-
-
Notifications
You must be signed in to change notification settings - Fork 475
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add api-platform for a more complete API #1491
Comments
How would this scale for the amount of packages present in packagist.org ? Currently, the recommendation for tools needing to access the metadata of packages is to use the composer repository endpoints instead of the API, as this scales much better (the composer repository is served from static files by the webserver). The API endpoint for package currently has a 12h cache to avoid scalability issues (see https://packagist.org/apidoc#get-package-data).
You should ask the API Platform team how to make their Swagger UI compatible with CSP instead of disabling CSP on packagist.org. |
I don't know. One of the reasons I get involved with projects like this is to learn about how big "real world" projects handle scaling. For example, I use redis in a pretty superficial way, but in going through this code I learned a bit more about how it can be used. |
Also, I'm not sure we need API Platform here, given that the Packagist API is mostly read-only, and the few writable endpoints (creating a package, editing a package and updating a package) have special needs and are likely easier to implement outside API Platform |
@tacman given that the usage of |
Yeah I'm not really too keen on adding this just for the few benefits, given the little API surface we have, I'd rather keep the dependencies to a minimum as it all incurs maintenance cost, as well as security risk. |
I submitted a PR to fix #1488 , but it feels clunky. We can get pagination, filtering and sorting with a consistent and well-loved API by configuring API platform.
Since /api is already used, we could use /api2 or /apip for the route. Then with very little work we can search by multiple vendors or types, paginate, etc.
I'm happy to make a PR with this, maybe mark it as experimental during development?
I just submitted a PR to fix an api platform issue (symfony/symfony#58928 (comment)) but with that fix, I still can't get it to work because of a nelmio_security.yaml setting, without commenting this out.
I also had to tweak the stateless setting. Both of these are small.
Is the packagist data available as a dump for testing?
The text was updated successfully, but these errors were encountered: