Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

APIv3: proxy these URLs to be served from El Proxito /_/api/v3/ #11831

Draft
wants to merge 5 commits into
base: main
Choose a base branch
from
Draft

APIv3: proxy these URLs to be served from El Proxito /_/api/v3/ #11831

wants to merge 5 commits into from
+209 −187

Conversation

humitos
Copy link
Member

@humitos humitos commented Dec 9, 2024

@humitos humitos mentioned this pull request Dec 12, 2024
Draft
ericholscher
ericholscher reviewed Dec 16, 2024
View reviewed changes
readthedocs/api/v3/proxied_urls.py
api_proxied_urls = [
path("embed/", ProxiedEmbedAPI.as_view(), name="embed_api_v3"),
path("search/", ProxiedSearchAPI.as_view(), name="search_api_v3"),
]

urlpatterns = api_proxied_urls
urlpatterns += router.urls
Copy link
Member

@ericholscher ericholscher Dec 16, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I know Santos had some worried about handling modifications here. This seems like a pretty large change?

Santos mentioned:

We can cache content over docs domains (assuming we only expose read-only resources, and on .org only).

And this doesn't seem to restrict any of those things? In particular, we need to remove auth from these API endpoints (

readthedocs.org/readthedocs/core/mixins.py

Lines 25 to 27 in bb2aca3

# DRF has BasicAuthentication and SessionAuthentication as default classes.
# We don't support neither in the community site.
authentication_classes = []
), which this isn't doing?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes. I haven't jumped into read-only endpoints / auth / cache yet because I wanted to be sure I'm moving in the right direction here before implementing those. If this POC is 👍🏼 -- we can start exploring how to achieve those goals as well.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

By the way, I understand we want auth here because .com will require authentication requests to return the correct data for those private projects.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

By the way, I understand we want auth here because .com will require authentication requests to return the correct data for those private projects.

Yea, looks like we're setting SessionAuthentication explicitly on the Corporate side for the proxied APIs.

ericholscher
ericholscher reviewed Dec 17, 2024
View reviewed changes
readthedocs/proxito/views/hosting.py
@@ -406,36 +354,6 @@ def _v1(self, project, version, build, filename, url, request):

data = {
"api_version": "1",
"projects": {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I worry a little bit about deleting this on deploy, since it will lead to a timing issue between the client & server. I'd probably just add the new fields to the existing API response, so we can test that appraoch without breaking old API clients during deploy?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, it makes sense to deploy everything needed in the backend first without removing the old pattern 👍🏼

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ericholscher ericholscher ericholscher left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@humitos @ericholscher