Set up forms app with authentication #1497
Conversation
jchristgit
force-pushed
the
forms-bootstrap
branch
2 times, most recently
from
0a51298 to
8b6dbeb
Compare
jchristgit
force-pushed
the
forms-bootstrap
branch
from
8b6dbeb to
603e046
Compare
There was a problem hiding this comment.
Copilot reviewed 18 out of 19 changed files in this pull request and generated 3 comments.
Files not reviewed (1)
- .coveragerc: Language not supported
Comments suppressed due to low confidence (1)
pydis_site/apps/forms/tests/test_api.py:127
- [nitpick] Consider revising or removing the informal comment to maintain a professional tone in test files.
# the ultimate power trip...
|
The next person who sends "co""pilot" A"I" onto my review will have me send a Bengalese Tiger to their doorstep. And it will be very, very hungry. |
jchristgit
force-pushed
the
forms-bootstrap
branch
from
603e046 to
6525554
Compare
This begins the work of integrating the forms backend into the site. Changes, until complete, will be merged into the `forms` tracking branch.
jchristgit
force-pushed
the
forms-bootstrap
branch
from
6525554 to
0c19201
Compare
There was a problem hiding this comment.
https://discord.com/developers/docs/reference#user-agent
We should probably add our user agent in here.
There was a problem hiding this comment.
We don't need:
- Nearly as much role information as we are currently storing. We use this almost solely for calculating scopes and can probably get away with name and ID (if even that, most of this data is validated on the fly)
- We don't need member information, just user information and whether they are in the guild or not.
As a sample of a filled response object:
{
"_id" : "7d880da8-0f06-4f4e-bc1d-9987eefa0d51",
"user" : {
"username" : "...",
"id" : "...",
"discriminator" : "...",
"avatar" : "...",
"bot" : null,
"system" : null,
"locale" : "en-US",
"verified" : null,
"email" : null,
"flags" : 64,
"premium_type" : 2,
"public_flags" : 64,
"admin" : false
},
"antispam" : {
"ip_hash" : "...",
"user_agent_hash" : "...",
"captcha_pass" : false
},
"response" : {
"header" : false,
"question" : "...",
"attribution" : "Yes"
},
"form_id" : "qa",
"timestamp" : "..."
}We don't currently store users and I don't know if we should start storing users, sounds like a bit of a headache for data protection if we have another store of user data that is separate from form responses.
| models.BigIntegerField( | ||
| help_text="Total permissions of the member in the channel.", | ||
| null=True, | ||
| verbose_name="Pending screening", |
| ) | ||
|
|
||
|
|
||
| # XXX: This duplicates the role object from the API app. The role object in the |
There was a problem hiding this comment.
We can definitely get away with the role information in the API app.
| @@ -0,0 +1,2 @@ | |||
|
|
|||
| # Register your models here. | |||
There was a problem hiding this comment.
Can we get rid of this file if it's empty anyway?
| class FormsConfig(AppConfig): | ||
| """Django AppConfig for the forms app.""" | ||
|
|
||
| name = "pydis_site.apps.forms" |
There was a problem hiding this comment.
Is this supposed to match the module name? Can we avoid hardcoding the name? Maybe something with importlib can help?
|
|
||
| def fetch_member_details(member_id: int) -> models.DiscordMember | None: | ||
| """Get a member by ID from the configured guild using the discord API.""" | ||
| with httpx.Client() as client: |
There was a problem hiding this comment.
Is it expensive to create a new client for each request?
|
|
||
|
|
||
| def fetch_member_details(member_id: int) -> models.DiscordMember | None: | ||
| """Get a member by ID from the configured guild using the discord API.""" |
There was a problem hiding this comment.
| """Get a member by ID from the configured guild using the discord API.""" | |
| """Get a member by ID from the configured guild using the Discord API.""" |
|
|
||
| def get_roles(*, force_refresh: bool = False, stale_after: int = 60 * 60 * 24) -> tuple[models.DiscordRole, ...]: | ||
| """ | ||
| Get a tuple of all roles from the cache, or discord API if not available. |
There was a problem hiding this comment.
| Get a tuple of all roles from the cache, or discord API if not available. | |
| Get a tuple of all roles from the cache, or Discord API if not available. |
|
|
||
| ## Keyword arguments | ||
|
|
||
| - `force_refresh` (`bool`): Skip the cache and always update the roles from |
There was a problem hiding this comment.
I think putting the type in the docs is redundant when we're using type annotations.
| - `stale_after` (`int`): Seconds after which to consider the stored roles | ||
| as stale and to refresh them. |
There was a problem hiding this comment.
This argument does not exist for this function.
| @property | ||
| def display_name(self) -> str: | ||
| """Return username and discriminator as display name.""" | ||
| return f"{self.payload['username']}#{self.payload['discriminator']}" |
There was a problem hiding this comment.
Didn't Discord do away with discriminators?
|
|
||
| def is_admin(self) -> bool: | ||
| """Return whether this user is an administrator.""" | ||
| self.admin = models.Admin.objects.filter(id=self.payload["id"]).exists() |
There was a problem hiding this comment.
Should self.admin be "private"? Currently, if someone inspects self.admin directly without calling is_admin(), its value may not be correct. The requirement to call is_admin() first is not obvious.
| user = FormsUser( | ||
| token, | ||
| user_details, | ||
| discord.get_member(user_details["id"]), |
There was a problem hiding this comment.
Do we need error handling for this call or is it fine to let the exception bubble up?
This begins the work of integrating the forms backend into the site.
Changes, until complete, will be merged into the
formstrackingbranch.