Issues and Decisions
# | Issues | Notes | Decision |
---|---|---|---|
1 | Exposing endpoint to clients might be vulnerable. | we can add a flag to enable/disable this feature in docker compose file. | |
2 | now we are able to add more than one root nodes. can we update data fragments of more than one root nodes. |
Initial findings
When trying to perform Patch operation on a list data node, wherein multiple list items are updated in one request. It is seen that only the top most item in the list gets updated where as the remaining list items remain as it is.
And the response sent back is 200 OK. This might lead to the user assuming that the Patch operation was executed successfully over multiple list items but in reality it would have only updated the fist item in the list.
Example
Assuming the following data is in the database
When performing update operation on the list data node
Status 200 OK is returned, but on performing the Get operation it is noticed only the first item in the list node gets updated and second one remains as it is.
Impact of CPS-1526 on this issue
The problem that CPS-1526 resolves is that when trying to update multiple data nodes in one request then a 400 Bad Request is sent back as response, earlier it would send a 500 response with a message not clear enough to identify the problem.
So, assuming that there is an anchor with multiple data nodes in the DB and when a user tries to update more than one data node at once the system responds and gives a message that the operation is unsupported. But when a user tries to update the data nodes directly under the root node individually then the operation executes successfully.
Now this behavior is not limited to the data nodes directly under the root node xpath, but is applicable to all the data nodes under a specific xpath as well.
So, if there is a list data node with multiple list items, and the user tries to update multiple list items at once as in the example above, the system now returns a 400 Bad Request, with the error message that the operation is unsupported because the user is basically updating multiple data nodes under a list, earlier this response was a 200 OK with a partial Patch operation taking place in the background.
Assuming the following data is in the DB
Updating multiple items in a list data node
Response received after CPS 1526
{ "status": "400 BAD_REQUEST", "message": "Operation is not supported for multiple data nodes", "details": "Number of data nodes present: 2" }
Possible Solutions to Updating multiple items in a list data node
By having a new sub end point for Patch operation that specifically performs update on list data nodes
New sub endpoint: PATCH http://{IP}:{PORT}/cps/api/v1/dataspaces/{dataspace-name}/anchor/{anchor-name}/list-nodes?xpath
Parameters:
Parameter name | In | isRequired |
---|---|---|
dataspace-name | path | Yes |
anchor-name | path | Yes |
xpath | query | Yes |
observed-timestamp | query | Yes |