Research: Future DAMAP frontend architecture

[bitmotivator]

This issue describes our current research work as to how the future architecture of the DAMAP frontend should look like.

Background

The current DAMAP frontend codebase consists of roughly 20,000 lines of code, which is unjustifiably large for a tool that is one, admittedly complex, form and a list view. Universities are expected to take this code and customize it for their installation, which means they need an on-staff developer who can keep track of DAMAP releases and adjust their customizations accordingly.

While @lpandath has provided us with a very well-written blueprint for limiting the potential blast radius of code changes and making it easier to implement customizations by creating well-defined APIs, currently only TU Wien and TU Graz are maintaining customizations for themselves and on behalf of other institutions. Our conversations with potential institutions wishing to adopt DAMAP for their uses has shown that there is very little appetite for having on-staff developers who need to constantly adapt their frontend to changes. Work on other, similarly structured projects has also shown that these customizations tend to lead to inconsistent UI design because the people working on the per-university projects are not UX experts, but rather software developers with little to no experience in UI design. Finally, it is also hard to maintain accessibility standards (both theoretical, like WCAG and practical by testing with screen readers and other assistive devices) if universities are left to figure accessibility out on their own for their custom components.

We have already taken steps to create a more unified DAMAP installation, such as integrating the Elsevier Pure CRIS system directly. Having these integrations work without the need to modify and recompile the source code will make on premises deployments significantly easier, especially when Kubernetes is involved, for which we now have automated Helm chart deployments.

In parallel, we are also pursuing a shared instance deployment on ARI&Snet so users of academic institutions can simply log in with their eduID or ORCID ID and start creating DMPs without any deployments needed.

We should explore creating a frontend architecture that allows institutions to apply customizations without the need of software development work, purely by configuring these customizations using the admin interface or by providing a schema description for form fields.

University requirements

As far as we can tell, universities have the following requirements when it comes to frontend customizations:

• Changing the name of the tool
• Changing the logo on the login page and in the tool
• Adapting colors (primary, secondary, etc)
• Changing explanation texts inside the form
• Changing supplementary texts, such as privacy policy, etc.
• Adding new fields to the form
• Creating a custom template for document output (not a frontend consideration)

Prior work

As a work on his thesis, @DanceaVlad has created a project exploring the possibility of creating a fully dynamic document store based on JSON Forms that would allow full customizability of document structures. One of the schemas used in this experiment was the RDA DMP Common Standard JSON schema, which is the future exchange format between DMP tools.

Research questions

1. Is Angular still the right tool? This framework comes with "batteries included", meaning it can take care of everything. However, given the expansive codebase we have experienced that Angular itself can be the cause of issues and may require large modifications on upgrades. In recent years, browsers have added support for shadow DOM and custom HTML elements, which together make up the concept of webcomponents. Therefore, we have to ask ourselves the question if using a heavy-weight framework like Angular is still justifiable for a tool that is, for all intents and purposes, one form and one list view. Preact and other, more light-weight frameworks should also be considered.
2. Should we use a Single Page App (the entire page being controlled by one JavaScript application), or should we create separate apps for the form and list view? While SPAs have a benefit when it comes to managing large and complex data, none of that applies here. As mentioned before, we have one form and one list view.
3. How should we handle authentication? Currently, the authentication is performed using the authorization code OIDC flow with PKCE, which is somewhat duplicated between the frontend and backend. Is there a way to relegate this completely to the backend so we can reduce complexity in the frontend? This is especially relevant since we want to support multiple authentication providers in parallel, such as ORCID, eduID, and institutional authentication.
4. How do we create and maintain a consistent user interface appearance? The current form has organically grown over the years, without any consistent user interface design. Spacing between elements is fairly arbitrary, custom styles being applied on a per-element basis (for example here). Is there a way to apply a consistent set of rules and make it harder to apply per-component styling and spacing, which is hard to maintain in a consistent fashion? Does applying this make maintenance easier?
5. Can we ensure accessibility? This goes for both theoretical accessibility, such as WCAG 2 as well as practical testing with assistive devices such as the widely used NVDA screen reader. This is especially important since most if not all of our users are state-funded educational institutions that have a legal mandate to provide accessible services. (Likely references: Universitätsgesetz 2002, Bundes-Behindertengleichstellungsgesetz)
6. How much can we cut from the frontend? Assuming we can move a lot of data, such as list of licenses, which are currently hard- and hand-coded in the frontend, to either the backend to query via an API, or to auto-generated code using OpenAPI code generators, can we cut the maintenance burden on the frontend side?
7. Do we recreate the frontend or refactor the current one? Given the amount of refactoring that would be needed on the current codebase, it might be easier to recreate it from scratch.

[bitmotivator]

@lpandath @GeoffreyKarnbach @BlueTechie since we are now working on this issue across universities, please make sure to post any experiments you do (test repos, etc) as well as preliminary findings and opinions here so the others can keep up to date. Updates don't need to be definitive, let's just make sure that we get some movement on this issue.

[bitmotivator]

In case this is helpful, here's a manually fixed OpenAPI document for DAMAP ( see damap-org/damap-backend#394 )

openapi.yaml

``` --- openapi: 3.0.3 info: title: DAMAP API version: 4.5.0 paths: /api/access: post: tags: - Access Resource requestBody: content: application/json: schema: $ref: "#/components/schemas/AccessDO" responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/AccessDO" "401": description: Not Authorized "403": description: Not Allowed security: - SecurityScheme: [] /api/access/dmps/{id}: get: tags: - Access Resource parameters: - name: id in: path required: true schema: type: string responses: "200": description: OK content: application/json: schema: type: array items: $ref: "#/components/schemas/ContributorDO" "401": description: Not Authorized "403": description: Not Allowed security: - SecurityScheme: [] /api/access/{id}: delete: tags: - Access Resource parameters: - name: id in: path required: true schema: type: string responses: "204": description: No Content "401": description: Not Authorized "403": description: Not Allowed security: - SecurityScheme: [] /api/admin/banner: get: tags: - Admin Resource responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/BannerDO" "401": description: Not Authorized "403": description: Not Allowed security: - SecurityScheme: [] put: tags: - Admin Resource requestBody: content: application/json: schema: $ref: "#/components/schemas/BannerDO" responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/BannerDO" "401": description: Not Authorized "403": description: Not Allowed security: - SecurityScheme: - Damap Admin post: tags: - Admin Resource requestBody: content: application/json: schema: $ref: "#/components/schemas/BannerDO" responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/BannerDO" "401": description: Not Authorized "403": description: Not Allowed security: - SecurityScheme: - Damap Admin delete: tags: - Admin Resource responses: "204": description: No Content "401": description: Not Authorized "403": description: Not Allowed security: - SecurityScheme: - Damap Admin /api/config: get: tags: - Config Resource responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/ConfigDO" /api/consent: get: tags: - Consent Resource responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/ConsentDO" "401": description: Not Authorized "403": description: Not Allowed security: - SecurityScheme: [] post: tags: - Consent Resource requestBody: content: application/json: schema: $ref: "#/components/schemas/ConsentDO" responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/ConsentDO" "401": description: Not Authorized "403": description: Not Allowed security: - SecurityScheme: [] /api/dmps: post: tags: - Data Management Plan Resource requestBody: content: application/json: schema: $ref: "#/components/schemas/DmpDO" responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/DmpDO" "401": description: Not Authorized "403": description: Not Allowed security: - SecurityScheme: [] /api/dmps/all: get: tags: - Data Management Plan Resource responses: "200": description: OK content: application/json: schema: type: array items: $ref: "#/components/schemas/DmpListItemDO" "401": description: Not Authorized "403": description: Not Allowed security: - SecurityScheme: - Damap Admin /api/dmps/list: get: tags: - Data Management Plan Resource responses: "200": description: OK content: application/json: schema: type: array items: $ref: "#/components/schemas/DmpListItemDO" "401": description: Not Authorized "403": description: Not Allowed security: - SecurityScheme: [] /api/dmps/{id}: get: tags: - Data Management Plan Resource parameters: - name: id in: path required: true schema: type: string responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/DmpDO" "401": description: Not Authorized "403": description: Not Allowed security: - SecurityScheme: [] put: tags: - Data Management Plan Resource parameters: - name: id in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: "#/components/schemas/DmpDO" responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/DmpDO" "401": description: Not Authorized "403": description: Not Allowed security: - SecurityScheme: [] delete: tags: - Data Management Plan Resource parameters: - name: id in: path required: true schema: type: string responses: "204": description: No Content "401": description: Not Authorized "403": description: Not Allowed security: - SecurityScheme: [] /api/dmps/{id}/{revision}: get: tags: - Data Management Plan Resource parameters: - name: id in: path required: true schema: type: string - name: revision in: path required: true schema: format: int64 type: integer responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/DmpDO" "401": description: Not Authorized "403": description: Not Allowed security: - SecurityScheme: [] /api/document/{dmpId}: get: tags: - Dmp Document Resource parameters: - name: dmpId in: path required: true schema: format: int64 type: integer - name: template in: query schema: $ref: "#/components/schemas/ETemplateType" responses: "200": description: OK "401": description: Not Authorized "403": description: Not Allowed deprecated: true security: - SecurityScheme: [] /api/document/{dmpId}/export: get: tags: - Dmp Document Resource parameters: - name: dmpId in: path required: true schema: format: int64 type: integer - name: download in: query schema: default: "true" type: boolean - name: filetype in: query schema: default: docx type: string - name: template in: query schema: $ref: "#/components/schemas/ETemplateType" responses: "200": description: OK "401": description: Not Authorized "403": description: Not Allowed security: - SecurityScheme: [] /api/document/{dmpId}/template_type: get: tags: - Dmp Document Resource parameters: - name: dmpId in: path required: true schema: format: int64 type: integer responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/ETemplateType" "401": description: Not Authorized "403": description: Not Allowed security: - SecurityScheme: [] /api/fits/examine: post: tags: - Fits Resource requestBody: content: multipart/form-data: schema: $ref: "#/components/schemas/MultipartBodyDO" responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/DatasetDO" "401": description: Not Authorized "403": description: Not Allowed security: - SecurityScheme: [] /api/gdpr: get: tags: - Gdpr Resource responses: "200": description: OK content: application/json: schema: type: array items: $ref: "#/components/schemas/GdprResult" "401": description: Not Authorized "403": description: Not Allowed security: - SecurityScheme: [] /api/gdpr/extended: get: tags: - Gdpr Resource responses: "200": description: OK content: application/json: schema: type: array items: $ref: "#/components/schemas/GdprResult" "401": description: Not Authorized "403": description: Not Allowed security: - SecurityScheme: [] /api/madmp/file/{id}: get: tags: - Ma Dmp Resource parameters: - name: id in: path required: true schema: format: int64 type: integer responses: "200": description: OK "401": description: Not Authorized "403": description: Not Allowed security: - SecurityScheme: [] /api/madmp/{id}: get: tags: - Ma Dmp Resource parameters: - name: id in: path required: true schema: format: int64 type: integer responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/Dmp" "401": description: Not Authorized "403": description: Not Allowed security: - SecurityScheme: [] /api/madmps: get: tags: - Invenio DAMAP Resource responses: "200": description: OK content: application/json: schema: type: array items: $ref: "#/components/schemas/DmpDO" post: tags: - Invenio DAMAP Resource requestBody: content: application/json: schema: $ref: "#/components/schemas/DMPPayload" responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/DmpDO" /api/openaire: get: tags: - Open Aire Resource parameters: - name: doi in: query schema: type: string responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/DatasetDO" "401": description: Not Authorized "403": description: Not Allowed security: - SecurityScheme: [] /api/persons: get: tags: - Person Resource responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/ResultListContributorDO" /api/persons/{id}: get: tags: - Person Resource parameters: - name: id in: path required: true schema: type: string responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/ContributorDO" /api/projects: get: tags: - Project Resource responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/ResultListProjectDO" /api/projects/recommended: get: tags: - Project Resource responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/ResultListProjectDO" "401": description: Not Authorized "403": description: Not Allowed security: - SecurityScheme: [] /api/projects/{id}/staff: get: tags: - Project Resource parameters: - name: id in: path required: true schema: type: string responses: "200": description: OK content: application/json: schema: type: array items: $ref: "#/components/schemas/ContributorDO" "401": description: Not Authorized "403": description: Not Allowed security: - SecurityScheme: [] /api/repositories: get: tags: - Repositories Resource responses: "200": description: OK content: application/json: schema: type: array items: $ref: "#/components/schemas/Repository" "401": description: Not Authorized "403": description: Not Allowed security: - SecurityScheme: [] /api/repositories/recommended: get: tags: - Repositories Resource responses: "200": description: OK content: application/json: schema: type: array items: $ref: "#/components/schemas/RepositoryDetails" "401": description: Not Authorized "403": description: Not Allowed security: - SecurityScheme: [] /api/repositories/search: get: tags: - Repositories Resource responses: "200": description: OK content: application/json: schema: type: array items: $ref: "#/components/schemas/Repository" "401": description: Not Authorized "403": description: Not Allowed security: - SecurityScheme: [] /api/repositories/{id}: get: tags: - Repositories Resource parameters: - name: id in: path required: true schema: type: string responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/RepositoryDetails" "401": description: Not Authorized "403": description: Not Allowed security: - SecurityScheme: [] /api/storages: get: tags: - Internal Storage Resource responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/ResultListInternalStorageDO" "401": description: Not Authorized "403": description: Not Allowed security: - SecurityScheme: [] post: tags: - Internal Storage Resource requestBody: content: application/json: schema: $ref: "#/components/schemas/InternalStorageDO" responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/InternalStorageDO" "401": description: Not Authorized "403": description: Not Allowed security: - SecurityScheme: - Damap Admin /api/storages/{id}: get: tags: - Internal Storage Resource parameters: - name: id in: path required: true schema: type: string responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/InternalStorageDO" "401": description: Not Authorized "403": description: Not Allowed security: - SecurityScheme: [] put: tags: - Internal Storage Resource parameters: - name: id in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: "#/components/schemas/InternalStorageDO" responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/InternalStorageDO" "401": description: Not Authorized "403": description: Not Allowed security: - SecurityScheme: - Damap Admin delete: tags: - Internal Storage Resource parameters: - name: id in: path required: true schema: type: string responses: "204": description: No Content "401": description: Not Authorized "403": description: Not Allowed security: - SecurityScheme: - Damap Admin /api/storages/{storageId}/translations: get: tags: - Internal Storage Translation Resource parameters: - name: storageId in: path required: true schema: type: string responses: "200": description: OK content: application/json: schema: type: array items: $ref: "#/components/schemas/InternalStorageTranslationDO" "401": description: Not Authorized "403": description: Not Allowed security: - SecurityScheme: [] post: tags: - Internal Storage Translation Resource parameters: - name: storageId in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: "#/components/schemas/InternalStorageTranslationDO" responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/InternalStorageTranslationDO" /api/storages/{storageId}/translations/{id}: get: tags: - Internal Storage Translation Resource parameters: - name: storageId in: path required: true schema: type: string - name: id in: path required: true schema: type: string responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/InternalStorageTranslationDO" put: tags: - Internal Storage Translation Resource parameters: - name: storageId in: path required: true schema: type: string - name: id in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: "#/components/schemas/InternalStorageTranslationDO" responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/InternalStorageTranslationDO" delete: tags: - Internal Storage Translation Resource parameters: - name: storageId in: path required: true schema: type: string - name: id in: path required: true schema: type: string responses: "204": description: No Content /api/versions: put: tags: - Version Resource requestBody: content: application/json: schema: $ref: "#/components/schemas/VersionDO" responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/VersionDO" "401": description: Not Authorized "403": description: Not Allowed security: - SecurityScheme: [] /api/versions/list/{id}: get: tags: - Version Resource parameters: - name: id in: path required: true schema: type: string responses: "200": description: OK content: application/json: schema: type: array items: $ref: "#/components/schemas/VersionDO" "401": description: Not Authorized "403": description: Not Allowed security: - SecurityScheme: [] components: schemas: AccessDO: required: - dmpId - access type: object properties: id: format: int64 type: integer universityId: maxLength: 255 type: string personId: $ref: "#/components/schemas/IdentifierDO" firstName: maxLength: 255 type: string lastName: maxLength: 255 type: string mbox: maxLength: 255 type: string affiliation: maxLength: 255 type: string affiliationId: $ref: "#/components/schemas/IdentifierDO" contact: type: boolean role: $ref: "#/components/schemas/EContributorRole" roleInProject: type: string dmpId: format: int64 minimum: 0 exclusiveMinimum: true type: integer access: $ref: "#/components/schemas/EFunctionRole" start: $ref: "#/components/schemas/Date" until: $ref: "#/components/schemas/Date" BannerDO: type: object properties: title: maxLength: 255 type: string description: maxLength: 255 type: string dismissible: type: boolean color: maxLength: 255 type: string CertifiedWith: enum: - din31644 - dini-zertifikat - dsa - iso16363 - iso16919 - trac - wds - coretrustseal type: string ConfigDO: type: object properties: authUrl: type: string authClient: type: string authScope: type: string authUser: type: string env: type: string personSearchServiceConfigs: type: array items: $ref: "#/components/schemas/ServiceConfig" fitsServiceAvailable: type: boolean livePreviewAvailable: type: boolean ethicalReportEnabled: type: boolean appTitle: type: string ConsentDO: type: object properties: id: format: int64 type: integer universityId: type: string consentGiven: type: boolean givenDate: $ref: "#/components/schemas/Date" Contact: type: object properties: contact_id: $ref: "#/components/schemas/ContactId" mbox: type: string name: type: string ContactId: type: object properties: identifier: type: string type: $ref: "#/components/schemas/Type6" Contributor: type: object properties: contributor_id: $ref: "#/components/schemas/ContributorId" mbox: type: string name: type: string role: uniqueItems: true type: array items: type: string ContributorDO: type: object properties: id: format: int64 type: integer universityId: maxLength: 255 type: string personId: $ref: "#/components/schemas/IdentifierDO" firstName: maxLength: 255 type: string lastName: maxLength: 255 type: string mbox: maxLength: 255 type: string affiliation: maxLength: 255 type: string affiliationId: $ref: "#/components/schemas/IdentifierDO" contact: type: boolean role: $ref: "#/components/schemas/EContributorRole" roleInProject: type: string ContributorId: type: object properties: identifier: type: string type: $ref: "#/components/schemas/Type5" Cost: type: object properties: currency_code: $ref: "#/components/schemas/CurrencyCode" description: type: string title: type: string value: format: double type: number CostDO: type: object properties: id: format: int64 type: integer title: maxLength: 255 type: string value: format: float type: number currencyCode: maxLength: 255 type: string description: maxLength: 4000 type: string type: $ref: "#/components/schemas/ECostType" customType: maxLength: 255 type: string CurrencyCode: enum: - AED - AFN - ALL - AMD - ANG - AOA - ARS - AUD - AWG - AZN - BAM - BBD - BDT - BGN - BHD - BIF - BMD - BND - BOB - BRL - BSD - BTN - BWP - BYN - BZD - CAD - CDF - CHF - CLP - CNY - COP - CRC - CUC - CUP - CVE - CZK - DJF - DKK - DOP - DZD - EGP - ERN - ETB - EUR - FJD - FKP - GBP - GEL - GGP - GHS - GIP - GMD - GNF - GTQ - GYD - HKD - HNL - HRK - HTG - HUF - IDR - ILS - IMP - INR - IQD - IRR - ISK - JEP - JMD - JOD - JPY - KES - KGS - KHR - KMF - KPW - KRW - KWD - KYD - KZT - LAK - LBP - LKR - LRD - LSL - LYD - MAD - MDL - MGA - MKD - MMK - MNT - MOP - MRU - MUR - MVR - MWK - MXN - MYR - MZN - NAD - NGN - NIO - NOK - NPR - NZD - OMR - PAB - PEN - PGK - PHP - PKR - PLN - PYG - QAR - RON - RSD - RUB - RWF - SAR - SBD - SCR - SDG - SEK - SGD - SHP - SLL - SOS - SPL* - SRD - STN - SVC - SYP - SZL - THB - TJS - TMT - TND - TOP - TRY - TTD - TVD - TWD - TZS - UAH - UGX - USD - UYU - UZS - VEF - VND - VUV - WST - XAF - XCD - XDR - XOF - XPF - YER - ZAR - ZMW - ZWD type: string DMPPayload: type: object properties: dmp_id: format: int64 type: integer dataset: $ref: "#/components/schemas/Dataset" DataAccess: enum: - open - shared - closed type: string Dataset: type: object properties: data_quality_assurance: type: array items: type: string dataset_id: $ref: "#/components/schemas/DatasetId" description: type: string distribution: type: array items: $ref: "#/components/schemas/Distribution" issued: type: string keyword: type: array items: type: string language: $ref: "#/components/schemas/Language1" metadata: type: array items: $ref: "#/components/schemas/Metadatum" personal_data: $ref: "#/components/schemas/PersonalData" preservation_statement: type: string security_and_privacy: type: array items: $ref: "#/components/schemas/SecurityAndPrivacy" sensitive_data: $ref: "#/components/schemas/SensitiveData" technical_resource: type: array items: $ref: "#/components/schemas/TechnicalResource" title: type: string type: type: string DatasetDO: type: object properties: id: format: int64 type: integer title: maxLength: 255 type: string type: type: array items: $ref: "#/components/schemas/EDataType" fileFormat: type: string size: format: int64 type: integer description: type: string personalData: type: boolean sensitiveData: type: boolean legalRestrictions: type: boolean license: maxLength: 255 type: string allOf: - $ref: "#/components/schemas/ELicense" startDate: $ref: "#/components/schemas/Date" referenceHash: maxLength: 255 type: string dataAccess: $ref: "#/components/schemas/EDataAccessType" selectedProjectMembersAccess: $ref: "#/components/schemas/EAccessRight" otherProjectMembersAccess: $ref: "#/components/schemas/EAccessRight" publicAccess: $ref: "#/components/schemas/EAccessRight" delete: type: boolean dateOfDeletion: $ref: "#/components/schemas/Date" reasonForDeletion: maxLength: 4000 type: string deletionPerson: $ref: "#/components/schemas/ContributorDO" retentionPeriod: format: int32 type: integer datasetId: $ref: "#/components/schemas/IdentifierDO" source: $ref: "#/components/schemas/EDataSource" technicalResources: type: array items: $ref: "#/components/schemas/TechnicalResourceDO" DatasetId: type: object properties: identifier: type: string type: $ref: "#/components/schemas/Type4" Date: format: date type: string example: 2022-03-10 Distribution: type: object properties: access_url: type: string available_until: type: string byte_size: format: int32 type: integer data_access: $ref: "#/components/schemas/DataAccess" description: type: string download_url: format: uri type: string format: type: array items: type: string host: $ref: "#/components/schemas/Host" license: type: array items: $ref: "#/components/schemas/License" title: type: string Dmp: type: object properties: contact: $ref: "#/components/schemas/Contact" contributor: type: array items: $ref: "#/components/schemas/Contributor" cost: type: array items: $ref: "#/components/schemas/Cost" created: $ref: "#/components/schemas/Date" dataset: type: array items: $ref: "#/components/schemas/Dataset" description: type: string dmp_id: $ref: "#/components/schemas/DmpId" ethical_issues_description: type: string ethical_issues_exist: $ref: "#/components/schemas/EthicalIssuesExist" ethical_issues_report: format: uri type: string language: $ref: "#/components/schemas/Language" modified: $ref: "#/components/schemas/Date" project: type: array items: $ref: "#/components/schemas/Project" title: type: string DmpDO: type: object properties: id: format: int64 type: integer title: maxLength: 255 type: string created: $ref: "#/components/schemas/Date" modified: $ref: "#/components/schemas/Date" description: type: string project: $ref: "#/components/schemas/ProjectDO" dataKind: $ref: "#/components/schemas/EDataKind" reusedDataKind: $ref: "#/components/schemas/EDataKind" contributors: type: array items: $ref: "#/components/schemas/ContributorDO" noDataExplanation: maxLength: 4000 type: string metadata: maxLength: 4000 type: string dataGeneration: maxLength: 4000 type: string structure: maxLength: 4000 type: string dataQuality: type: array items: $ref: "#/components/schemas/EDataQualityType" otherDataQuality: maxLength: 4000 type: string targetAudience: maxLength: 4000 type: string tools: maxLength: 4000 type: string restrictedDataAccess: maxLength: 4000 type: string personalData: type: boolean personalDataCris: type: boolean personalDataCompliance: type: array items: $ref: "#/components/schemas/EComplianceType" otherPersonalDataCompliance: maxLength: 4000 type: string sensitiveData: type: boolean sensitiveDataCris: type: boolean sensitiveDataSecurity: type: array items: $ref: "#/components/schemas/ESecurityMeasure" otherDataSecurityMeasures: maxLength: 4000 type: string sensitiveDataAccess: maxLength: 4000 type: string legalRestrictions: type: boolean legalRestrictionsCris: type: boolean legalRestrictionsDocuments: type: array items: $ref: "#/components/schemas/EAgreement" otherLegalRestrictionsDocument: maxLength: 4000 type: string legalRestrictionsComment: maxLength: 4000 type: string dataRightsAndAccessControl: maxLength: 4000 type: string humanParticipants: type: boolean humanParticipantsCris: type: boolean ethicalIssuesExist: type: boolean ethicalIssuesExistCris: type: boolean committeeReviewed: type: boolean committeeReviewedCris: type: boolean ethicalIssuesReport: maxLength: 255 type: string datasets: type: array items: $ref: "#/components/schemas/DatasetDO" repositories: type: array items: $ref: "#/components/schemas/RepositoryDO" storage: type: array items: $ref: "#/components/schemas/StorageDO" externalStorage: type: array items: $ref: "#/components/schemas/ExternalStorageDO" externalStorageInfo: maxLength: 4000 type: string restrictedAccessInfo: maxLength: 4000 type: string closedAccessInfo: maxLength: 4000 type: string costsExist: type: boolean costsExistCris: type: boolean costs: type: array items: $ref: "#/components/schemas/CostDO" documentation: maxLength: 4000 type: string contact: $ref: "#/components/schemas/ContributorDO" DmpId: type: object properties: identifier: type: string type: $ref: "#/components/schemas/Type2" DmpListItemDO: type: object properties: id: format: int64 type: integer title: type: string contact: $ref: "#/components/schemas/ContributorDO" created: $ref: "#/components/schemas/Date" modified: $ref: "#/components/schemas/Date" description: type: string project: $ref: "#/components/schemas/ProjectDO" accessType: $ref: "#/components/schemas/EFunctionRole" versionCount: format: int64 type: integer latestVersionName: type: string EAccessRight: enum: - READ - WRITE - NONE type: string EAgreement: enum: - CONSORTIUM_AGREEMENT - DATA_PROCESSING_AGREEMENT - JOINT_CONTROL_AGREEMENT - CONFIDENTIALITY_AGREEMENT - OTHER type: string EComplianceType: enum: - INFORMED_CONSENT - ANONYMISATION - PSEUDONYMISATION - ENCRYPTION - OTHER type: string EContributorRole: enum: - DATA_COLLECTOR - DATA_CURATOR - DATA_MANAGER - DISTRIBUTOR - EDITOR - HOSTING_INSTITUTION - PRODUCER - PROJECT_LEADER - PROJECT_MANAGER - PROJECT_MEMBER - REGISTRATION_AGENCY - REGISTRATION_AUTHORITY - RELATED_PERSON - RESEARCHER - RESEARCH_GROUP - RIGHTS_HOLDER - SPONSOR - SUPERVISOR - WORK_PACKAGE_LEADER - PRINCIPAL_INVESTIGATOR - PROJECT_COORDINATOR - OTHER type: string ECostType: enum: - DATA_ACQUISITION - DATABASE - FILE_BASED_STORAGE - HARDWARE_AND_INFRASTRUCTURE - LEGAL_ADVICE - PERSONNEL - REPOSITORY - SOFTWARE_LICENSE - TRAINING - OTHER type: string EDataAccessType: enum: - OPEN - RESTRICTED - CLOSED type: string EDataKind: enum: - UNKNOWN - NONE - SPECIFY type: string EDataQualityType: enum: - CALIBRATION - REPEATED_SAMPLES_OR_MEASUREMENTS - STANDARDISED_DATA_CAPTURE - DATA_ENTRY_VALIDATION - PEER_REVIEW_OF_DATA - REPRESENTATION_WITH_CONTROLLED_VOCABULARIES - OTHERS type: string EDataSource: enum: - NEW - REUSED type: string EDataType: enum: - STANDARD_OFFICE_DOCUMENTS - NETWORKBASED_DATA - DATABASES - IMAGES - STRUCTURED_GRAPHICS - AUDIOVISUAL_DATA - SCIENTIFIC_STATISTICAL_DATA - RAW_DATA - PLAIN_TEXT - STRUCTURED_TEXT - ARCHIVED_DATA - SOFTWARE_APPLICATIONS - SOURCE_CODE - CONFIGURATION_DATA - OTHER type: string EFunctionRole: enum: - ADMIN - EDITOR - GUEST - OWNER - SUPPORT type: string EFundingState: enum: - PLANNED - APPLIED - GRANTED - REJECTED - UNSPECIFIED type: string EIdentifierType: enum: - ORCID - ISNI - OPENID - OTHER - HANDLE - DOI - ARK - URL - HDL - PURL - URN - FUNDREF - ROR type: string ELicense: enum: - AGPL1 - AGPL1PLUS - AGPL3 - AGPL3PLUS - APACHE1 - APACHE1_1 - APACHE2 - ARTISTIC1 - ARTISTIC1PERL - ARTISTIC2 - BSD2C - BSD3C - CCBY - CCBYNC - CCBYNCND - CCBYNCSA - CCBYND - CCBYSA - CCPUBLICDOMAIN - CCZERO - CDDL1 - CDDL1_1 - EPL1 - EPL2 - GPL2 - GPL2PLUS - GPL3 - GPL3PLUS - LGPL2 - LGPL2PLUS - LGPL2_1 - LGPL2_1PLUS - LGPL3 - LGPL3PLUS - MIT - MPL1 - MPL1_1 - MPL2 - ODBL - ODCBY - PDDL type: string ESecurityMeasure: enum: - INDIVIDUAL_LOGIN - ADDITIONAL_LOGIN - AUTOMATIC_LOCKING_OF_CLIENTS - ENCRYPTION_OF_SYSTEMS - LOCKED_STORAGE - OTHER type: string ETemplateType: enum: - SCIENCE_EUROPE - FWF - HORIZON_EUROPE type: string EthicalIssuesExist: enum: - "yes" - "no" - unknown type: string ExternalStorageDO: type: object properties: id: format: int64 type: integer title: maxLength: 255 type: string datasets: type: array items: type: string url: maxLength: 255 type: string backupFrequency: maxLength: 255 type: string storageLocation: maxLength: 255 type: string backupLocation: maxLength: 255 type: string FunderId: type: object properties: identifier: type: string type: $ref: "#/components/schemas/Type1" Funding: type: object properties: funder_id: $ref: "#/components/schemas/FunderId" funding_status: $ref: "#/components/schemas/FundingStatus" grant_id: $ref: "#/components/schemas/GrantId" FundingDO: type: object properties: id: format: int64 type: integer fundingName: type: string fundingProgram: type: string funderId: $ref: "#/components/schemas/IdentifierDO" grantId: $ref: "#/components/schemas/IdentifierDO" fundingStatus: $ref: "#/components/schemas/EFundingState" FundingStatus: enum: - planned - applied - granted - rejected type: string GdprResult: type: object properties: entity: type: string entries: type: array items: type: object additionalProperties: {} GeoLocation: enum: - AD - AE - AF - AG - AI - AL - AM - AO - AQ - AR - AS - AT - AU - AW - AX - AZ - BA - BB - BD - BE - BF - BG - BH - BI - BJ - BL - BM - BN - BO - BQ - BR - BS - BT - BV - BW - BY - BZ - CA - CC - CD - CF - CG - CH - CI - CK - CL - CM - CN - CO - CR - CU - CV - CW - CX - CY - CZ - DE - DJ - DK - DM - DO - DZ - EC - EE - EG - EH - ER - ES - ET - FI - FJ - FK - FM - FO - FR - GA - GB - GD - GE - GF - GG - GH - GI - GL - GM - GN - GP - GQ - GR - GS - GT - GU - GW - GY - HK - HM - HN - HR - HT - HU - ID - IE - IL - IM - IN - IO - IQ - IR - IS - IT - JE - JM - JO - JP - KE - KG - KH - KI - KM - KN - KP - KR - KW - KY - KZ - LA - LB - LC - LI - LK - LR - LS - LT - LU - LV - LY - MA - MC - MD - ME - MF - MG - MH - MK - ML - MM - MN - MO - MP - MQ - MR - MS - MT - MU - MV - MW - MX - MY - MZ - NA - NC - NE - NF - NG - NI - NL - "NO" - NP - NR - NU - NZ - OM - PA - PE - PF - PG - PH - PK - PL - PM - PN - PR - PS - PT - PW - PY - QA - RE - RO - RS - RU - RW - SA - SB - SC - SD - SE - SG - SH - SI - SJ - SK - SL - SM - SN - SO - SR - SS - ST - SV - SX - SY - SZ - TC - TD - TF - TG - TH - TJ - TK - TL - TM - TN - TO - TR - TT - TV - TW - TZ - UA - UG - UM - US - UY - UZ - VA - VC - VE - VG - VI - VN - VU - WF - WS - YE - YT - ZA - ZM - ZW type: string GrantId: type: object properties: identifier: type: string type: $ref: "#/components/schemas/Type" Host: type: object properties: availability: type: string backup_frequency: type: string backup_type: type: string certified_with: $ref: "#/components/schemas/CertifiedWith" description: type: string geo_location: $ref: "#/components/schemas/GeoLocation" pid_system: type: array items: $ref: "#/components/schemas/PidSystem" storage_type: type: string support_versioning: $ref: "#/components/schemas/SupportVersioning" title: type: string url: format: uri type: string IdentifierDO: type: object properties: identifier: maxLength: 255 type: string type: $ref: "#/components/schemas/EIdentifierType" InternalStorageDO: required: - url - storageLocation - active type: object properties: id: format: int64 type: integer url: pattern: \S type: string storageLocation: pattern: \S type: string backupLocation: type: string active: type: boolean translations: type: array items: $ref: "#/components/schemas/InternalStorageTranslationDO" InternalStorageTranslationDO: required: - languageCode - title type: object properties: id: format: int64 type: integer storageId: format: int64 type: integer languageCode: pattern: \S type: string title: pattern: \S type: string description: type: string backupFrequency: type: string Language: enum: - aar - abk - afr - aka - amh - ara - arg - asm - ava - ave - aym - aze - bak - bam - bel - ben - bih - bis - bod - bos - bre - bul - cat - ces - cha - che - chu - chv - cor - cos - cre - cym - dan - deu - div - dzo - ell - eng - epo - est - eus - ewe - fao - fas - fij - fin - fra - fry - ful - gla - gle - glg - glv - grn - guj - hat - hau - hbs - heb - her - hin - hmo - hrv - hun - hye - ibo - ido - iii - iku - ile - ina - ind - ipk - isl - ita - jav - jpn - kal - kan - kas - kat - kau - kaz - khm - kik - kin - kir - kom - kon - kor - kua - kur - lao - lat - lav - lim - lin - lit - ltz - lub - lug - mah - mal - mar - mkd - mlg - mlt - mon - mri - msa - mya - nau - nav - nbl - nde - ndo - nep - nld - nno - nob - nor - nya - oci - oji - ori - orm - oss - pan - pli - pol - por - pus - que - roh - ron - run - rus - sag - san - sin - slk - slv - sme - smo - sna - snd - som - sot - spa - sqi - srd - srp - ssw - sun - swa - swe - tah - tam - tat - tel - tgk - tgl - tha - tir - ton - tsn - tso - tuk - tur - twi - uig - ukr - urd - uzb - ven - vie - vol - wln - wol - xho - yid - yor - zha - zho - zul type: string Language1: enum: - aar - abk - afr - aka - amh - ara - arg - asm - ava - ave - aym - aze - bak - bam - bel - ben - bih - bis - bod - bos - bre - bul - cat - ces - cha - che - chu - chv - cor - cos - cre - cym - dan - deu - div - dzo - ell - eng - epo - est - eus - ewe - fao - fas - fij - fin - fra - fry - ful - gla - gle - glg - glv - grn - guj - hat - hau - hbs - heb - her - hin - hmo - hrv - hun - hye - ibo - ido - iii - iku - ile - ina - ind - ipk - isl - ita - jav - jpn - kal - kan - kas - kat - kau - kaz - khm - kik - kin - kir - kom - kon - kor - kua - kur - lao - lat - lav - lim - lin - lit - ltz - lub - lug - mah - mal - mar - mkd - mlg - mlt - mon - mri - msa - mya - nau - nav - nbl - nde - ndo - nep - nld - nno - nob - nor - nya - oci - oji - ori - orm - oss - pan - pli - pol - por - pus - que - roh - ron - run - rus - sag - san - sin - slk - slv - sme - smo - sna - snd - som - sot - spa - sqi - srd - srp - ssw - sun - swa - swe - tah - tam - tat - tel - tgk - tgl - tha - tir - ton - tsn - tso - tuk - tur - twi - uig - ukr - urd - uzb - ven - vie - vol - wln - wol - xho - yid - yor - zha - zho - zul type: string Language2: enum: - aar - abk - afr - aka - amh - ara - arg - asm - ava - ave - aym - aze - bak - bam - bel - ben - bih - bis - bod - bos - bre - bul - cat - ces - cha - che - chu - chv - cor - cos - cre - cym - dan - deu - div - dzo - ell - eng - epo - est - eus - ewe - fao - fas - fij - fin - fra - fry - ful - gla - gle - glg - glv - grn - guj - hat - hau - hbs - heb - her - hin - hmo - hrv - hun - hye - ibo - ido - iii - iku - ile - ina - ind - ipk - isl - ita - jav - jpn - kal - kan - kas - kat - kau - kaz - khm - kik - kin - kir - kom - kon - kor - kua - kur - lao - lat - lav - lim - lin - lit - ltz - lub - lug - mah - mal - mar - mkd - mlg - mlt - mon - mri - msa - mya - nau - nav - nbl - nde - ndo - nep - nld - nno - nob - nor - nya - oci - oji - ori - orm - oss - pan - pli - pol - por - pus - que - roh - ron - run - rus - sag - san - sin - slk - slv - sme - smo - sna - snd - som - sot - spa - sqi - srd - srp - ssw - sun - swa - swe - tah - tam - tat - tel - tgk - tgl - tha - tir - ton - tsn - tso - tuk - tur - twi - uig - ukr - urd - uzb - ven - vie - vol - wln - wol - xho - yid - yor - zha - zho - zul type: string License: type: object properties: license_ref: format: uri type: string start_date: type: string Link: type: object properties: value: type: string href: type: string xml: attribute: true rel: type: string xml: attribute: true MetadataStandardId: type: object properties: identifier: type: string type: $ref: "#/components/schemas/Type3" Metadatum: type: object properties: description: type: string language: $ref: "#/components/schemas/Language2" metadata_standard_id: $ref: "#/components/schemas/MetadataStandardId" MultipartBodyDO: type: object properties: file: format: binary type: string Pagination: type: object properties: page: format: int32 type: integer perPage: format: int32 type: integer numPages: format: int32 type: integer numTotalItems: format: int32 type: integer hasNext: type: boolean hasPrevious: type: boolean PersonalData: enum: - "yes" - "no" - unknown type: string PidSystem: enum: - ark - arxiv - bibcode - doi - ean13 - eissn - handle - igsn - isbn - issn - istc - lissn - lsid - pmid - purl - upc - url - urn - other type: string Project: type: object properties: description: type: string end: type: string funding: type: array items: $ref: "#/components/schemas/Funding" start: type: string title: type: string ProjectDO: type: object properties: id: format: int64 type: integer acronym: maxLength: 255 type: string universityId: maxLength: 255 type: string description: type: string title: maxLength: 255 type: string funding: $ref: "#/components/schemas/FundingDO" start: $ref: "#/components/schemas/Date" end: $ref: "#/components/schemas/Date" dmpExists: type: boolean funderSupported: type: boolean Repository: type: object properties: id: type: string doi: type: string name: type: string link: $ref: "#/components/schemas/Link" RepositoryDO: type: object properties: id: format: int64 type: integer title: maxLength: 255 type: string datasets: type: array items: type: string repositoryId: maxLength: 255 type: string RepositoryDetails: type: object properties: id: type: string name: type: string repositoryIdentifier: type: array items: type: string repositoryURL: type: string repositoryLanguages: type: array items: type: string description: type: string versioning: type: boolean contentTypes: type: array items: type: string metadataStandards: type: array items: type: string pidSystems: type: array items: $ref: "#/components/schemas/EIdentifierType" ResultListContributorDO: type: object properties: search: $ref: "#/components/schemas/Search" items: type: array items: $ref: "#/components/schemas/ContributorDO" ResultListInternalStorageDO: type: object properties: search: $ref: "#/components/schemas/Search" items: type: array items: $ref: "#/components/schemas/InternalStorageDO" ResultListProjectDO: type: object properties: search: $ref: "#/components/schemas/Search" items: type: array items: $ref: "#/components/schemas/ProjectDO" Search: type: object properties: pagination: $ref: "#/components/schemas/Pagination" query: type: string SecurityAndPrivacy: type: object properties: description: type: string title: type: string SensitiveData: enum: - "yes" - "no" - unknown type: string ServiceConfig: type: object properties: displayText: type: string queryValue: type: string class-name: type: string StorageDO: type: object properties: id: format: int64 type: integer title: maxLength: 255 type: string datasets: type: array items: type: string internalStorageId: format: int64 type: integer SupportVersioning: enum: - "yes" - "no" - unknown type: string TechnicalResource: type: object properties: description: type: string name: type: string TechnicalResourceDO: required: - name type: object properties: name: maxLength: 255 pattern: \S type: string description: maxLength: 4000 type: string Type: enum: - url - other type: string Type1: enum: - fundref - url - other type: string Type2: enum: - handle - doi - ark - url - other type: string Type3: enum: - url - other type: string Type4: enum: - handle - doi - ark - url - other type: string Type5: enum: - orcid - isni - openid - other type: string Type6: enum: - orcid - isni - openid - other type: string VersionDO: type: object properties: id: format: int64 type: integer dmpId: format: int64 type: integer revisionNumber: format: int64 type: integer versionName: type: string versionDate: $ref: "#/components/schemas/Date" editor: type: string securitySchemes: SecurityScheme: type: openIdConnect description: Authentication openIdConnectUrl: http://keycloak:8080/auth/realms/damap/.well-known/openid-configuration ```

[bitmotivator]

I also did a tiny experiment for Webcomponents, maybe this is also helpful:

src/framework.ts

export function jsx(
    tagName: string,
    attribs: Record<string, string>,
    ...children: HTMLElement[]
) {
    const element = document.createElement(tagName);
    for (const [attrib, value] of Object.entries(attribs || {})) {
        element.setAttribute(attrib, value);
    }
    for (const child of children) {
        if (typeof child === "string") {
            element.appendChild(document.createTextNode(child))
            continue
        }
        element.appendChild(child)
    }

    return element
}

export abstract class Component extends HTMLElement {
    static register(tagName: string, componentClass: any) {
        window.customElements.define(tagName, componentClass);
    }

    /**
     * Return an HTML element to be used for this component.
     */
    abstract getTemplate() : HTMLElement;

    constructor() {
        super();
        const shadowRoot = this.attachShadow({ mode: "open" })
        shadowRoot.appendChild(this.getTemplate())
    }
}

src/text-field.tsx

import {Component, jsx} from "./framework.js";

class TextField extends Component {
    getTemplate() {
        return <div className="textfield">
            <label>
                <slot name="label">Hello world!</slot>
            </label>
            <input type="text"/>
            <slot>

            </slot>
        </div>
    }
}

Component.register("text-field", TextField);

index.html

<!DOCTYPE html>
<html lang="en">
<head>
    <title>DAMAP</title>
</head>
<body>
    <text-field>
        <span slot="label">My Label</span>
    </text-field>
    <script type="module" src="dist/text-field.js"></script>
</body>
</html>

tsconfig.json

{
  "compilerOptions": {
    "target": "ES2020",
    "module": "ES2020",
    "jsx": "react",
    "jsxFactory": "jsx",
    "outDir": "dist"
  },
  "include": [
    "src/**/*"
  ],
  "exclude": [
    "node_modules"
  ]
}

My experience is that it's tricky to get a hold of the elements inside the template with webcomponents, you need to manually bind them to variables (e.g. with querySelector). This causes quite a bit of boilerplate code.

If you want automatic DOM updates via a state object (basically, a declarative UI), then it's going more in the direction of React/Preact/Vue/Angular depending on how much suffering you want to subject yourself to when it comes to the number of dependencies.

[BlueTechie]

Here is a summary of my preliminary findings and resources relating to 3. Authentication, more to come:

I found the Auth0 docs to be a good resource, such as the docs explaining which OAuth 2.0 flow to use. Since DAMAP was until now a single page application, the Authorization Code Flow with PKCE was the recommended choice, since the entire frontend is public, which means it can't contain client secrets. If we want to migrate to a traditional multi-page app, we also have the option of using the Authorization Code Flow (without PKCE), which would allow us to delegate the entire authentication logic to the backend (since we can trust it with the client secret). However, the Authorization Code with PKCE flow is now recommended as the standard for both confidential and public clients (see this blog post), since it comes with a security boost.

[GeoffreyKarnbach]

The last few days, I have experimented using preact and webcomponents. Those frameworks offer a more lightweight approach than Angular, seem well documented and robust. Although, because of the teams profficency with Angular, and our already existing Angular codebase, I think sticking to Angular (V20 + Bootstrap as CSS Framework?) would be better, using a revised frontend architecture, with better separation of concerns. I will post a suggestion of Folder Structure for Angular projects.

Here are also 2 small experiments with preact and webcomponents, both using the Admin Banner and displaying / creating / deleting it. Just check out the backend "gk/frontend-experiment" branch, where auth has been disabled for that feature.

[GeoffreyKarnbach]

PREACT:

banner.js

class BannerComponent extends HTMLElement {
  constructor() {
    super();
    // Create a shadow root for encapsulation
    this.attachShadow({ mode: "open" });
    this.banner = null;
    this.error = null;
    this.isDismissed = false;
  }

  connectedCallback() {
    this.render();
    this.fetchBanner();
  }

  async fetchBanner() {
    try {
      const res = await fetch("http://localhost:8080/api/admin/banner");
      if (res.status === 204) {
        this.banner = null;
      } else if (!res.ok) {
        throw new Error("Failed to fetch banner");
      } else {
        this.banner = await res.json();
      }
    } catch (err) {
      this.error = err.message;
    }
    this.render();
  }

  async createTestBanner() {
    const colors = ["red", "green", "blue", "yellow", "purple"];
    const color = colors[Math.floor(Math.random() * colors.length)];

    try {
      const res = await fetch("http://localhost:8080/api/admin/banner", {
        method: "POST",
        headers: { "Content-Type": "application/json" },
        body: JSON.stringify({
          title: "TEST",
          description: "TEST DESCRIPTION",
          dismissible: true,
          color,
        }),
      });
      if (!res.ok) throw new Error("Failed to create banner");
      await this.fetchBanner();
    } catch (err) {
      this.error = err.message;
      this.render();
    }
  }

  async deleteBanner() {
    try {
      const res = await fetch("http://localhost:8080/api/admin/banner", {
        method: "DELETE",
      });
      if (!res.ok) throw new Error("Failed to delete banner");
      this.banner = null;
      this.isDismissed = false;
    } catch (err) {
      this.error = err.message;
    }
    this.render();
  }

  // Render the component
  render() {
    const style = `
      <style>
        .banner {
          padding: 1rem;
          border-radius: 8px;
          margin-top: 1rem;
          color: white;
        }
        .button {
          margin-right: 0.5rem;
          padding: 0.5rem 1rem;
          font-size: 1rem;
          border: none;
          border-radius: 4px;
          cursor: pointer;
        }
        .delete-btn {
          background-color: darkred;
          color: white;
        }
        .error {
          color: red;
          margin-top: 1rem;
        }
      </style>
    `;

    let html = `
      ${style}
      <div style="margin-bottom: 2rem;">
    `;

    if (!this.banner && !this.isDismissed) {
      html += `<button class="button" id="create">➕ Create Test Banner</button>`;
    }

    if (this.banner || this.isDismissed) {
      html += `<button class="button delete-btn" id="delete">🗑️ Delete Banner</button>`;
    }

    if (this.error) {
      html += `<div class="error">Error: ${this.error}</div>`;
    }

    if (this.banner) {
      html += `
        <div class="banner" style="background-color: ${
          this.banner.color || "#ccc"
        }">
          <h2>${this.banner.title}</h2>
          <p>${this.banner.description}</p>
          ${
            this.banner.dismissible
              ? `<button class="button" id="dismiss">X</button>`
              : ""
          }
        </div>
      `;
    }

    html += `</div>`;
    this.shadowRoot.innerHTML = html;

    // Add event listeners / Bind logic to buttons
    this.shadowRoot
      .getElementById("create")
      ?.addEventListener("click", () => this.createTestBanner());
    this.shadowRoot
      .getElementById("delete")
      ?.addEventListener("click", () => this.deleteBanner());
    this.shadowRoot.getElementById("dismiss")?.addEventListener("click", () => {
      this.banner = null;
      this.isDismissed = true;
      this.render();
    });
  }
}

customElements.define("banner-component", BannerComponent);

index.html

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="UTF-8" />
    <title>Banner Web Component</title>
  </head>
  <body>
    <!-- Import the banner component defined in banner.js -->
    <banner-component></banner-component>

    <script type="module" src="./banner.js"></script>
  </body>
</html>

readme.md

Run using:

> npx serve . -l 4200

You have to serve the html file using a light server, otherwise CORS blocks the JS file.

[GeoffreyKarnbach]

preact.zip

This is the PREACT experiment.

[bitmotivator]

@GeoffreyKarnbach any thoughts on whether we should go for a full SPA or maybe just put the corresponding apps inside a page to handle the form / list view, but keep the other parts as classic HTML files, rendered server side? (Makes authentication a whole lot easier.)

[GeoffreyKarnbach]

I think this could be a realistic option or a SPA. I am not an expert regarding authentication and would have to discuss it with @BlueTechie, but if it facilitates it, I would not see much of an issue.

I would suggest following folder structure in angular (in case we re-use angular):

app:
	components:
		pages:
			…
		shared:
			…
		index.ts
	dtos:
		…
		index.ts
	enum:
		…
		index.ts
	guards:
		…
	interceptors:
		…
	services:
		…
	util:
		…
	auth:
		…
	pipes:
		…

Furthermore, I would suggest that we drop the lib approach, where we separate the code into the actual app and the library, as well as remove the store logic, as it just adds a further layer of complexity, that is subsceptible to bugs.

The shared folder inside of components could contain all the widgets or shared components of the current lib folder. Each page would have its own subfolder in the pages subdirectory, with child component nested in them.

If wanted, I could write a code skeleton for this architecture.

[BlueTechie]

Following up on 3. Authentication, in particular what the current setup does. I plan on describing what we could do in the future in a separate comment. I include technical details in case they are useful later on, but feel free to skip them if they are not relevant to you.

TL;DR: We use Authorization Code Flow with PKCE + OIDC for authentication. The frontend redirects to Keycloak where the user logs in, and it receives an ID token and an access token. The access token is then sent to the backend in the header of each API call to confirm that the user is authorized to perform an action.

As mentioned by @bitmotivator, the current setup uses the Authorization Code Flow with PKCE, which we can see in the following snippet from config.service.ts in the frontend:

const authConfig: AuthConfig = {
            issuer: config.authUrl,
            clientId: config.authClient,
            redirectUri: window.location.origin,
            logoutUrl: window.location.origin,
            oidc: true,
            scope: config.authScope,
            // useSilentRefresh: true,
            responseType: 'code', // <- This means that we augment code flow with PKCE
            showDebugInformation: isDevMode(),
            // sessionChecksEnabled: true,
          };

All URL paths of our application are guarded, meaning the user needs to be authenticated and if not, this line is called (in auth-service.ts):

this.oAuthService.initLoginFlow(route);

This triggers the following sequence of events:

1. The DAMAP frontend generates a code verifier (think a random string) and a code challenge (Base64-encoded hash, in this case SHA256).
2. The DAMAP frontend then sends an authorization request + the code challenge from before to Keycloak.
3. The user is redirected to a Keycloak login page and logs in (let's assume successfully).
4. Keycloak redirects with an authorization code in the URL (which is bound to the code challenge from before) that the frontend can then extract.
5. The frontend sends back that same authorization code along with the code verifier from before (that only it knows).
6. Keycloak validates the code verifier and sends an ID token as well as an access token to the frontend.
7. The frontend can then use the ID token for itself, and the access token to authenticate with our backend.

Once the frontend receives the access token from Keycloak, the token is sent in the header of all API requests to the backend over HTTP as configured in app.module.ts

OAuthModule.forRoot({
      resourceServer: {
        allowedUrls: [environment.backendurl],
        sendAccessToken: true,
      },
    }),

The backend then validates the access token (see the method validateAuthHeader(HttpHeaders headers) in SecurityService.java). The backend also uses the access token (which contains user identity claims) to determine if certain actions are allowed, for instance depending on if the user is an admin. To do this, it instantiates a principal object, which is derived from the claims of the access token, for instance in this method of SecurityService.java:

  public String getUserId() {
    final Principal principal = securityIdentity.getPrincipal();
    if (!(principal instanceof OidcJwtCallerPrincipal)) return null;

    return ((OidcJwtCallerPrincipal) principal).getClaims().getClaimValue(authUser).toString();
  }

It is true that this approach leads to some (but also not very large) code duplication, since both the frontend and backend need to work with the mentioned JWTs, e.g. parse them.

[bitmotivator]

OK, so if we go with just a "standard" Angular approach with the authentication working the same way, how do we avoid the frontend code deteriorating like it is deteriorated now?

[GeoffreyKarnbach]

I have now explored the React + MUI stack, was a pleasant development experience. Here is the implementation of the Admin Banner for it:

DAMAPReactMUI.zip