Below are the requirements/suggestions for a deployed data strcutures project. Currently, we have almost deployed but need to figure out how to get torch running (since it takes a million years to install)
JavaScript Fetch, URI:
The project must manage the switch between development and deployment URI access for frontend requests. This is achieved by including the assets/js/config.js file in the teacher_portfolio project. This file should be referenced whenever a URL endpoint fetch is performed.
JavaScript Fetch, Credentials, and Cookies:
The project’s APIs must consistently handle authorization options. This involves setting the fetch mode to ‘cors’ and including credentials in the fetch options. This setup enables cookies to be passed between the frontend and backend during requests, facilitating user authentication and session management. These options are defined by including the assets/js/config.js as well.
Nginx, Credentials, and Cookies:
For deployment and cookie handling, the project’s authorization credentials need to be defined in the Nginx configuration. This is done by setting the Access-Control-Allow-Credentials directive in the /etc/nginx/sites-available application configuration file.
Nginx and CORS:
For deployment, CORS policies need to be configured in Nginx. This involves setting the Access-Control-Allow-Origin directive in the /etc/nginx/sites-available application configuration file.
Nginx and HTTP Methods:
For deployment, the HTTP methods (GET, POST, PUT, DELETE) that the application uses need to be allowed in the Nginx configuration. This is done by setting the Access-Control-Allow-Method directive in the /etc/nginx/sites-available application configuration file.
Python, CORS:
For both localhost development and deployment, the project needs to consider Cross-Origin Resource Sharing (CORS). The CORS policies should be built into the Python code, specifically in your init.py file. This setup allows the necessary access between your frontend and backend, supporting both development and deployment environments. Note, remove similar code from main.py if you picked up an old version from Teacher.
Python, instance data:
In your init.py file, you need to configure the settings for your database and uploads. These settings should ensure that data and files persist outside of the Docker container. If not correctly configured, any data stored in the database or any files uploaded will be lost when the Docker container is stopped.
Python, authentication and authorization:
In this implementation, the decorator @token_required is used to guard HTTP endpoints. This uses the allowed credentials which send the cookie to the application. The application unwraps the cookie and uses the user id to query and return the user object from the database. The user object can be used in the application logic of the API to identify the request to the owner.
Python, CSRF:
When deploying your server, it’s crucial to manage secret keys for CSRF (Cross-Site Request Forgery) init.py file. This secret key is used to generate unique tokens that help protect your application against CSRF attacks.
Certbot, HTTPS:
For deployment security, using HTTPS is crucial to prevent sensitive information from being intercepted over the internet. Certbot is the tool of choice used in this project to automate the process of obtaining and installing SSL/TLS certificates. Running sudo certbot –nginx will modify the Nginx configuration to redirect HTTP requests to HTTPS, enhancing the security of your application. It’s important to note that this step is vital for maintaining the integrity and confidentiality of data in transit. Always verify the configuration change after running the command.