 2021. 12:07:35)
☐ https://docs.microsoft.com/en-us/azure/service-bus-messaging/service-bus-performance-improvements?tabs=net-standard-sdk-2#prefetching
✔ Watch out: events can be raised only AFTER a commit is made. Take a look at FrontDesk for this. @critical @done (04. 06. 2021. 12:07:41)
☐ Move uow and publisher to controller.
☐ Move to attribute?
☐ Raise events where neccessary. Downvote, revoke vote whatever.
☐ Try to raise an event from identity project
☐ Send a confirmation email
☐ Create a new user
☐ On developing locally: https://jimmybogard.com/local-development-with-azure-service-bus/
☐ Make Postman authenticate.
☐ AutoMapper
✔ Move all profiles to appropriate model classes. @done (01. 05. 2021. 00:05:43)
☐ Use UserIdResolver. Stop mapping UserId manually.
☐ All outgoing (and incoming?) Dtos should be made records.
☐ Introduce .Net 5 :)
☐ Error handling: there is a bunch of catch blocks dealing with NotFound and 422. Move it somewhere centrally?
☐ 504 Gateway Time-out na nginxu prilikom duljeg debuggiranja.
☐ Options class
☐ QuestionSummariesController bi trebao nasljeđivati od ApiControllerBase.
☐ CORS
☐ Bolje definirati, trenutno dopuštamo sve.
☐ Mora ići UseCors after UseRouting
☐ Unit tests: rerun, review, fix.
☐ Startup.cs
☐ Tidy up all the registrations.
☐ services.AddController()
Bugs:
☐ Na startupu se javlja error u Outputu: Cannot assign requested address [::1]:5432
☐ Migrations Dockerfile
☐ ima liniju: image: ${DOCKER_REGISTRY-}stackunderflowsql
☐ Nema envfile definiran
☐ 201 vraća http u Locations headeru.
☐ Baca neki warning u testovima.
☐ Debug, breakpoint na QuestionRepository.cs:GetQuestionSummariesAsync()
☐ Open Locals
☐ 'searchQueryLowercase' threw an exception of type 'System.NullReferenceException'
☐ .Common projekt, folder Interfaces - nema smisla, posebno kad pogledaš da postoji u istom projektu dediciran folder za neke druge stvari i interfejsi su u tim folderima. Bolje da preimenujem folder Interfaces u folder Data il tak neš.
☐ Api call (Postman "Answers - Ordering, paging") baca error.
Things to redo:
☐ Rewrite all controllers as endpoints. I became aware of this when I implemented BaseLimits. This gets created even on GETs, even though there is no need. To test this, put a breakpoint on Cache.Get() and check how many times it gets hit for "limits" on each request.
Nice To Have:
☐ User endpoint
☐ Retrieve user by id. Allow anonymous.
☐ User
☐ Admin screen
☐ Administer Limits
☐ Admin can assign other users as admins
☐ Po repoima ima glupih queryja, rade .Where() pa .ProjectTo, pa .Single. To se može skratiti, pogledaj USerRepository.GetUser()
☐ Repository: switch from .ProjectTo<T>() to .Projector<T>()
☐ POST question {body: "", title: "", tags: []} - how does it behave?
☐ MaximumPageSize nema efekta.
☐ TagIds should be renamed to Tags.
☐ Upravo sam išao implementirati novi resource parameters. Stvar je ajde-de, razumljiva, ali samo mapiranje propertyja između view modela i application modela (u PropertyMappingService.cs) je malo icky. Mislim da bi to trebalo izvesti preko atributa na view modelu.
☐ Čudno puno ima situacija gdje se ne tracka upravo dodan related entity. Npr. Kad postam novi answer, onda moram ručno napraviti .AddAsync(answer). To ne bi trebalo tako funkcionirati.
☐ Pregledati svaki query i vidjeti da li je Tracking ili NoTracking i da li je odabir ispravan.
☐ Answer View Model (GET) trebaju imati i podatak kad je answer prihvaćen.
☐ Napraviti readme: kako izgleda projekt, kako ga zbildati, pokrenuti.
☐ Api
☐ Client App
☐ API Advanced
☐ Cacheing
☐ Logging
☐ Review RESTful project for clues
☐ Security
☐ Razraditi jobove
☐ Razraditi evente i event handling
☐ .editorconfig
☐ Endpoints
☐ /api/tags
☐ GET
☐ POST
☐ /api/tags/{name}
☐ GET
☐ This will need more thinking through.
☐ /api/users
☐ This will need more thinking through.