This service provides a REST API for manipulating posts and tags.
API schema:
GET /ping
Check if service is alive.POST /posts
Create new post.GET /posts
Get all posts. Can be filtered bytag
.GET /posts/count
Get all posts count. Can be filtered bytag
.GET /posts/{post}
Get post by id.PATCH /posts/{post}
Update post.POST /posts/{post}/tags/{tag}
Attach tag to post.DELETE /posts/{post}/tags/{tag}
Remove tag from post.DELETE /posts/{post}
Delete post.
There'is plenty of autogenerated or boilerplate code, so it might be usefull to point out some significat parts that might be of interest. Here they are.
app/Post.php
app/Exceptions/Handler.php
routes/api.php
tests/api/PostsCept.php
It might be convenient to read the commit diffs. Each commit is small (except a few initial ones) and focused on a single feature.
One could also run tests with the following command (don't forget to run migrations and install composer deps first).
composer exec codecept run
Service is build upon Laravel framework. When in doubt, consult with the docs.
Clone the repo and switch to the created folder.
git clone https://github.com/sameoldmadness/blog-rest-api.git
cd blog-rest-api
Copy .env.example
to .env
.
cp .env.example .env
Set the following variables in .env
.
MAILGUN_DOMAIN
,MAILGUN_SECRET
Mailgun credentialsMAIL_ADMIN
A recipient for "Post created" emails
Set an application key.
php artisan key:generate
Install VirtualBox and Vagrant.
Run vagrant box.
vagrant up
Run migrations on this box.
vagrant ssh
cd blog-rest-api
php artisan make
exit
The service uses queues for async email sending. A queue can be started manually.
vagrant ssh
cd blog-rest-api
php artisan queue:work
exit
Add the following line to /etc/hosts
.
192.168.10.10 homestead.app
API should be availble on URL http://homestead.app/api/v1
.
There still a lot of work to be done.
- Start queue with Supervisor
- Set up CI
- Run tests before deploy
- Set up linting and code quality tools
- Test emails/caching
- Disable email reports for test/local environments
- Test for invalid input
- Split PostsCept into separate files
- Make tests independent
- Get rid of magic constants (cache ttl, api prefix)
- Move coordination logic from router to controllers
tags
are stored in mysql field with typeJSON
. SeeEXPLAIN
for search queries. Compare performance with normalized database and NOSQL storage.- Cache is not configured, may fiddle with size/ttl/key structure.
- API parameters validation is not implemented by any means. Should be.
- Error messages are hidden in production, but are not logged. Should be.
- It might be an SQL injection somewhere near
JSON_CONTAINS
clause. Needs attention.
MIT.