Skip to content
This repository has been archived by the owner on May 9, 2019. It is now read-only.

[Suggestions for improvement] User Service #71

Open
botekchristophe opened this issue Apr 2, 2018 · 5 comments
Open

[Suggestions for improvement] User Service #71

botekchristophe opened this issue Apr 2, 2018 · 5 comments

Comments

@botekchristophe
Copy link

Hi everyone,

I would like to refactor the user service and add a couple of features. Most of it will be inspired by the online-auction-java and specificaly from their service descriptor:
https://github.com/lagom/online-auction-java/blob/master/user-api/src/main/java/com/example/auction/user/api/UserService.java
As you can see, the java versions is supporting a registration process, a login endpoint as well as a Read side support.

I'll submit several PRs this week in order to make the user-service support those.

If you have any other suggestions for this service, let me know.

Chris

@ignasi35
Copy link
Contributor

ignasi35 commented Apr 3, 2018

Hey @botekchristophe, thanks for stepping up and contribute!

The UserService could use some love to implement, for example, login but maybe you could take advantage of the situation and suggest a different approach than what's implemented in online-auction-java. The implementation there has some limitations (won't allow changing a user's username for example) and maybe we can find small alternatives.

@botekchristophe
Copy link
Author

botekchristophe commented Apr 3, 2018

Idealy, the user-service and the authentication could be separated. What about starting with implementing basic CRUD and auth:

UserRequest(email: String, password: String)
UserUpdate(username: Option[String] = None, email: Option[String] = None)
User(id: UUID, username: String, email: String, salted_hashed_pwd: String, salt: String) // in Cassandra
UserResponse(id: UUID, email: String, username: Option[String] = None)
AuthRequest(username: String, password: String)
AuthResponse(access_token: String, expiry: Int, refresh_token: String ?)

The service could look like that:

override final def descriptor: Descriptor = {
    import Service._
    import com.lightbend.lagom.scaladsl.api.transport.Method

    named("user").withCalls(
      // user CRUD part
      restCall(Method.GET, "/api/user", getUsers _),
      restCall(Method.GET, "/api/user/:id", getUser _),
      restCall(Method.POST, "/api/user", createUser _),
      restCall(Method.PUT, "/api/user/:id", updateUser _),
      restCall(Method.DELETE, "/api/user/:id", deleteUser _),
      // auth service part
      restCall(Method.POST, "/api/user/token/grant", userLogin _),  // return AuthResponse
      restCall(Method.POST, "/api/user/token/refresh", userRefreshToken _), //return AuthResponse
      restCall(Method.POST, "/api/user/token/revoke",  userLogout _),  // return http 202 Accepted
      restCall(Method.GET, "/api/user/token/info", userInfo _), // return UserResponse
    )
}

What do you think ? @ignasi35

@ignasi35
Copy link
Contributor

ignasi35 commented Apr 4, 2018

Left some comment on the PR already. Let me think about token management. It's process that's a bit hairy and we'd better think whether it's material we want to add on a demo application.

@ryanhanks
Copy link
Contributor

Where is this PR?

@ignasi35
Copy link
Contributor

ignasi35 commented Mar 4, 2019

There was some work in #75 but it never made it across the line.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Development

No branches or pull requests

4 participants