diff --git a/docs/2024/index.md b/docs/2024/index.md index 13cb9b1a0..23e3a71aa 100644 --- a/docs/2024/index.md +++ b/docs/2024/index.md @@ -52,7 +52,7 @@ More info to come here. | Topic(s) | Timings | Meeting link | ICS | | :------------------ | :---------------------------- | :------------------------------------------------------------------------------------------------------ | :----------------------------------- | | General Meeting | _Thursday_ 13:30 - 14:30 UTC | [Jitsi](https://meet.jit.si/moderated/5a655b3b6f3b4f83cddb13b93ac5408d6de48bf4ce1049f4128aa1c885478d48) | [.ics](/ics/gsoc_2024_weekly.ics) | -| - | - | - | - | +| REST API | _Tuesday_ 11:00 - 11:50 UTC | [Jitsi](https://moderated.jitsi.net/d623bb1284a54c83958eff31d2ecce9ed6b894312eda4ed9b400d5963f4e18b6) | [.ics](/ics/gsoc_2024_rest.ics) | | SPDX Related | _Tuesday_ 10:30 - 11:20 UTC | [Jitsi](https://moderated.jitsi.net/d623bb1284a54c83958eff31d2ecce9ed6b894312eda4ed9b400d5963f4e18b6) | [.ics](/ics/gsoc_2024_spdx.ics) | | CI Scanner | _Wednesday_ 10:30 - 11:00 UTC | [Jitsi](https://moderated.jitsi.net/39896aad61bc4a27b9418ee6b78689348c65790e889046069dbe9c8c34110c9a) | [.ics](/ics/gsoc_2024_ci.ics) | | Scheduler Overhaul | _Friday_ 10:30 - 11:00 UTC | [Jitsi](https://moderated.jitsi.net/5444f675f5ce47c788fa4238a6a958c53d3e62804e9243d5b807fbaa81f3120f) | [.ics](/ics/gsoc_2024_scheduler.ics) | diff --git a/docs/2024/rest/API-guidelines.md b/docs/2024/rest/API-guidelines.md index c5bc9460c..087760612 100644 --- a/docs/2024/rest/API-guidelines.md +++ b/docs/2024/rest/API-guidelines.md @@ -11,8 +11,17 @@ SPDX-License-Identifier: CC-BY-SA-4.0 SPDX-FileCopyrightText: 2024 Divij Sharma --> +## Details + +- Created by: [Divij Sharma](https://github.com/dvjsharma) +- Reviewed by: [Gaurav Mishra](https://github.com/GMishx), [Shaheem Azmal M MD](https://github.com/shaheemazmalmmd) + +## Motive + Since this project primarily focuses on REST API development and improvement, it is crucial to establish a comprehensive guideline from the beginning. This guideline will serve as a set of rules to follow and provide a clear objective to achieve. After researching various reputable open-source projects and reviewing several design guides, I have prepared a detailed guideline document. Please refer to the table below for more information. +## Guidelines + diff --git a/docs/2024/rest/index.md b/docs/2024/rest/index.md index 3597748c5..647b23a05 100644 --- a/docs/2024/rest/index.md +++ b/docs/2024/rest/index.md @@ -50,13 +50,4 @@ This project involves the following tasks: - Study each endpoint and its functionality to identify potential edge cases. - Write unit tests for all existing and new endpoints. -More specific details about each task can be found in the [Task Details Table](https://docs.google.com/document/d/158BZBZ5owLtI-SqD1MIduMy4bR3XLuwm4aDLynoFZAA/edit?usp=sharing). - - Develop a REST API guideline which will provide a solid set of rules to follow. - - Upgrade existing endpoints to V2 based on the guideline, also ensuring backward compatibility. - - Update documentation to reflect the changes and versioning. - -3. **Increasing Test Coverage:** - - Study each endpoint and its functionality to identify potential edge cases. - - Write unit tests for all existing and new endpoints. - -More specific details about each task can be found in the [Task Details Table](https://docs.google.com/document/d/158BZBZ5owLtI-SqD1MIduMy4bR3XLuwm4aDLynoFZAA/edit?usp=sharing). +More specific details about each task can be found in the [Task Details Table](https://docs.google.com/document/d/158BZBZ5owLtI-SqD1MIduMy4bR3XLuwm4aDLynoFZAA/edit?usp=sharing). \ No newline at end of file diff --git a/docs/2024/rest/updates/2024-05-07.md b/docs/2024/rest/updates/Divij/2024-05-07.md similarity index 100% rename from docs/2024/rest/updates/2024-05-07.md rename to docs/2024/rest/updates/Divij/2024-05-07.md diff --git a/docs/2024/rest/updates/2024-05-30.md b/docs/2024/rest/updates/Divij/2024-05-30.md similarity index 96% rename from docs/2024/rest/updates/2024-05-30.md rename to docs/2024/rest/updates/Divij/2024-05-30.md index 2acd179a6..c92d6d0be 100644 --- a/docs/2024/rest/updates/2024-05-30.md +++ b/docs/2024/rest/updates/Divij/2024-05-30.md @@ -13,7 +13,7 @@ SPDX-FileCopyrightText: 2024 Divij Sharma *(May 30,2024)* -## Attendees: +## Attendees - [Divij Sharma](https://github.com/dvjsharma) - [Gaurav Mishra](https://github.com/GMishx) @@ -22,7 +22,7 @@ SPDX-FileCopyrightText: 2024 Divij Sharma - [Soham Banerjee](https://github.com/soham4abc) - [Valens Niyonsenga](https://github.com/valens200) -## Discussion: +## Discussion - **Who should be doing what?** - Discussed project responsibilities with my colleague [Valens](https://github.com/valens200) and mentors. @@ -30,7 +30,7 @@ SPDX-FileCopyrightText: 2024 Divij Sharma - **REST API Version 2 updates** - I mentioned that the work on the REST API Version 2 upgrade is almost complete and suggested we can start looking for any further improvements. - - Mentors suggested I should review the code and look for any possible improvements based on my proposed guidelines. [(REST API Guidelines)](../API-guidelines.md). + - Mentors suggested I should review the code and look for any possible improvements based on my proposed guidelines. [(REST API Guidelines)](../../API-guidelines.md). - **OAuth 2.0 architecture discussion and needs** - [Gaurav](https://github.com/GMishx) explained the various modes of authentication we aim to have in the FOSSology project. These are: @@ -39,7 +39,7 @@ SPDX-FileCopyrightText: 2024 Divij Sharma - Client Credentials Grant (Machine to Machine) - I cleared my doubts regarding the OAuth 2.0 implementation and its significance in the project. I also got a rough vision of what needs to be implemented and what is already implemented. [(Reference Material)](https://github.com/fossology/fossology/wiki/OpenID-Connect-authentication-configuration) -## Activities: +## Activities - Tested the REST API Version 2 on a local instance and noted down the improvements that can be made. - Researched on OAuth 2.0 and how it can be implemented in the project. diff --git a/docs/2024/rest/updates/2024-06-06.md b/docs/2024/rest/updates/Divij/2024-06-06.md similarity index 98% rename from docs/2024/rest/updates/2024-06-06.md rename to docs/2024/rest/updates/Divij/2024-06-06.md index 478154df3..ad09d3804 100644 --- a/docs/2024/rest/updates/2024-06-06.md +++ b/docs/2024/rest/updates/Divij/2024-06-06.md @@ -13,19 +13,19 @@ SPDX-FileCopyrightText: 2024 Divij Sharma *(June 6,2024)* -## Attendees: +## Attendees - [Divij Sharma](https://github.com/dvjsharma) - [Shaheem Azmal M MD](https://github.com/shaheemazmalmmd) - [Valens Niyonsenga](https://github.com/valens200) -## Discussion: +## Discussion - No major updates since the last meeting. - Discussed the improvements that can be made in the REST API Version 2. - Discussed the implementation of OAuth 2.0 in the project. -## Activities: +## Activities - **OAuth 2.0** - Researched OAuth 2.0 and its application on production servers. Found the [Auth0 article](https://auth0.com/intro-to-iam/what-is-oauth-2) particularly helpful. Studied various architectural patterns for different flows to determine the best fit for our project. diff --git a/docs/2024/rest/updates/Divij/2024-06-11.md b/docs/2024/rest/updates/Divij/2024-06-11.md new file mode 100644 index 000000000..4c6def8da --- /dev/null +++ b/docs/2024/rest/updates/Divij/2024-06-11.md @@ -0,0 +1,67 @@ +--- +title: Week 3 +author: Divij Sharma +tags: [gsoc24, rest] +--- + + + +# Week 3 meeting and activities + +_(June 11,2024)_ + +## Attendees + +- [Divij Sharma](https://github.com/dvjsharma) +- [Gaurav Mishra](https://github.com/GMishx) +- [Shaheem Azmal M MD](https://github.com/shaheemazmalmmd) + +## Discussion + +- **OAuth** + - Proposed 2 mechanisms for OAuth 2.0 implementation in the project. + - **M-2-M, for technical uesrs**: + - Clients must obtain a token from the authorization server using their client ID and client secret. + - The token can be used to access the FOSSology API. + - For this to happen, FOSSology server must be configured to use OAuth 2.0. + - REST API will have endpoints to do this configuration. + - Token sent should be verified by the server and user should be authenticated and authorized. + - **Authorization Code Grant, for end users and new UI**: + - Only for client applications that can interact with the user. + - Can use various npm libraries to implement this flow. + - Users will log in and receive a code. + - This code can be exchanged for a token to access the FOSSology API. + - [Gaurav](https://github.com/GMishx) mentioned that the `client id` for both the mechanisms will be different, which will cause problems when using the same client for both the mechanisms. + - We will have to look into this and find a solution. Maybe I will handle this in the last week. + - Discussed the improvements that can be made in the REST API Version 2, particularly the status codes and pagination. + +## Activities + +- **OAuth 2.0 M-2-M implementation** + + - Implemented the OAuth 2.0 M-2-M mechanism for the project. + - Created an endpoint `/users/oauthclient` to add new clients when user is logged in. + - Created an endpoint `/users/oauthclient/{type}` to get active and expired OAuth clients. + - The `/customise` endpoint used to accept only a single key-value pair for updating admin configs, making it difficult to update fields in bulk. I've modified it to accept an array of key-value pairs and update accordingly. + - The `/customise` endpoint is now capable to fetch all other URLs required for OIDC integration when the discovery URL is passed over the REST API. + - Raised a PR [feat(oauth): Added machine-to-machine OAuth functionality](https://github.com/fossology/fossology/pull/2761) for the same. + +- **REST API Version 2** + - Started working on the improvements identified in the last meeting: + - Status Codes: Particularly 204 (no content) + - Adding pagination to all necessary endpoints + - Using model classes for all major/minor responses + - Test coverage + - Authentication workflow + - Made requested changes in the PR [feat(api): Upgrade Jobs & Report APIs to Version 2](https://github.com/fossology/fossology/pull/2736). + +## SecreenShots + +- `/users/oauthclient` : Add new clients when user is logged in. + ![addclients](/img/reactUI/api/OAuth/addclients.png) +- `/users/oauthclient/{type}` : Get active and expired OAuth clients. + ![viewclients](/img/reactUI/api/OAuth/viewclients.png) diff --git a/docs/2024/rest/updates/Divij/_category_.json b/docs/2024/rest/updates/Divij/_category_.json new file mode 100644 index 000000000..877e4d108 --- /dev/null +++ b/docs/2024/rest/updates/Divij/_category_.json @@ -0,0 +1,4 @@ +{ + "label": "Divij Sharma", + "position": 1 +} \ No newline at end of file diff --git a/docs/2024/rest/updates/_category_.json b/docs/2024/rest/updates/_category_.json new file mode 100644 index 000000000..ca037ffbf --- /dev/null +++ b/docs/2024/rest/updates/_category_.json @@ -0,0 +1,4 @@ +{ + "label": "Weekly Updates", + "position": 1 +} diff --git a/docs/2024/rest/updates/sharma/2024-05-07.md b/docs/2024/rest/updates/sharma/2024-05-07.md deleted file mode 100644 index 17eab764c..000000000 --- a/docs/2024/rest/updates/sharma/2024-05-07.md +++ /dev/null @@ -1,92 +0,0 @@ ---- -title: Community bonding -author: Divij Sharma ---- - - -# Community Bonding - -## Introduction meeting - -*(May 7,2024)* - -This was the first meeting of the community bonding period for GSoC '24. Mentors and contributors introduced themselves, and the general meeting time and platform were decided. - -## Meeting 1 - -*(May 9,2024)* - -This was the first general meeting after the introduction meeting. Mentors discussed the importance of communication and the need for regular updates. The contributors were free to ask any questions they had. - -## During community bonding week 1 - -*(May 9,2024- May 15,2024)* - -### Activities - -* I created an unofficial communication group with fellow contributors to get to know each other better. -* I discussed the project and the tasks that need to be completed during the coding period with the mentors. -* I clarified some of my doubts regarding the project timeline. - -### Work done - -* I was already familiar with the code-base because of my previous contributions to FOSSology. I started working on upgrading the REST APIs to version 2. -* I fixed some minor bugs in the following of my uplink PRs related to the upgradation: - - [feat(api): Upgrade User & Group APIs to Version 2 ](https://github.com/fossology/fossology/pull/2711) - - [feat(api): Upgrade Folder, License & Obligation APIs to Version 2](https://github.com/fossology/fossology/pull/2712) - -## Meeting 2 - -*(May 16,2024)* - -We discussed the progress made during the first week of community bonding. Mentors asked if contributors were able to set up their development environments and if they faced any issues. Everyone gave a brief overview of the tasks they were working on. - -## During community bonding week 2 - -*(May 16,2024- May 22,2024)* - -### Activities - -* I had calls with fellow contributors to help them set up their development environments. -* I had a discussion with my colleague [Valens](https://github.com/valens200) about how we shall manage our tasks. - -### Work done - -* I continued working on upgrading the REST APIs to version 2. - -* I finalized the work on a new endpoint to retrieve user copyright findings and also upgraded Jobs and Report APIs to version 2. - - [feat(api): New endpoint to retrieve user copyright findings ](https://github.com/fossology/fossology/pull/2717) - - [feat(api): Upgrade Jobs and Report APIs to Version 2 ](https://github.com/fossology/fossology/pull/2736) - - -## Meeting 3 - -*(May 23,2024)* - -We discussed the progress made during the second week of the community bonding period. Mentors asked if contributors faced any issues while installing the project and encouraged us to make small contributions. We also decided on the time for project-specific weekly meetings. - -## During community bonding week 3 - -*(May 23,2024- May 29,2024)* - -### Activities - -* I helped few of my colleagues in setting up their development environments. - -### Work done - -* I continued working on upgrading the REST APIs to version 2. - -* I upgraded the Search, Copyright & Admin APIs to Version 2. - - [feat(api): Upgrade Search, Copyright & Admin APIs to Version 2 ](https://github.com/fossology/fossology/pull/2744) - -## Meeting 4 - -*(May 30,2024)* - -We discussed the progress made during the third week of the community bonding period. Mentors gave general updates followed by weekly updates by contributors. We had a session on how are we supposed to present and maintain our work during the coding period through the documentation. - \ No newline at end of file diff --git a/docs/2024/rest/updates/sharma/2024-05-30.md b/docs/2024/rest/updates/sharma/2024-05-30.md deleted file mode 100644 index c506a1fe8..000000000 --- a/docs/2024/rest/updates/sharma/2024-05-30.md +++ /dev/null @@ -1,50 +0,0 @@ ---- -title: Week 1 -author: Divij Sharma -tags: [gsoc24, rest] ---- - - - -# Week 1 meeting and activities - -_(May 30,2024)_ - -## Attendees: - -- [Divij Sharma](https://github.com/dvjsharma) -- [Gaurav Mishra](https://github.com/GMishx) -- [Samuel Dushimimana](https://github.com/dushimsam) -- [Shaheem Azmal M MD](https://github.com/shaheemazmalmmd) -- [Soham Banerjee](https://github.com/soham4abc) -- [Valens Niyonsenga](https://github.com/valens200) - -## Discussion: - -- **Who should be doing what?** - - - Discussed project responsibilities with my colleague [Valens](https://github.com/valens200) and mentors. - - We decided that currently I will focus on the REST API Version 2 upgrade and OAuth 2.0 implementation, while Valens would work on adding test cases for the current REST API implementation. - -- **REST API Version 2 updates** - - - I mentioned that the work on the REST API Version 2 upgrade is almost complete and suggested we can start looking for any further improvements. - - Mentors suggested I should review the code and look for any possible improvements based on my proposed guidelines. [(REST API Guidelines)](../../API-guidelines.md). - -- **OAuth 2.0 architecture discussion and needs** - - [Gaurav](https://github.com/GMishx) explained the various modes of authentication we aim to have in the FOSSology project. These are: - - Token based authentication - - Authorization Code Grant (Web Application) - - Client Credentials Grant (Machine to Machine) - - I cleared my doubts regarding the OAuth 2.0 implementation and its significance in the project. I also got a rough vision of what needs to be implemented and what is already implemented. [(Reference Material)](https://github.com/fossology/fossology/wiki/OpenID-Connect-authentication-configuration) - -## Activities: - -- Tested the REST API Version 2 on a local instance and noted down the improvements that can be made. -- Researched on OAuth 2.0 and how it can be implemented in the project. -- Did minor improvements in the following PR: - - [feat(api): Upgrade User & Group APIs to Version 2 ](https://github.com/fossology/fossology/pull/2711) diff --git a/docs/2024/rest/updates/sharma/2024-06-06.md b/docs/2024/rest/updates/sharma/2024-06-06.md deleted file mode 100644 index 478154df3..000000000 --- a/docs/2024/rest/updates/sharma/2024-06-06.md +++ /dev/null @@ -1,51 +0,0 @@ ---- -title: Week 2 -author: Divij Sharma -tags: [gsoc24, rest] ---- - - -# Week 2 meeting and activities - -*(June 6,2024)* - -## Attendees: - -- [Divij Sharma](https://github.com/dvjsharma) -- [Shaheem Azmal M MD](https://github.com/shaheemazmalmmd) -- [Valens Niyonsenga](https://github.com/valens200) - -## Discussion: - - - No major updates since the last meeting. - - Discussed the improvements that can be made in the REST API Version 2. - - Discussed the implementation of OAuth 2.0 in the project. - -## Activities: - -- **OAuth 2.0** - - Researched OAuth 2.0 and its application on production servers. Found the [Auth0 article](https://auth0.com/intro-to-iam/what-is-oauth-2) particularly helpful. Studied various architectural patterns for different flows to determine the best fit for our project. - - Prepared a draft outlining the implementation details, focusing on two scenarios: - - - **For the API**: - - Create an endpoint to add new clients, accepting `name`, `clientId`, and `scope`. - - Another endpoint to configure FOSSology, accepting `appName`, `clientId`, `clientSecret`, `clientClaim`, `redirectUri`, and `discoveryUri`. The `discoveryUri` will be used to fetch other required endpoints. - - Once these steps are completed, FOSSology will be configured to use OAuth 2.0. Users can obtain a token from their authorization server to access the FOSSology API. - - - **For the Web Application**: - - Implement the Authorization Code Grant flow for the frontend. This requires a login page where users can log in and receive a code, which can be exchanged for a token to access the FOSSology API. - - Researched libraries to implement this flow on the frontend. - - On the server side, implement a mechanism to verify user credentials received from the server and issue a token to the user. - -- **REST API Version 2** - - Reviewed the code and identified areas for improvement. - - Found the following things which we can look into: - - Status Codes: Particularly 204 (no content) - - Adding pagination to all necessary endpoints - - Using model classes for all major/minor responses - - Test coverage - - Authentication workflow \ No newline at end of file diff --git a/docs/2024/rest/updates/sharma/_category_.json b/docs/2024/rest/updates/sharma/_category_.json deleted file mode 100644 index c161ae715..000000000 --- a/docs/2024/rest/updates/sharma/_category_.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "label": "Divij Sharma", - "position": 2 -} diff --git a/static/img/reactUI/api/OAuth/addclients.png b/static/img/reactUI/api/OAuth/addclients.png new file mode 100644 index 000000000..6db32081a Binary files /dev/null and b/static/img/reactUI/api/OAuth/addclients.png differ diff --git a/static/img/reactUI/api/OAuth/viewclients.png b/static/img/reactUI/api/OAuth/viewclients.png new file mode 100644 index 000000000..0c779207b Binary files /dev/null and b/static/img/reactUI/api/OAuth/viewclients.png differ
**#**