... | ... | @@ -7,6 +7,7 @@ This document governs best practices for writing CFML for inLeague applications |
|
|
1. [Function Architecture: Handlers, Services, Models](#function-architecture)
|
|
|
2. [Writing API Endpoints](#writing-api-endpoints)
|
|
|
3. [Documenting API Endpoints](#documenting-api-endpoints)
|
|
|
4. [Request Security Object](#request-security-object)
|
|
|
|
|
|
## Function Architecture
|
|
|
|
... | ... | @@ -204,3 +205,15 @@ inLeague uses [cbSwagger](https://forgebox.io/view/cbswagger) for API documentat |
|
|
3. The request structure for many simple GET requests may be described in-line (as in this example) as opposed to an external schema definition using the `@requestBody` declaration. Any request with a real "body" (e.g. PUT, POST) should use `@requestBody`.
|
|
|
4. When describing parameters in-line, they still must conform to the syntax above to specify whether the parameter is in the path (`/foo/{GUID}`) or a query parameter (`/foo?someID={GUID}`)
|
|
|
5. External schemas are located in the `/resources/api` folder and grouped in subfolders according to the parent domain object. They should be written in YAML (not JSON, whenever possible) and re-used -- do not repeat schema definitions.
|
|
|
|
|
|
# Request Security Object
|
|
|
|
|
|
The request security object is generated after a successful authentication and then stored in the cache layer (Redis). It is a `Security.cfc` object that is hydrated from the cache at the beginning of each request, whether to the API or the legacy application.
|
|
|
|
|
|
The security object is available to the application engine as `request.securityObj` and exists for the life of the request. It is available to the front-end application as the result of the `authenticate` endpoint and should be cached locally, and then refreshed whenever the authenticated session is renewed.
|
|
|
|
|
|
The request object contains commonly-used fields for the logged-in user to reduce the need to pull the full user object from the database. Consult the API documentation or `Security.cfc` for a full list.
|
|
|
|
|
|
## Retrieving the User Object for a Request
|
|
|
|
|
|
In the event that the `qUser` object is needed at any point in the request on the back end, load it with the `getUser()` function on the security object so that it will be cached in that object and remain available for the duration of the request. |