Introducing the SAFE API library for web-apps + ReactJS helpers + demo app

Apps
21

The API now includes ability to DELETE objects, its documentation has been updated, and the demo app allows deleting submitted posts to reflect this (allows deleting submitted posts).

Moving forward, there are a few major things I want to tackle:

  1. User-supplied models that provide the following:

    • Data validation: every app has set rules on what its data should look like. If an object contains a name field, for example, it expects it to be a string of a certain length, and NOT an integer or array. In SAFE, anybody can upload any data they want, so client-side data validation must be included in the app to prevent breakage. Task: create an easy way for the dev to set rules for their data. If rules are not met, then either use some defaults, or remove the object entirely. The dev will have a guarantee that the object returned from the API will follow the applicationā€™s rules, even if a nefarious user tries to cause trouble.

  • Data versioning: Object schemas change over time: a string field may eventually become an array field to allow multiple options. The developer cannot go and change all existing data to reflect this change, so his app needs to be smart and maintain backwards compatibility for every single object schema change. Over time, this can lead to massive headaches and spaghetti code in order to make sure old data is supported. Task: introduce versioning for models. Every object PUT to the network should have an integer version number. Upon fetching it, if the model detects that the version number is not the latest one, it incrementally modifies its data using the modelā€™s set rules until it matches the rules of the latest version. Should make app development much easier knowing that even old data on the network will be returned using the latest schemas. This allows newer code to read older data, but not vice versa. Bonus: if the requester of the data is also the data owner, automatically UPDATE the object on the network so that the same version processing wonā€™t be required in the future. With Structured Data this will be free.

  • Custom Methods: allow setting user-defined methods on the model that act as helpers. As a basic example, a fullName() helper method could concatenate an objectā€™s first_name and last_name fields and then return the result.

  1. Look into the use cases of structured data, immutable data, and NFS, and change the API to use the appropriate one where necessary. Emulate the behavior of structured data, immutable data, and NFS data on Firebase. Alter behavior of collections to reflect this. Iā€™m still researching all of these different data types, but itā€™s a bit hard to figure out what the best use cases for different scenarios are, including for immutable objects that have their keys set as the hash of the content, and not a predefined key, as is currently used in the JS api. My discussions with @Seneca have shed some light on the usage of SD, but the rest is still unclear. If @Krishna_Kumar or any of the devs wish to shed any light, that would be immensely helpful!

I will start creating RFCs on github this week with detailed implementation plans.

6 Likes
22

I want to bump this since now weā€™re really close to MVP.

Instead of using json, could we use toml? I think toml is a lot better, efficient, and cleaner than json. Not only that, this will allow any human to write toml without fears. The program will do the rest.

3 Likes
23

Can you please clarify exactly what you want to be written in toml? Toml is for human readable/writable settings for an application, and I donā€™t really have any in the repos I shared. Just a couple of settings currently for admin and firebaseApp values. Even assuming I add some more config options to the api, is it really worth introducing a new parser library for so few options?

1 Like
24

Take a look at the code and tell me why nobody should be using it.

The reason why I would like to use toml is because it allows business to use toml to build straight forward applications such as 3rd party food stamp.

[package]
name = "3rd party food stamp"
version = "1.0"

[Safe.Produce]
name = "banana"
sku = "567483"

When a person scans the sku, it pops up saying it is safe to consume because the 3rd party approved it by typing it down. If you scan the sku and it is not in the list, then it is not safe to consume!

Another ideaā€¦ Decentralize ID system. I am working on this, btw. Which will be very useful for all applications.

[ID]
name = "Grizmoblust"
DOY = 01/01/1900

[social]
facebook = insert url here
khanacademy = insert url here
businesshere = insert url here

[social.businesshere]
reputation = "0.2"

[3rdpartyfoodstamp]
version = "1.0"

Here you see social.businesshere. It links to the businesshere website, and obtain the info and put into the reputation slot. It is immutable data so it cannot be modified. If one were to modified, itā€™ll be erased and replace with actual data.

That is an idea how easy it is for business to type it down, and release it without having to write the entire program.

25

Hey Grizmo,

Oh I hope I didnā€™t make it seem like itā€™s a bad language. It looks quite good actually. Iā€™m just not understanding your use case or how it will be beneficial to use it for the API. Iā€™d like some more clarification, please.

The API is specifically to create javascript applications. As such, you would be programmatically adding and retrieving dataā€“it wouldnā€™t be done by a human running a business. In order for an application to make use of the data, it has to turn it into a javascript object, for example. At this point it doesnā€™t matter what the store looked like. But if using JSON, it would be a simple built-in JSON.parse(string) or JSON.stringify(obj).

What Iā€™m trying to get at, is displaying or using data is almost never done by dumping the data as is.

Same thing here as above. If a business doesnā€™t want to do something using custom-build software (e.g. using the JS api) they can just upload text files as-is to their drive, in TOML if they prefer.

From this page about TOML:

TOML stands for Tomā€™s Own Minimal Language. It is a configuration language vaguely similar to YAML (emphasis mine)

1 Like
26

I just submitted a proposal for basic model functionality here:

I will write up the validation and versioning proposals next. If anyone has any ideas or comments, please share!

5 Likes
27

@eblanshey what is the status on using this to talk to the safe_launcher released yesterday?

2 Likes
28

Forgot to mention that yesterday in my update. Iā€™m currently trying to figure out how and when to use each of the different types of data on SAFE in order to implement it into the API ASAP. This is a top priority for me, and I will create another proposal on GitHub before starting to work on the changes.

4 Likes
29

I just wrote up the proposal for entity validation and versioning, which is, in my opinion, an absolute must-have feature for apps on the SAFE network. Comments and feedback are greatly appreciated.

1 Like
30

Is this project still under development? If it is I think it should be updated to take the recent updates and releases of information into account. Also clarification in the documentation would be good too. It seems to be written for one at a higher coding skill than I. And a few illistrations as to the logic of the api and how the whole system worked wouldnā€™t hurt either.

1 Like
31

Yessir, still under development. Iā€™ve been discussing the API and app structure with a dev, as itā€™s all not entirely clear how collaborative apps would work. Non-collaborative websites, however, such as personal blogs, or any site where only the admin can add data and other users only read it, are pretty straight forward, so I am considering building out the API to first support those kinds of apps only. Collaborative app capabilities can be added later.

I am also working on the code that provides the model functionality I described above. Rest assured, the documentation will be a top priority of mine once any SAFE-related functionality is implemented.

If any devs want to discuss and share ideas on how collaborative apps will be structured using SAFE, please send me a PM! I will also start a thread where this can be publicly discussed.

5 Likes
32

Thatā€™s the 4 billion Safecoin question SAFEpress is grappling with :slight_smile:

1 Like
33

Something I still havenā€™t grasped about this, though Iā€™m told the current launcher API provides for it is how SAFE launcher supports URLs that serve dynamic websites.

For example, a URL like domain.tld/post?id=234 is a typical URL for a CMS based website such as a blog. Everything before the ā€œ?ā€ indicates the ā€œtemplateā€ and style of the request (i.e the website / server and the html to access from the server) and everything after the ā€œ?ā€ is a parameter/value pair which in this case indicates the particular blog post content to be displayed using the html template.

Can anyone explain how this will be achieved when retrieving web content from SAFEnetwork? @Krishna_Kumar tried to explain in comments on the RFC but I confess I didnā€™t understand and didnā€™t want to interfere to much with his work in getting things out there when my need was not urgent. Has anyone got their head around this? :slight_smile:

1 Like
34

I havenā€™t looked much into this thread, so Iā€™m not sure how relevant this is here.

If itā€™s a .safenet link, the URL is sent to the Launcher (well, the proxy itā€™s running), and Iā€™m not sure how it resolves URLs to SAFE objects, but I think it should return the same object regardless the query string (the part after the ?). The page can have JavaScript that can do whatever it wants; it can check the query string, for example, then load the referenced article. When you click on a link, it doesnā€™t even have to navigate away, it can just update the location via the History API and run whatever code it needs to, but it gives you a unique link to bookmark or share the ā€œcurrent pageā€ (which is really just the same code (e.g. an Immutable Object), no matter the query string!)

2 Likes
35

@Tim87:

If itā€™s a .safenet link, the URL is sent to the Launcher (well, the proxy itā€™s running), and Iā€™m not sure how it resolves URLs to SAFE objects, but I think it should return the same object regardless the query string (the part after the ?).

Yes, this is the point at issue - that is what we understand, except that Iā€™ve asked how this is to be supported (in comments on the RFC) and @Krishna_Kumar has assured me that this form of URL is supported - I just donā€™t yet understand how based on what is in the launcher RFC.

The problem is that the complete URL (including the ? and what follows) is a valid SAFE address. So to do the above would mean that the launcher could not retrieve a URL that looks like a query string (e.g contains ā€œ?post=ā€) but which isnā€™t!

So apps may need to take account of this and, for example, make sure they donā€™t have ā€œ?ā€ in SAFE addresses. What about in filenames? Do you see the issue? What other reserved characters might there be? Etc. None of this is clear to me yet.

That may indeed be the actual behavior, but Iā€™m not clear if it is, and if it is desirable it not.

I hope Iā€™ve explained that well enough :slight_smile:

1 Like
36

Your proxy URL is literally translated from http://FOO.BAR.safenet/BAZ to http://localhost:8100/dns/FOO/BAR/BAZ (go ahead, try it in your browser). If there is a query string, it is ignored by the DNSā€™s getFile HTTP API call (which is what /dns/WHATEVER is). Javascript can easily inspect this string and do something dynamic on it. Also, you can use URL fragments (i.e. following a #) which can be considered sometimes safer because it is not sent back server side. You can also use the HTML5 history API to dynamically alter the URL without forcing a reload. So if someone clicks on something, you can change your page inline and add a query string (that does not force a reload), but if they did refresh, that query string would be in there (same w/ URL fragments which is preferred if you are only doing client-side processing of the data).

7 Likes
37

Um, thatā€™s not entirely true. Just donā€™t name query params offset or length :slight_smile:

38

@cretz got it right. The JS app will take care of reading the parameters from the URL. The URL fragments is probably the best way to go since everything after the ā€œ#ā€ is not sent to serverā€“itā€™s for the browser only.

You can check out the demo app I posted in the original post. If you click on an app, or login, or any link, youā€™ll see the hash followed by the routing URL. Youā€™ll see that the actual URL never changes away from http://eblanshey.github.io/safe-demo/ ā€“ only the hash changes, and the app loads whatever information it needs depending on what is found there. Itā€™s all client side.

3 Likes
39

This is looking like the behavior, but I want to be sure.

It also raises the issue of a page loading, then accessing the query string, and making a second request to retrieve the page content. This means things happen sequentially, and it remains to be seen, but if latency is slow, it might make SAFE websites look very slow compared to www which we donā€™t want.

40

It depends on the speed of the network. Iā€™m sure you have no issues with this Discourse forum, but youā€™ll see theyā€™re doing the same thing. Theyā€™re changing the URL dynamically on the frontend and loading everything via AJAX behind the scenes. When you click a topic from the main forum, for example, it only loads the data required for the topic. The header, notifications, etc, stays the same.

Edit: although Iā€™ll point out that the initial forum load DOES generate the initial page server-side, but that wonā€™t be possible with SAFE. At least not until we get server-side processing from within the network.

3 Likes