I have an app with two separate interfaces. The main one is XMPP, and
most interactions will happen via compliant clients. For instances where
someone's client may not be sufficient, there needs to be a lightweight
web interface. I don't need traditional authentication, as such. Since
there is guaranteed to be a secure stream directly to the user, they'll
just ask the app for a temporary access URL, click on it from their IM
client and make whatever changes they need.
The app currently uses DM/SQLite3, but I've yet to use schemaless
databases in a serious project and think they'd be a good candidate
here, particularly as I grow tired of changing the schema. :) I'm
wondering if CloudKit would work here, but there are some points I need
to understand first.
I see that CK can either be standalone or can run alongside/in front of
other apps. I'm still wrapping my head around the middleware concept.
Let's say my app has users, and each user owns multiple widgets. How do
I use CK for storage while still allowing browsers to view resources? If
for instance I write Sinatra code that accepts the route /users, I can
of course insert that code before or after CK, but I don't see how this
solves my problem. In my tests, calling /users from my browser hands
back json as I'd expect. Is there some way of only triggering CK when
the caller specifically wants json? Or should all my browser-facing
routes include .html?
How do I restrict what records a user sees? If user or widget resources
contain confidential information, obviously I don't want non-owners to
read from or write to another's resources. I'm guessing the answer is
more middleware, but what form does it take, and where does it reside
relative to CK/the app, assuming I want the data available from both the
web view and API to be the same.
Schemaless databases are great for developers, but they seem like a
potential nightmare if the API is opened up. What prevents me as a
malicious user from injecting malicious data into your API? If there's
no schema, could I just do an HTTP POST of the entire human genome into
a field that's supposed to hold a user avatar? :) Or, even better, post
it to a field that doesn't yet exist, just in case the avatar field is
being validated?
I'm sure all these problems have solutions or best practices, they're
just non-obvious to me as my head spins, "Wha? JSON web...appliance?" :)
What I keep looking for are sample CloudKit apps. Maybe a really simple
mailbox? Log in with an OpenID and leave notes for other OpenIDs? It
would be a single view and would make it very clear how to limit
returned results to only records you own, integrate CK into something
like Sinatra, etc. Maybe I'll take a crack at it and post a patch here
if I can figure it out.
OK, I've looked through the website, examples and the resource class,
but I'm still having a hard time wrapping my head around CloudKit's use
in real-world scenarios. Hopefully a specific example will help me
understand.
I have an app with two separate interfaces. The main one is XMPP, and
most interactions will happen via compliant clients. For instances where
someone's client may not be sufficient, there needs to be a lightweight
web interface. I don't need traditional authentication, as such. Since
there is guaranteed to be a secure stream directly to the user, they'll
just ask the app for a temporary access URL, click on it from their IM
client and make whatever changes they need.
The app currently uses DM/SQLite3, but I've yet to use schemaless
databases in a serious project and think they'd be a good candidate
here, particularly as I grow tired of changing the schema. :) I'm
wondering if CloudKit would work here, but there are some points I need
to understand first.
I see that CK can either be standalone or can run alongside/in front of
other apps. I'm still wrapping my head around the middleware concept.
Let's say my app has users, and each user owns multiple widgets. How do
I use CK for storage while still allowing browsers to view resources? If
for instance I write Sinatra code that accepts the route /users, I can
of course insert that code before or after CK, but I don't see how this
solves my problem. In my tests, calling /users from my browser hands
back json as I'd expect. Is there some way of only triggering CK when
the caller specifically wants json? Or should all my browser-facing
routes include .html?
How do I restrict what records a user sees? If user or widget resources
contain confidential information, obviously I don't want non-owners to
read from or write to another's resources. I'm guessing the answer is
more middleware, but what form does it take, and where does it reside
relative to CK/the app, assuming I want the data available from both the
web view and API to be the same.
Schemaless databases are great for developers, but they seem like a
potential nightmare if the API is opened up. What prevents me as a
malicious user from injecting malicious data into your API? If there's
no schema, could I just do an HTTP POST of the entire human genome into
a field that's supposed to hold a user avatar? :) Or, even better, post
it to a field that doesn't yet exist, just in case the avatar field is
being validated?
I'm sure all these problems have solutions or best practices, they're
just non-obvious to me as my head spins, "Wha? JSON web...appliance?" :)
What I keep looking for are sample CloudKit apps. Maybe a really simple
mailbox? Log in with an OpenID and leave notes for other OpenIDs? It
would be a single view and would make it very clear how to limit
returned results to only records you own, integrate CK into something
like Sinatra, etc. Maybe I'll take a crack at it and post a patch here
if I can figure it out.
The only solid way to augment CloudKit at the moment is to create middleware that matches the desired route and then performs an action before or after the downstream JSON is fetched or updated. If you are new to Rack middleware, I can put together a quick example to demonstrate the technique.-JonOn Mon, Aug 31, 2009 at 3:02 AM, Nicholas Orr <nichol...@zxgen.net> wrote:
I've discovered CloudKit while figuring out how I get at a json
encoded request body.
My app is a pdf generator written in sinatra.
Write a "report" in haml/sass and merge that "report" with data (json
encoded post body), the result is a professional looking pdf with
images complex layout's etc. I use this app with 3 other apps at the
moment, instead of creating a lib or coding the same function 3 times
I've simply extracted this functionality into a http web service. 2 of
these apps are merb, other is C++ .Net (which currently uses crystal
reports which takes 5mins to generate a pdf and my tool takes
2-3secs...)
Looking at CloudKit I see useful bits in it like oatuh, openid, rest.
I can see how packaging my "reports" up into resources provided by
CloudKit would work very nicely.
What I don't get is how then I interact with my sinatra app's generate
a pdf method based on an object from the CloudKit "report" resource.
Any pointers?
Thanks,
Nick