Web app theory of design ======================== Authentication -------------- Users are authenticated with an `api_key`: * Generated server-side with `to_base64(rand())` and stored in the users table. * New ones can be requested by entering an email address on a web form. The key and several URLs with the key embedded are sent to the email address. * Generating a new api_key kills the old one. * api_keys expire after 6 months. * api_keys are embedded in HTML pages using the template system, making the key accessible to JavaScript running on the page. The global variable is `pt_api_key`. Use Stories ----------- Upload a file ^^^^^^^^^^^^^ 1 - User goes to https://app.digitalcorpora.org/ and enters their email address into a text field. This sends them a new API key and a set of URLs. One of the URL is `upload a plant movie`. Another is `view uploaded movies.` - Requies the ability to send mail from the server that won't be trapped by anti-spam. - Eventually, we will also be able to log in with Google and then see the page with the URLs. 2 - User clicks the `upload a plant movie` url. This brings the user to another page that has a HTML FORM Upload with the api_key as one of the parameters. This should work for uploading any movie under 10MB. It won't give a nice progress bar unless we use a clever JavaScript uploader. View/Edit/Delete upload files ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 1 - User clicks on link with embedded API key 2 - Web page is generated server-side with template engine. * Upload new movie link * pop-up with the section that the student is in. * Section showing movies, with a note if it is 'playable' or 'needs review' * Section showing deleted movies, with days until movie is purged. - To delete a movie, click a check that says "delete." This moves the movie to the "deleted" section. Movies in the deleted section can't be played and are automatically deleted in 7 days, but they can be undelted as well. - Movie metadata is in text fields. To change it, just change the text. Making a change to the text enables a "save" button at the end of the line. If you try to navigate away from the page without saving, you get a warning. (JavaScript) Faculty interface ^^^^^^^^^^^^^^^^^ * Each faculty member can be in any number of sections * Shows all students assigned to each of their section, and all unassigned students. * Allows students to be moved between sections and unassigned. * Shows all uploaded movies for each section and allows them to be publisehd or unpublished. API --- Upload a file ^^^^^^^^^^^^^ 1 - User goes to app.digitalcorpora.org/upload 2 - User fills out form with movie title, description, and chooses movie. 3 - Form 'onchange' fires. 3a - JavaScript hashes movie. 3b - /api/movie-upload-start gets api_key, title, description, sha256, movie length 3c - bottle_app.movie_upload_start() calls db.create_movie which creats the movie entry with this sha256. 3d - if the sha256 already exists, return to the client with 'movie_id' and 'upload_url' equal to '' and 'movie_url' being the final movie URL. 3e - If the sha256 does not exist, return to the client with 'movie_id' and a 'upload_url' being a presigned s3 upload URL and 'movie_url' being the final movie URL. Now, if the client has an upload_url, it starts the upload with a POST.