REST Datasource doesn't add second request

JasonWeise · November 24, 2023, 5:04am

Hi Team

I am loving the recent updates and finding the REST datasouce quite useful though I think I might have found a bug.
When I add a second request to a REST Connection, everything appears to work fine, the "Send" button works as expected but when hitting "Finish" to create the new query, the code is somewhat added for the new query but it is missing the implementiation and as you can see from the screenshot, doesn't get added under the first one.
In the screenshot, I have tried to add another two queries under the "Orders" query, but they never appear and the code just errors.
This is with the latest 1.19.0 with a brand new "Blazor Web Application .Net 8" and using the "Auto" interactivity.

2023-11-24_14-55-59

JasonWeise · November 24, 2023, 5:11am

Oh I think I see why, the controller that is added for the entire REST data connection is using the following base class:

: OAuthAuthenticationCodeControllerBase

So the "Captit" Controller on the server is implemented like this:

[Route("api/oauth/captit")]
    public class CaptitController : OAuthAuthenticationCodeControllerBase
    {
        public CaptitController(IConfiguration configuration, IHttpClientFactory httpClientFactory) : base(configuration, httpClientFactory)
        {
        }
...
...

This is directly from your datasource tool and no other code has been touched.

korchev · November 24, 2023, 6:38am

Hi @JasonWeise,

Thank you for reporting this problem. We will address it with the next release.

JasonWeise · November 24, 2023, 9:03am

Hi @korchev

I see you have released a fix already, that is super quick!... but... I do have an issue.

Now it does work, but it seems you have moved it all to the client. The entire base url, request path AND api key are stored directly in the code in the client.

Is this intentional? Or should this all be on the server and the client make a call to our server api to use a server to make the relevant calls on our behalf.

Not sure I like the idea of storing API Keys in the codebase on the client.

korchev · November 24, 2023, 9:23am

Hi @JasonWeise,

Indeed this is how the REST service works. It doesn't go to the server to make requests on the client behalf.

If you don't want the API key to not be included you can add some additional code to fetch it from the server. Already done if the REST API uses OAuth security.

korchev · November 24, 2023, 9:57am

We decided to add an option to proxy REST service calls (and possibly others) through the server. We will ship it with one of the new releases (next week or a bit later).

JasonWeise · November 24, 2023, 10:21am

Hi @korchev

That is great news, that opens up a bunch of oportunities for doing things directly on the server with these API calls and, as you suggest, we can proxy the calls from the client through the server.

Great work! Looking forward to testing it.