feat(frontend): implement project-based routing #13474
Conversation
mariusandra
changed the title
|
@benjackwhite I added the changes into kea-router, and a todo list to the top of the PR. |
Super cool. If you haven't done it by the new year I will be happy to take on that TODO list when I'm back 😉 |
… kea-router-projects
… kea-router-projects
|
Size Change: +667 B (0%) Total Size: 2 MB ℹ️ View Unchanged
|
|
Size Change: +5.98 kB (0%) Total Size: 2 MB
|
|
Size Change: +5.98 kB (0%) Total Size: 2 MB
|
|
Size Change: +5.98 kB (0%) Total Size: 2 MB
|
|
Size Change: +5.98 kB (0%) Total Size: 2 MB
|
There was a problem hiding this comment.
The only remaining issue that I can see is the choice of project id vs short_id
Hard to decide if this is worth doing now. If we do it later we would need to back support converting an ID to a short_id (probably not too hard, just another part of the AutoProjectMiddleware's job - if it is a number, look it up and redirect to the short_id version).
The tricky bit will be the conversion throughout the project to use short_id. If we only do it for the URL, then the question is have we actually gained anything given you can easily find out your own projectId via the api or settings.
If we fully convert to it, then we have a lot of complexity in the code as we will be constantly swapping from the short_id version to the real ID given it is used as the reference pretty much all of the time.
We could do it just for the URL now which at least makes it way less obvious.
@mariusandra you wrote the original PR mentioning increment-based attacks. Any thoughts?
|
I personally think it's fine. Wore case: You can learn exactly how many teams we have and our growth by periodically making new teams and calculating the delta in between. Counter: Were transparent enough that we'll probably tell you if you ask or read James's tweets 🤷 Plus, indeed, hiding it completely is going to be a huge undertaking, and even then you can use other proxies (e.g. feature flag id-s, etc) I played around and it seems to work. I'm happy to just merge it in, and if there are any errors that we missed, fix them as they come up. |
|
I really like this, though I'm still gonna advocate for using |
|
This issue has 2009 words at 48 comments. Issues this long are hard to read or contribute to, and tend to take very long to reach a conclusion. Instead, why not:
Is this issue intended to be sprawling? Consider adding label |
The question I guess is why would we need it? You have to be in the org to access the team. The downside is that we then have an even longer URL and have to handle cases such as the org id being different to the team ID. Essentially the team "slug" (id) is both org and team. If you click a link to a project in a different org you are swapped to that team and organization so we have all the functionality without any additional complexity. |
|
Size Change: +5.96 kB (0%) Total Size: 2 MB
|
There was a problem hiding this comment.
/organization/billing would benefit from this directly, but it's true that otherwise auto-switching would not be aided by use of the organization slug instead of project. I think the actual benefit is in the URLs being more obvious. With just the project ID in there, we achieve auto-switching, which is the most important thing – but the project ID is totally opaque, so the URL isn't actually more readable. This article: "Examples of Great URL Design", is an interesting read on the topic of making URLs a good experience in themselves.
But there are two problems to be solved: 1. what you mentioned about org slug and project ID mismatches 2. potential collisions of slugs with scenes from the legacy system.
So let's just ship this now.
|
Size Change: +667 B (0%) Total Size: 2 MB ℹ️ View Unchanged
|
Problem
Alternative to #13453
Changes
/project/:idin front of the URLgetCurrentTeamId()is not mockedLinkdetects urls in other projects and forces a full reloadTODO
Out of scope:
current_teamand always use the team ID in URLs --> out of scope? what's missing?How did you test this code?