Skip to main content

Flooding Frontend Design

Changes to Generic-ify Flooding Frontend

The planned course of improvements for Flooding Frontend includes the support for different deployments and a user-supported site.

User Login

  • Potentially include a user login page.

Locations

  • Instead of being hardcoded in the constants file, locations will be driven by a database and acquired from the forthcoming Flooding API.
  • We will need to include CRUD forms for managing locations.

3D Flooding

  • Will remain largely unchanged.

2D Network

  • Related to Shapefiles or GeoJSON files.
  • Will be driven from the API.
  • CRUD for adding and deleting networks.
  • Landing page with list of available network files to view.
  • Click through to view specific network.

3D Network

  • Related to Shapefiles or GeoJSON files.
  • Will be driven from the API.
  • CRUD for adding and deleting networks.
  • Landing page with list of available network files to view.
  • Click through to view specific network.

2D RAS Results

  • Related to HDF results files.
  • Will be driven from the API.
  • CRUD for adding and deleting results.
  • Landing page with list of available results files to view.
  • Click through to view specific results.

3D RAS Results

  • Related to HDF results files.
  • Will be driven from the API.
  • CRUD for adding and deleting results.
  • Landing page with list of available results files to view.
  • Click through to view specific results.

Authentication Design

Authenticating with Tokens

This is Jake's preferred method.

This 1. Medium Article has some useful information regarding a more automated approach of managing JSON Web Tokens.

This other Article, 2. Build an Authentication System Using Django, React and Tailwind has a more complete picture of doing authentication between Django and React.

  • Article 2 is more recent (last updated April, 8 2024).
  • Article 2 uses Django's Bearer Tokens instead of JWT.

Authenticating in Django with Knox

django-rest-framework-postman-token-authentication

For authenticating in Postman, one needs to go to the Headers tab, add a "Key" of Authorization and a corresponding "Value" of Token your-token-here.

Django Knox Token Auth in Postman

JWT and Bearer Token Comparisons

Pros and Cons Comparison from Stack Overflow

Stack Overflow Comparison

  • DRF's builtin Token Authentication

    • One Token for all sessions
    • No time stamp on the token
  • DRF JWT Token Authentication

    • One Token per session
    • Expiry timestamp on each token
  • Database access

    • DRF's builtin Token Authentication
      • Database access to fetch the user associated with the token
      • Verify user's status
      • Authenticate the user
    • DRF JWT Token Authentication
      • Decode token (get payload)
      • Verify token timestamp (expiry)
      • Database access to fetch user associated with the id in the payload
      • Verify user's status
      • Authenticate the user
  • Pros

    • DRF's builtin Token Authentication
      • Allows forced-logout by replacing the token in the database (ex: password change)
    • DRF JWT Token Authentication
      • Token with an expiration time
      • No database hit unless the token is valid
  • Cons

    • DRF's builtin Token Authentication
      • Database hit on all requests
      • Single token for all sessions
    • DRF JWT Token Authentication
      • Unable to recall the token without tracking it in the database
      • Once the token is issued, anyone with the token can make requests
      • Specs are open to interpretations, no consensus on how to do refresh