#metabrainz

Project bookbrainz-site build #2316: passed in 2 min 42 sec: https://travis-ci.org/bookbrainz/bookbrainz-sit...

hi alastairp, have you ever worked with a FieldList of FormFields in WTForms?

no, I've not. do you have a specific thing you're trying to do? what's the code that's not working?

akhilesh: Good job on the tests you added last. I feel better knowing the structure of the resources is monitored, in case something changes somewhere.

I took the liberty to move around them to a separate test each, to make it easier to pinpoint if something goes wrong.

alastairp: it’s the form that I’m using for the eval in the most recent PR. Since we have multiple recordings to be evaluated, each with the same form properties (rating/feedback and a suggestion), I created a form to hold those properties, then made a form whose only property is a list of the form for a single recording. Wtf forms documents field list and form field https://wtforms.readthedocs.io/en/stable/fields...

The form works fine, my problem with it is with csrf tokens

Even when I include the `{{ form.hidden_tag }}` in the form, I get an error where the form can’t validate, missing csrf token.

I get 10 of these errors - one for each of the form fields in the list

But I expected that if the form holding the field list had a csrf token, then it should validate?

Originally I fixed the problem with this by adding a hidden tag for each form within the field list as well, during the loop through the recordings in the template

But then I switched to use Ajax for the request, and the problem came back

in flaskwtf you have to add the csrf yourself

huh, I didn't know about hidden_tag, I've always used {{ form.csrf_token }} directly

one thing that I'm not sure about, the example on the wtf site says "{{ form.hidden_tag() }}", with (), which might cause differences

did you check the generated html to ensure that the form looked correct?

Yeah I wasn’t sure which to use - I’ve tried hidden_tag(), csrf_token, all of them. If I add a tag for a token for each recording form, they’re all visible in the HTML - 11 csrf tokens.

And when I added one for each recording form in the field list it worked. But then when I made the request through Ajax instead, and had to add the csrf token as a header, then I got the error about them missing again

so the main issue is that you have a wtform which isn't validating in some cases?

have you tried to simplify what you have? e.g. can you successfully submit a form with just a single recording?

or if you have a FieldList, can you do a list of a basic field type, not a FormField?

as I said, I've not done a lot of this before, so I can't make a clear suggestion about what to do

Yeah that’s the main problem. I have gotten more basic forms working, but I’ll look over them again and try to make sure they work with ajax.

I understand! I’ll also look around online some more.

I don't think we use Forms to valid ajax requests in other places

it might be just as OK to generate a json document and ajax it to an endpoint

however, in that case, it might be worth integrating with React, like the dataset editor does

Ok, got it. I’ll look into that too and maybe can integrate it with react!

unless really important, I'd suggest staying away from ajax until you get everything working

because it'd become very easy to get stuck in making it look nice without moving on to next stuff

For sure, makes sense. I got the form working yesterday so then I tried to add it, but sadly that broke it lol

I was reading https://flask-wtf.readthedocs.io/en/stable/csrf... and flask-wtf says they recommend using csrf protection for every endpoint. I was wondering, why don’t we use global protection for the whole app like they show at the top of that linked page?

what do we use instead? do we annotate methods to say to protect it?

consider that this will protect all POST methods

which also includes things like the API endpoints to submit lowlevel files

but we can't protect this, because there's no way for a client to get a token for doing the submission

Oh okay, the client would need a secret key to access those API endpoints?

yeah

Ok thanks!

iliekcomputers: hi, any progress on the dump?

bitmap: removing conda worked :)

I'm getting better logs when running locally as well as better performance

[bookbrainz-site] MonkeyDo merged pull request #293 (master…api2): feat: Lookup requests for BB API https://github.com/bookbrainz/bookbrainz-site/p...

Hi Mr_Monkey !

Thanks to merge

-> Merging akhilesh's first PR for the BookBrainz API !

Well done akhilesh !

Could you host this basic api at any test server?

I wish to test in the server

Project bookbrainz-site build #2320: passed in 2 min 53 sec: https://travis-ci.org/bookbrainz/bookbrainz-sit...

akhilesh: I just started looking at setting that up. Might take a day or two to get everything sorted.

yvanzo: around?

reosarevok: yup!

yvanzo: https://beta.musicbrainz.org/ws/2/cdstub?query=... has disambiguation: ["CD Baby id:cook9"] but http://localhost:5000/ws/2/cdstub?query=Over+th... (as in, my local copy) has comment: "CD Baby id:jimcornwell1"

What am I missing :D

Is it going through direct search for them because I don't have a local search server for some reason? I thought all searches would go through the mb search server

(I'm on the beta branch locally, no other changes)

reosarevok: I guess your local MB server is querying old search server.

I guess. Where do I point it at?

[listenbrainz-labs] vansika opened pull request #41 (master…test-rmse): Root mean squared error for test data https://github.com/metabrainz/listenbrainz-labs...

[listenbrainz-labs] vansika opened pull request #42 (master…model-metadata): Schema to store model metadata in HDFS https://github.com/metabrainz/listenbrainz-labs...

So you can't search for releases with a specific type of medium? https://beta.musicbrainz.org/doc/Indexed_Search...

hm, must be format