Merge pull request #221 from dvjsharma/chore/report/week3

chore(report): REST APIs week 3 report

docs/2024/index.md

@@ -52,7 +52,7 @@ More info to come here.
 | Topic(s)            | Timings                       | Meeting link                                                                                            | ICS                                  |
 | :------------------ | :---------------------------- | :------------------------------------------------------------------------------------------------------ | :----------------------------------- |
 | General Meeting     | _Thursday_ 13:30 - 14:30 UTC  | [Jitsi](https://meet.jit.si/moderated/5a655b3b6f3b4f83cddb13b93ac5408d6de48bf4ce1049f4128aa1c885478d48) | [.ics](/ics/gsoc_2024_weekly.ics)    |
-| -                   | -                             | -                                                                                                       | -                                    |
+| REST API            | _Tuesday_ 11:00 - 11:50 UTC   | [Jitsi](https://moderated.jitsi.net/d623bb1284a54c83958eff31d2ecce9ed6b894312eda4ed9b400d5963f4e18b6)   | [.ics](/ics/gsoc_2024_rest.ics)      |
 | SPDX Related        | _Tuesday_ 10:30 - 11:20 UTC   | [Jitsi](https://moderated.jitsi.net/d623bb1284a54c83958eff31d2ecce9ed6b894312eda4ed9b400d5963f4e18b6)   | [.ics](/ics/gsoc_2024_spdx.ics)      |
 | CI Scanner          | _Wednesday_ 10:30 - 11:00 UTC | [Jitsi](https://moderated.jitsi.net/39896aad61bc4a27b9418ee6b78689348c65790e889046069dbe9c8c34110c9a)   | [.ics](/ics/gsoc_2024_ci.ics)        |
 | Scheduler Overhaul  | _Friday_ 10:30 - 11:00 UTC    | [Jitsi](https://moderated.jitsi.net/5444f675f5ce47c788fa4238a6a958c53d3e62804e9243d5b807fbaa81f3120f)   | [.ics](/ics/gsoc_2024_scheduler.ics) |

docs/2024/rest/API-guidelines.md

@@ -11,8 +11,17 @@ SPDX-License-Identifier: CC-BY-SA-4.0
 SPDX-FileCopyrightText: 2024 Divij Sharma <[email protected]>
 -->
 
+## Details
+
+- Created by: [Divij Sharma](https://github.com/dvjsharma)
+- Reviewed by: [Gaurav Mishra](https://github.com/GMishx), [Shaheem Azmal M MD](https://github.com/shaheemazmalmmd)
+
+## Motive
+
 Since this project primarily focuses on REST API development and improvement, it is crucial to establish a comprehensive guideline from the beginning. This guideline will serve as a set of rules to follow and provide a clear objective to achieve. After researching various reputable open-source projects and reviewing several design guides, I have prepared a detailed guideline document. Please refer to the table below for more information.
 
+## Guidelines
+
 <table>
 	<tr>
 		<th>**#**</th>

docs/2024/rest/index.md

@@ -50,13 +50,4 @@ This project involves the following tasks:
    - Study each endpoint and its functionality to identify potential edge cases.
    - Write unit tests for all existing and new endpoints.
 
-More specific details about each task can be found in the [Task Details Table](https://docs.google.com/document/d/158BZBZ5owLtI-SqD1MIduMy4bR3XLuwm4aDLynoFZAA/edit?usp=sharing).
-    - Develop a REST API guideline which will provide a solid set of rules to follow.
-    - Upgrade existing endpoints to V2 based on the guideline, also ensuring backward compatibility.
-    - Update documentation to reflect the changes and versioning.
-
-3. **Increasing Test Coverage:**
-    - Study each endpoint and its functionality to identify potential edge cases.
-    - Write unit tests for all existing and new endpoints.
-
-More specific details about each task can be found in the [Task Details Table](https://docs.google.com/document/d/158BZBZ5owLtI-SqD1MIduMy4bR3XLuwm4aDLynoFZAA/edit?usp=sharing).
+More specific details about each task can be found in the [Task Details Table](https://docs.google.com/document/d/158BZBZ5owLtI-SqD1MIduMy4bR3XLuwm4aDLynoFZAA/edit?usp=sharing).

docs/2024/rest/updates/2024-05-30.md → docs/2024/rest/updates/Divij/2024-05-30.md

@@ -13,7 +13,7 @@ SPDX-FileCopyrightText: 2024 Divij Sharma <[email protected]>
 
 *(May 30,2024)*
 
-## Attendees:
+## Attendees
 
 - [Divij Sharma](https://github.com/dvjsharma)
 - [Gaurav Mishra](https://github.com/GMishx)
@@ -22,15 +22,15 @@ SPDX-FileCopyrightText: 2024 Divij Sharma <[email protected]>
 - [Soham Banerjee](https://github.com/soham4abc)
 - [Valens Niyonsenga](https://github.com/valens200)
 
-## Discussion:
+## Discussion
 
 - **Who should be doing what?**
   - Discussed project responsibilities with my colleague [Valens](https://github.com/valens200) and mentors.
   - We decided that currently I will focus on the REST API Version 2 upgrade and OAuth 2.0 implementation, while Valens would work on adding test cases for the current REST API implementation.
 
 - **REST API Version 2 updates**
   - I mentioned that the work on the REST API Version 2 upgrade is almost complete and suggested we can start looking for any further improvements.
-  - Mentors suggested I should review the code and look for any possible improvements based on my proposed guidelines. [(REST API Guidelines)](../API-guidelines.md).
+  - Mentors suggested I should review the code and look for any possible improvements based on my proposed guidelines. [(REST API Guidelines)](../../API-guidelines.md).
 
 - **OAuth 2.0 architecture discussion and needs**
   - [Gaurav](https://github.com/GMishx) explained the various modes of authentication we aim to have in the FOSSology project. These are:
@@ -39,7 +39,7 @@ SPDX-FileCopyrightText: 2024 Divij Sharma <[email protected]>
     - Client Credentials Grant (Machine to Machine)
   - I cleared my doubts regarding the OAuth 2.0 implementation and its significance in the project. I also got a rough vision of what needs to be implemented and what is already implemented. [(Reference Material)](https://github.com/fossology/fossology/wiki/OpenID-Connect-authentication-configuration)
 
-## Activities:
+## Activities
 
 - Tested the REST API Version 2 on a local instance and noted down the improvements that can be made.
 - Researched on OAuth 2.0 and how it can be implemented in the project.

docs/2024/rest/updates/2024-06-06.md → docs/2024/rest/updates/Divij/2024-06-06.md

@@ -13,19 +13,19 @@ SPDX-FileCopyrightText: 2024 Divij Sharma <[email protected]>
 
 *(June 6,2024)*
 
-## Attendees:
+## Attendees
 
 - [Divij Sharma](https://github.com/dvjsharma)
 - [Shaheem Azmal M MD](https://github.com/shaheemazmalmmd)
 - [Valens Niyonsenga](https://github.com/valens200)
 
-## Discussion:
+## Discussion
 
   - No major updates since the last meeting.
   - Discussed the improvements that can be made in the REST API Version 2.
   - Discussed the implementation of OAuth 2.0 in the project.
 
-## Activities:
+## Activities
 
 - **OAuth 2.0**
   - Researched OAuth 2.0 and its application on production servers. Found the [Auth0 article](https://auth0.com/intro-to-iam/what-is-oauth-2) particularly helpful. Studied various architectural patterns for different flows to determine the best fit for our project.

docs/2024/rest/updates/Divij/2024-06-11.md

@@ -0,0 +1,67 @@
+---
+title: Week 3
+author: Divij Sharma
+tags: [gsoc24, rest]
+---
+
+<!--
+SPDX-License-Identifier: CC-BY-SA-4.0
+
+SPDX-FileCopyrightText: 2024 Divij Sharma <[email protected]>
+-->
+
+# Week 3 meeting and activities
+
+_(June 11,2024)_
+
+## Attendees
+
+-   [Divij Sharma](https://github.com/dvjsharma)
+-   [Gaurav Mishra](https://github.com/GMishx)
+-   [Shaheem Azmal M MD](https://github.com/shaheemazmalmmd)
+
+## Discussion
+
+-   **OAuth**
+    -   Proposed 2 mechanisms for OAuth 2.0 implementation in the project.
+        -   **M-2-M, for technical uesrs**:
+            -   Clients must obtain a token from the authorization server using their client ID and client secret.
+            -   The token can be used to access the FOSSology API.
+            -   For this to happen, FOSSology server must be configured to use OAuth 2.0.
+            -   REST API will have endpoints to do this configuration.
+            -   Token sent should be verified by the server and user should be authenticated and authorized.
+        -   **Authorization Code Grant, for end users and new UI**:
+            -   Only for client applications that can interact with the user.
+            -   Can use various npm libraries to implement this flow.
+            -   Users will log in and receive a code.
+            -   This code can be exchanged for a token to access the FOSSology API.
+    -   [Gaurav](https://github.com/GMishx) mentioned that the `client id` for both the mechanisms will be different, which will cause problems when using the same client for both the mechanisms.
+    -   We will have to look into this and find a solution. Maybe I will handle this in the last week.
+    -   Discussed the improvements that can be made in the REST API Version 2, particularly the status codes and pagination.
+
+## Activities
+
+-   **OAuth 2.0 M-2-M implementation**
+
+    -   Implemented the OAuth 2.0 M-2-M mechanism for the project.
+    -   Created an endpoint `/users/oauthclient` to add new clients when user is logged in.
+    -   Created an endpoint `/users/oauthclient/{type}` to get active and expired OAuth clients.
+    -   The `/customise` endpoint used to accept only a single key-value pair for updating admin configs, making it difficult to update fields in bulk. I've modified it to accept an array of key-value pairs and update accordingly.
+    -   The `/customise` endpoint is now capable to fetch all other URLs required for OIDC integration when the discovery URL is passed over the REST API.
+    -   Raised a PR [feat(oauth): Added machine-to-machine OAuth functionality](https://github.com/fossology/fossology/pull/2761) for the same.
+
+-   **REST API Version 2**
+    -   Started working on the improvements identified in the last meeting:
+        -   Status Codes: Particularly 204 (no content)
+        -   Adding pagination to all necessary endpoints
+        -   Using model classes for all major/minor responses
+        -   Test coverage
+        -   Authentication workflow
+    - Made requested changes in the PR [feat(api): Upgrade Jobs & Report APIs to Version 2](https://github.com/fossology/fossology/pull/2736).
+
+## SecreenShots
+
+-   `/users/oauthclient` : Add new clients when user is logged in.
+    ![addclients](/img/reactUI/api/OAuth/addclients.png)
+-   `/users/oauthclient/{type}` : Get active and expired OAuth clients.
+    ![viewclients](/img/reactUI/api/OAuth/viewclients.png)

docs/2024/rest/updates/Divij/_category_.json

@@ -0,0 +1,4 @@
+{
+    "label": "Divij Sharma",
+    "position": 1
+}

docs/2024/rest/updates/_category_.json

@@ -0,0 +1,4 @@
+{
+    "label": "Weekly Updates",
+    "position": 1
+}