Re: Tech stack for Python aurweb

2020-06-03 Thread Baptiste Jonglez 
Hi,

On 02-06-20, Lukas Fleischer wrote:
> One thing I should have clarified much more in my first email in this
> thread is that this is part of a dual stack solution, with most of the
> code still being written in PHP and only specific pages being handled by
> the new framework. Everything we do (including database access, user and
> session management, ...) must be fully compatible with our PHP
> implementation, hence we would almost certainly not be able to use any
> of the more sophisticated features that these more comprehensive
> frameworks provide.

Right, I had not understood this would be such a strong design constraint.
In that case, yes, Django is clearly out of the loop.

I understand the advantages of a gradual rollout.  However there's a risk
that the new code can end up being inconsistent, with possible security
impacts.  You will have to really double-check any code related to
authentication, autorization, privilege, permissions, etc.

"Heavyweight" frameworks usually take care of that for you in a consistent
way, but here you will be mostly on your own.

> As you may have noticed from some of the patches submitted to the ML, we
> decided to use FastAPI over Flask.

Indeed, I didn't know FastAPI.  It looks like a more fancy/modern Flask,
which is a good sign.

Baptiste


signature.asc
Description: PGP signature

Re: Tech stack for Python aurweb

2020-06-02 Thread Baptiste Jonglez 
Hi,

While I don't plan to work on the new AUR, I have experience with both
Flask and Django.

I generally don't like the kind of comments that go "it would be nicer if
you do X and Y" from people that won't actually participate, but I still
feel it's relevant:

On 24-05-20, Ricardo Band wrote:
> I'm a python programmer for a while now and I really like the small
> size and simplicity of Flask. But let me give you one advice here.
> If you're dealing with a more complex application Flask tends to become
> more complex and very hard to manage. All of a sudden you integrate
> about 10 Flask addons. Some of them are not well maintained. Some
> droppen support for others etc.
> You have to manage all those dependencies.
> 
> Personally I prefer Django in more complex projects as it comes with
> everything included. You rarely have to add something to your
> dependencies.

I completely agree with this.

Flask is fantastic for simple projects.  But once you start adding users,
authentication, an admin panel, command-line scripts, and so on, it
quickly becomes a mess.  Django is much more structured, which is a big
advantage for complex projects.

Regarding databases and migrations, Django is much nicer to work with than
SQLAlchemy / Flask-SQLAlchemy.  For instance, with Flask-SQLAlchemy I've
had serious consistency issues between PostgreSQL and Sqlite, something
that I had never seen with Django.

Also, the Flask ecosystem is not exactly bustling with activity.  On the
positive side, this is because things are remarkably stable and working as
intended.  On the negative side, it means some amount of bit-rot and
unmaintained projects, although it's clearly not to the point of complete
disrepair.

> My personal rule of thumb is to use Flask for everything simple. When
> users are involved it immediatly becomes complex and I switch to
> Django.

Very nice rule of thumb indeed!

> So for example a small API without user database is good job for flask.
> A blog like app where I have to deal with users, registrations etc is a
> good job for Django.

With all that being said, if the people that will be developping the new
AUR don't know anything about Django, it would mean investing time to
learn Django.

Baptiste


signature.asc
Description: PGP signature

Re: [PATCH] Add missing instruction for testing aurweb with a sqlite database

2018-01-28 Thread Baptiste Jonglez 
On 28-01-18, Eli Schwartz wrote:
> On 01/28/2018 04:48 PM, Baptiste Jonglez wrote:
> > From: Baptiste Jonglez <g...@bitsofnetworks.org>
> > 
> > Also clarify what to change in the configuration.
> There is already another patch that does this in the pu branch,
> submitted 3 weeks ago and merged on Friday.

Good point, I hadn't seen that patch/branch.

Regarding the content of this patch, it simply mentions to edit "php.ini",
while it would be clearer to talk about /etc/php/php.ini (at least for the
TESTING doc).

Baptiste


signature.asc
Description: PGP signature

Re: [PATCH] [RFC] Allow to search packages by "*depends" fields

2018-01-28 Thread Baptiste Jonglez 
Hi Lukas,

Thanks for the positive feedback!

On 28-01-18, Lukas Fleischer wrote:
> I like the overall idea and given the implementation is pretty simple
> and straightforward, I do not see anything speaking against it.

Actually, there was a mistake in the code I sent: the additional SQL JOIN
causes the RPC to return duplicate results for the other types of search
(name, name-desc and maintainer).  Unfortunately, this makes the new code
less straightforward.

I have sent a new patch, can you please review the updated part?

> The documentation definitely needs to be updated, preferably in the same
> patch.

Done in the new patch.

> > @@ -407,6 +412,15 @@ class AurJSON {
> > $keyword_string = 
> > $this->dbh->quote($keyword_string);
> > $where_condition = "Users.Username = 
> > $keyword_string ";
> > }
> > +   } else if ($search_by === 'depends' || $search_by === 
> > 'makedepends' || $search_by === 'checkdepends' || $search_by === 
> > 'optdepends') {
> 
> This can be written in a more compact way, using in_array().

Updated in the new patch.

> Everything else looks good to me!

Thanks!
Baptiste


signature.asc
Description: PGP signature

[PATCH] RPC: Allow to search packages by "*depends" fields

2018-01-28 Thread Baptiste Jonglez 
From: Baptiste Jonglez <g...@bitsofnetworks.org>

It is now possible to search for packages that depend on a given package,
for instance:

/rpc/?v=5=search=depends=ocaml

It is similarly possible to match on "makedepends", "checkdepends" and
"optdepends".

Signed-off-by: Baptiste Jonglez <g...@bitsofnetworks.org>
---
 doc/rpc.txt   |  8 +++-
 web/lib/aurjson.class.php | 33 +
 2 files changed, 36 insertions(+), 5 deletions(-)

diff --git a/doc/rpc.txt b/doc/rpc.txt
index f353ff0..3148ebe 100644
--- a/doc/rpc.txt
+++ b/doc/rpc.txt
@@ -11,6 +11,10 @@ search argument and _field_ is one of the following values:
 * `name` (search by package name only)
 * `name-desc` (search by package name and description)
 * `maintainer` (search by package maintainer)
+* `depends` (search for packages that depend on _keywords_)
+* `makedepends` (search for packages that makedepend on _keywords_)
+* `optdepends` (search for packages that optdepend on _keywords_)
+* `checkdepends` (search for packages that checkdepend on _keywords_)
 
 The _by_ parameter can be skipped and defaults to `name-desc`.
 
@@ -30,7 +34,9 @@ Examples
 `search`::
   `/rpc/?v=5=search=foobar`
 `search` by maintainer::
-  `/rpc/?v=5=search_by=maintainer=john`
+  `/rpc/?v=5=search=maintainer=john`
+`search` packages that have _boost_ as `makedepends`::
+  `/rpc/?v=5=search=makedepends=boost`
 `search` with callback::
   `/rpc/?v=5=search=foobar=jsonp1192244621103`
 `info`::
diff --git a/web/lib/aurjson.class.php b/web/lib/aurjson.class.php
index 9eeaafd..30bdc89 100644
--- a/web/lib/aurjson.class.php
+++ b/web/lib/aurjson.class.php
@@ -17,7 +17,8 @@ class AurJSON {
'suggest-pkgbase', 'get-comment-form'
);
private static $exposed_fields = array(
-   'name', 'name-desc', 'maintainer'
+   'name', 'name-desc', 'maintainer',
+   'depends', 'makedepends', 'checkdepends', 'optdepends'
);
private static $fields_v1 = array(
'Packages.ID', 'Packages.Name',
@@ -243,16 +244,27 @@ class AurJSON {
 
/*
 * Retrieve package information (used in info, multiinfo, search and
-* msearch requests).
+* depends requests).
 *
 * @param $type The request type.
 * @param $where_condition An SQL WHERE-condition to filter packages.
+* @param $join_depends Whether to add a SQL JOIN on the PackageDepends 
table.
+*It will produce duplicate packages unless $where_condition 
filters
+*the result appropriately.
 *
 * @return mixed Returns an array of package matches.
 */
-   private function process_query($type, $where_condition) {
+   private function process_query($type, $where_condition, 
$join_depends=false) {
$max_results = config_get_int('options', 'max_rpc_results');
 
+   $additional_joins = "";
+   if ($join_depends) {
+   $additional_joins .= "LEFT JOIN PackageDepends " .
+   "ON Packages.ID = 
PackageDepends.PackageID " .
+   "LEFT JOIN DependencyTypes " .
+   "ON PackageDepends.DepTypeID = 
DependencyTypes.ID";
+   }
+
if ($this->version == 1) {
$fields = implode(',', self::$fields_v1);
$query = "SELECT {$fields} " .
@@ -264,6 +276,7 @@ class AurJSON {
"ON PackageLicenses.PackageID = Packages.ID " .
"LEFT JOIN Licenses " .
"ON Licenses.ID = PackageLicenses.LicenseID " .
+   "${additional_joins} " .
"WHERE ${where_condition} " .
"AND PackageBases.PackagerUID IS NOT NULL " .
"LIMIT $max_results";
@@ -278,6 +291,7 @@ class AurJSON {
"ON PackageBases.ID = Packages.PackageBaseID " .
"LEFT JOIN Users " .
"ON PackageBases.MaintainerUID = Users.ID " .
+   "${additional_joins} " .
"WHERE ${where_condition} " .
"AND PackageBases.PackagerUID IS NOT NULL " .
"LIMIT $max_results";
@@ -380,6 +394,7 @@ class AurJSON {
 * @return mixed Returns an array of package matches.
 */
private function search($http_data) {
+   $join_depends = false;
$keyword_stri

Re: Searching the AUR API by dependent packages?

2018-01-27 Thread Baptiste Jonglez 
On 28-01-18, Baptiste Jonglez wrote:
> I wanted to use the AUR API to list packages that depend on a specific
> package.  But it seems that the API does not implement this kind of
> search.
> 
> The use-case is the following: when I bump a package in [community],
> I would like to list all packages in the AUR that potentially need a
> rebuild.
> 
> Would this be a welcome addition to the API?  If it is, I may try to hack
> this myself (but I have no guarantee about available time, and I stopped
> writing PHP and raw SQL years ago)
>
> The API I have in mind is the following:
> 
> /rpc/?type=search=depends=ocaml → returns all packages that depend 
> on ocaml
> 
> /rpc/?type=search=makedepends=ocaml → returns all packages that 
> make-depend on ocaml
> 
> /rpc/?type=search=optdepends=ocaml → returns all packages that 
> opt-depend on ocaml

So actually, this was not so hard to implement: RFC patch is incoming.
Review welcome!

Baptiste


signature.asc
Description: PGP signature

Searching the AUR API by dependent packages?

2018-01-27 Thread Baptiste Jonglez 
Hi,

I wanted to use the AUR API to list packages that depend on a specific
package.  But it seems that the API does not implement this kind of
search.

The use-case is the following: when I bump a package in [community],
I would like to list all packages in the AUR that potentially need a
rebuild.

Would this be a welcome addition to the API?  If it is, I may try to hack
this myself (but I have no guarantee about available time, and I stopped
writing PHP and raw SQL years ago)

The API I have in mind is the following:

/rpc/?type=search=depends=ocaml → returns all packages that depend 
on ocaml

/rpc/?type=search=makedepends=ocaml → returns all packages that 
make-depend on ocaml

/rpc/?type=search=optdepends=ocaml → returns all packages that 
opt-depend on ocaml


Thanks,
Baptiste


signature.asc
Description: PGP signature