Originally published on strongloop.com
For the past few months, the LoopBack team has been busy improving the framework. Aside from implementation, we also did some investigation to plan out road map for the incoming new features. Here are our main focuses in last quarter:
- Authentication: released
@loopback/authentication@3.xversion. - Authorization: experimental feature which provides basic support for authorization.
- Inclusion of Related Models: query data over relations with
inclusionResolver. - Creating REST API from Model Classes: the proposed design to allow users create REST API with less code.
- Importing LoopBack 3 Models: migrate your LB3 applications to LB4 with command
lb4 import-lb3-models.
We have a monthly blog reviewing what we've done in each milestone. To stay tuned, don't forget to follow us on Twitter @StrongLoop.
Let's take a closer look at each of the epic.
Authentication
We have recently released @loopback/authentication 3.0. We refactored some common types/interfaces in both authentication and authorization packages and moved them to the new @loopback/security package. This helps combine the operations over these two packages. We also improved the @authenticate decorator so that users can apply the default authentication metadata without adding the decorator @authenticate to every route. Also, methods that don't require authentication can be skipped by adding @authenticate.skip.
Apart from enhancing codebase, we also updated the related documentation and examples. Developers can easily follow tutorials and examples to try out setting up their own authentication systems.
Moreover, we did some researches into potential solutions for the new features. In spike #267 we were exploring a way to enable the authorization header setting from the API Explorer. And in spike #3771, we tried to find a solution to make UserProfile interface more flexible so that users have more controls over authentication. Check the links for discussions and proposal details.
Authorization
We released an experimental version of @loopback/authorization. The authorization system now allows developers to decorate their endpoints with @authorize(). By plugging in their own authorizers, it is able to determine whether a user has access to the resource.
Besides the basic functionalities, we also made @authorize() more flexible: users now can define their own voters/authorizers, apply @authorize at the class level, and use the new @authorize.skip annotation. All these improvements allow developers to have more control to shape the authorization system.
Inclusion of Related Models
We have made good progress in this epic this quarter. We completed and released the implementation of inclusionResolver of relations. It allows LoopBack 4 users to query data over relations more easily. The todo-list tutorial is also updated with the usage of inclusionResolver. Check LB4 site Relations and the todo-list tutorial to get started. We will make this feature easier to use by adding it to CLI command. Stay tuned for more details!
Creating REST API from Model Classes
In LoopBack 3, it was very easy to get a fully-featured CRUD REST API with very little code. We would like to provide the same simplicity to you that you can create REST APIs from models directly without the need of creating Repository or Controller classes. As we found out and discussed in spike #3617, we will introduce a new package @loopback/model-api-builder, a new booter ModelApiBooter, and a plugged-in model-api-builder that builds CRUD REST APIs. The proposed design will enable users to create REST APIs without customizing repository/controller classes. Check Epic #2036 for details of related stories.
Importing LoopBack 3 models
We accomplished the implementation for the CLI command to import model definitions from LoopBack 3 applications. If you have existing LoopBack 3 applications, it's a good time to type in command lb4 import-lb3-models to migrate them to LoopBack 4! See PR #3688 for implementation details, Importing models from LoopBack 3 projects documentations, and also the blog post.
Exciting News
In August, we got the news from APIWorld that LoopBack has won the "Best In API Middleware" award. We have shared this news in this blog post. Our architect and co-creator of LoopBack, Raymond Feng, will be attending the awards ceremony on October 8 at APIWorld. If you happen to be at the conference, don't miss out.
To moving towards the cloud native direction, LoopBack 4 has been added to be one of the Appsody application stacks. It is also being offered as part of the IBM Cloud Pak for Applications. With the health check extension being added to LoopBack 4, we are planning to add more capabilities to provide the non-functional requirements for the cloud native deployment. Stay tuned!
What's Next?
For the next 3 months, we'd like to focus on the following:
- Continue with the Q3 stories. e.g. Authentication, Authorization, Inclusion of related models.
- Start working on the migration guide spikes: Migration Guide: general runtime and Migration Guide: Authentication and Authorization.
- Continue to enhance our cloud native story: Production Deployment with IBM Cloud.
- CASCON x Evoke: LoopBack team will be organizing an Exhibition and a Workshop on Nov 4th and Nov 5th.
Check Q4 roadmap for more details.
Previous Milestone Blogs
There are too many features added and bug fixes that cannot be captured here. Check out our previously published monthly milestone blog posts in Q2 for more details:
Call for Action
LoopBack's future success depends on you. We appreciate your continuous support and engagement to make LoopBack even better and meaningful for your API creation experience. Please join us and help the project by:
- Reporting issues.
- Contributing code and documentation.
- Opening a pull request on one of our "good first issues".