Andreas/tracks: Tracks is a GTD™ web application, built with Ruby on Rails

Andreas/tracks

Fork 0

mirror of https://github.com/TracksApp/tracks.git synced 2026-01-30 20:55:17 +01:00

Tracks is a GTD™ web application, built with Ruby on Rails https://www.getontracks.org/

getting-things-done gtd productivity rails ruby todo tracks

Find a file

lukemelia 463a61f514 This changeset introduces some integrated web service type features that take advantage of the Rails 1.1 responds_to functionality. It also lays a foundation for future API enhancements. Basically, if you request the /projects, contexts/ or notes/ URLs with a client that specifies that it wants XML, Tracks will return XML. See DHH on the Accept header (http://www.loudthinking.com/arc/000572.html). But there's a wrinkle. The controller actions mapped to these URLs are protected by an authentication filter. In normal use, Tracks redirects an unauthenticated user to the login screen for session-based authentication. I've added a secondary authentication check that looks for a valid username and password coming from HTTP_BASIC authentication. To test out the new functionality, try this: curl -H 'Accept: application/xml' --basic --user YOUR_TRACKS_USERNAME:YOUR_TRACKS_PASSWORD http://localhost:3000/projects/ curl -H 'Accept: application/xml' --basic --user YOUR_TRACKS_USERNAME:YOUR_TRACKS_PASSWORD http://localhost:3000/contexts/ curl -H 'Accept: application/xml' --basic --user YOUR_TRACKS_USERNAME:YOUR_TRACKS_PASSWORD http://localhost:3000/notes/ HTTP_BASIC sends passwords in plain text, so the use of https is encouraged. I haven't tested this on a shared host yet, but Coda Hale, whose simple_http_auth inspired this solution and provided some copy and paste code for it (thanks, Coda!), has some notes about how to make it work in his plugin readme (http://svn.codahale.com/simple_http_auth/README). To wit, putting the following in .htaccess: RewriteRule ^(.*)$ dispatch.fcgi [E=X-HTTP_AUTHORIZATION:%{HTTP:Authorization},QSA,L] My thinking on this architecture is as follows: 1) Follow the spirit of responds_to and DRY to leverage existing controller code for API functionality 2) Get away from using the user token for API interactions. Let's keep it for feeds, so it's basically a "lite" form of security for read-only feeds. 3) Keep Tracks in shape to adopt the simply_restful plugin being developed alongside Rails Edge There's no real new functionality in this release that the existing API didn't provide (except for seeing your notes as XML, and somehow I don't think people are clamoring for that), but this work is an important step to being able to implement the types of API features people have been asking for. While I was at it, I did some refactoring to the login_controller for readability and style. Finally, I replaced the activity indicator graphic to work with the new navigation background color. git-svn-id: http://www.rousette.org.uk/svn/tracks-repos/trunk@251 a4c988fc-2ded-0310-b66e-134b36920a42	2006-06-04 07:07:42 +00:00
tracks	This changeset introduces some integrated web service type features that take advantage	2006-06-04 07:07:42 +00:00

lukemelia 463a61f514 This changeset introduces some integrated web service type features that take advantage

of the Rails 1.1 responds_to functionality. It also lays a foundation for future API
enhancements.

Basically, if you request the /projects, contexts/ or notes/ URLs with a client that specifies that it wants XML, Tracks will return XML. See DHH on the Accept header (http://www.loudthinking.com/arc/000572.html).

But there's a wrinkle. The controller actions mapped to these URLs are protected by an authentication filter. In normal use, Tracks redirects an unauthenticated user to the login screen for session-based authentication.

I've added a secondary authentication check that looks for a valid username and password coming from HTTP_BASIC authentication.

To test out the new functionality, try this:

curl -H 'Accept: application/xml' --basic --user YOUR_TRACKS_USERNAME:YOUR_TRACKS_PASSWORD http://localhost:3000/projects/

curl -H 'Accept: application/xml' --basic --user YOUR_TRACKS_USERNAME:YOUR_TRACKS_PASSWORD http://localhost:3000/contexts/

curl -H 'Accept: application/xml' --basic --user YOUR_TRACKS_USERNAME:YOUR_TRACKS_PASSWORD http://localhost:3000/notes/

HTTP_BASIC sends passwords in plain text, so the use of https is encouraged.

I haven't tested this on a shared host yet, but Coda Hale, whose simple_http_auth inspired this solution and provided some copy and paste code for it (thanks, Coda!), has some notes about how to make it work in his plugin readme (http://svn.codahale.com/simple_http_auth/README). To wit, putting the following in .htaccess:

RewriteRule ^(.*)$ dispatch.fcgi [E=X-HTTP_AUTHORIZATION:%{HTTP:Authorization},QSA,L]

My thinking on this architecture is as follows:

1) Follow the spirit of responds_to and DRY to leverage existing controller code for API functionality
2) Get away from using the user token for API interactions. Let's keep it for feeds, so it's basically a "lite" form of security for read-only feeds.
3) Keep Tracks in shape to adopt the simply_restful plugin being developed alongside Rails Edge

There's no real new functionality in this release that the existing API didn't provide (except for seeing your notes as XML, and somehow I don't think people are clamoring for that), but this work is an important step to being able to implement the types of API features people have been asking for.

While I was at it, I did some refactoring to the login_controller for readability and style.

Finally, I replaced the activity indicator graphic to work with the new navigation background color.

git-svn-id: http://www.rousette.org.uk/svn/tracks-repos/trunk@251 a4c988fc-2ded-0310-b66e-134b36920a42

2006-06-04 07:07:42 +00:00

tracks

This changeset introduces some integrated web service type features that take advantage

2006-06-04 07:07:42 +00:00