Another day of work and now I think I can safely make this teeny tiny API public.
Basically, mabel expects that all requests sent to it will have a special header field. The value of this header field will be pulled from the http request object and checked against a persistent store of known header fields.
If the request doesn't have the special header field, the value of the special field isn't valid, the value isn't found in the persistent store or the value is found but access should not be granted, the api will return a 401 HTTP response.
Unless of course the api endpoint is intended to be public. Then mabel doesn't care whether you're authenticated or not.
The most difficult part of adding this bit of functionality was boiling the tangle of ideas I started with this morning into a discrete set of cases that I could implement in the code in a way that didn't make me squint my eyes with suspicion as I wrote it.
Just like I wish I had a Dev-Ops expert to farm out the details of that work, I also wish I had someone I could pass this to for code review. I think the code I wrote is okay, but I do feel a little weird about it. Like there's probably a better or more concise way to do what I set out to accomplish.
Oh well.
Tomorrow I'm going to write unit tests using whatever the most up-to-date version of php-unit is.
Then I'm going to put this up on my little nano server in AWS and switch over to FINALLY attempting to build something in Unity.
No comments:
Post a Comment