Quick overview on my scope of assignment 3:
1. Build backend, organize database
2. Open up API for the front end to consume
3. Deploy both front and back ends
4. Handle HTTPS setup, certificates, and CORS policies
5. Handle User authentication
1. Trivial. Done plenty of times, no different doing this again
2. Mildly more challenging. Just trying to think of what should and should not be returned as JSON. Like obviously I don't return everyone's oauth tokens when someone calls /api/users... But of course we want to return a decent amount of associations (esp the commonly used ones), yet not overload the caller with information
3. Deployment for back-end was pretty carefree, as it was a familiar process. Front end was rather surprisingly easy as I reverse-engineered what I did for the front. Success here!
4. HTTPS setup: Amazingly simple thanks to Let's Encrypt's integration with Apache, the only hiccup was setting server names and calling the server name rather than by IP. Almost seamless. CORS was however a headache, as matching all the stuff between Rails and Angular on separate hosts wasn't so simple. I suggest using rack-cors, and opening up the 'OPTIONS' method (wow I really learnt something here - this isn't very widespread, but it's necessary for Angular's $http!)
5. User auth was the real pain. Devise recommends devise_token_auth. Given the credibility of Devise I kinda believed them... Only to end up not using their OAuth integration (cos it was full of problems), and right at the end, realizing that this thing has way more issues like concurrency issues, plus the fact that it's not really token-based authentication. On much-later thoughts, shouldn't have used this gem.
The nice thing about A3 was the time - really managed to write tests (which saved me a couple of times here and there), even got a little spare time to set up coverage and CI tools. Though the test coverage isn't really impressive, that little bit does help with peace of mind. Strongly encourage writing tests for 3216 and writing smaller applications - be a little less ambitious and be a little safer. Compared to A1, this was really a rather more chill project.
Code for the backend is available here: http://github.com/wishpool-3216/wishpool-backend
What... many people find A3 harder and more time consuming than A1 but you are the other way round. I do think that your A1 had too large a scope/too many features that only marginally helped in increasing the value of the product. Your A3 is more focused and robust (:
ReplyDelete