Weeknotes, I guess
What a week. Hard to work up the enthusiasm to write about what I’ve been working on.
I’ve mainly been pushing towards shipping a Datasette release with writeable canned queries. This lead me down various other rabbit holes.
Authentication
Once you can write to a database, authentication and permissions become more than just a nice-to-have. I’ve used plugins for this in the past (datasette-auth-github and datasette-auth-existing-cookies), but to allow these plugins to work together with other features it makes sense to bring the concept of authentications and permission checks into Datasette core.
Issue #699 tracks my thinking on this. I’ve landed two new plugin hooks: actor_from_request, which lets plugins decide if the request is from an authenticated actor (a logged-in user or an authenticated API key of some sort) and permission_allowed which can answer if an actor is allowed to perform a specific action on a resource.
Flash messages
When you perform a write, I need to let you know if it worked or not. Django has messages, Flask calls them flash messages. I’ve now added these to Datasette, using signed cookies. The new /-/messages debug tool lets you try them out and see how they work.
CSRF protection
Still a work in progress (and a blocker on releasing the above new features). I shipped asgi-csrf 0.3 yesterday which is now ready for use in Datasette. The next step is to integrate it.
New milestone: Datasette 1.0
Writeable canned queries are the last major feature I want to add before Datasette 1.0. I’ve put some notes together on what this means: essentially I want 1.0 to signify that plugin builders and template authors can develop against Datasette with confidence that their stuff won’t break until at least 2.0. I also started a Datasette 1.0 milestone.
More recent articles
- ChatGPT should include inline tips - 30th May 2023
- Lawyer cites fake cases invented by ChatGPT, judge is not amused - 27th May 2023
- llm, ttok and strip-tags - CLI tools for working with ChatGPT and other LLMs - 18th May 2023
- Delimiters won't save you from prompt injection - 11th May 2023
- Weeknotes: sqlite-utils 3.31, download-esm, Python in a sandbox - 10th May 2023
- Leaked Google document: "We Have No Moat, And Neither Does OpenAI" - 4th May 2023
- Midjourney 5.1 - 4th May 2023
- Prompt injection explained, with video, slides, and a transcript - 2nd May 2023
- download-esm: a tool for downloading ECMAScript modules - 2nd May 2023
- Let's be bear or bunny - 1st May 2023