=TODO items for OpenResty

== Bugs
* remove the unique constraint on _views's definition column.
* http://ced02.search.cnb.yahoo.com/=/model/Post/~/~?user=agentzh.Admin&password=blahblah gives
    error: "Syck parser (line 313, column -1): syntax error at /home/es/share/htdocs/es/openapi-1782/bin/../lib/OpenAPI/Backend/PgFarm.pm line 57."  [fixed]
* qyliu reports that PUT /=/model/Foo/bar/word does NOT quote the "word" part, resulting in a sql injection point.  [fixed]
* Captcha ID should not saved in a cookie and get expired during login.  [fixed]

== Implementation
* Added no-cache headers to the responses:
    Expires: Thu, 01 Jan 1970 00:00:01 GMT
    Cache-Control: no-cache, must-revalidate
    Pragma: no-cache

* Renamed the column "table_name" in _columns to "model".
* Role inheritance support.
* Allow invoking views via POST.
* XML/RDF support (in addition to JSON and YAML support).
* Shortcut for row_count sub.
  (laser++ said "select count(*)" is expensive in Pg.)
* Implement updating role meta info.
* Check for joining too many models in minisql's select statement.
* Cache meta info in OpenAPI::Cache for faster access.
* Basic SQL injection detection code in OpenAPI::Backend.
* Sane logging facility (or use stderr and lighttpd's logs?)
* more DWIMmy in the captcha solution comparison code:
    lc($user_sol) and 全角 => 半角
* Use true config file rather than a big set of env vars.
* A functional query langauge as an alternative to minisql.
* move all initialize SQLs into a independent file [laser]
* add a global default PostgreSQL user, named by anonymous/public etc., to act as a read-only role in PG (clusters) [laser]
* make OpenAPI into a database interfaces [laser]
  ** add proc support
* make OpenAPI meta data store in another special meta-schema, naming by prefixing '_' to username, e.g. "_username", then
  we create 2 schema when creating a user: _username & username, and create 2 different database roles (PostgreSQL role)
  when creating user, one for access meta data, we could call it meta-user, the other for access user data; all meta data,
  like _models, _columns, _views will be keep in meta-schema, thus we could use PostgreSQL security model to make maximum
  protection for us. [laser,leiyh,angentzh]
* add a per-model PostgreSQL user/role, act as writer for all permitted write from the roles of model itself.
* mv Backend from OpenAPI to lib, seems it belongs there [laser]
* move some work (like has_somethig()) into store procedore into store procedure to minimum c/s interact [leiyh,laser]

* use a status machine to recognize different url pattern [laser] [done]
* use $self->select() instead $Backend->do() in OpenAPI.pm [laser] [done]
* different URL mode for view implementation, should clearify the url path meaning [laser] [canceled]
* Design and implement the login interface (i.e. /=/login/user/...) [done]
* Design and implement roles and ACL, /=/roles/... [done]
* Captcha support in the login interface. [done]
* Hook laye++'s PCR-based miniSQL parser into OpenAPI. [canceled]

== Documentation
* A set of OpenAPI tutorials in both en and cn.
* An English version for the OpenAPI spec.
* Reorganize the spec according to the latest test suite.
* Add diffs regarding Google Data API and Amazon SimpleDB.
* Added Apache config directives to README.

== Utilities
* Monitor potential memory leaks in lighttpd/apache fastcgi processes.
* bin/export-model.pl and bin/import-model.pl for exporting/importing user's model records.
* Client-side OpenAPI libary in various programming languages:
    JavaScript, Perl, Java, Python, Ruby, C#, PHP
* Admin site for OpenAPI.

== Test suite
* Create pg_XXX tables in sql injection tests.
* Tests for unknown HTTP methods (like TRACE, OPTIONS, and CONNECT).
* Tests for common SQL injection patthers.
* Coverage testing for the test sutie.
* Review and polish the existing test suite (under t/)
* Backup and Restore data for promotion [working]
* Tests for session manager on login [shangerdi]
* Tests for 'select * from a,b,c,d,e....' [shangerdi]
* Tests for 'select * from ... where ???????' [shangerdi]
* Tests for count('select * from ...... where ......') [shangerdi]

* Work out the empty test cases in t/03-model.t [done]
* More tests for t/10-limits.t.
  (i.e. INSERT_LIMIT, POST_LEN_LIMIT, PUT_LEN_LIMIT, and MAX_SELECT_LIMIT)
  [done]
* Prerequiste groups in Makefile.PL. [done]
* Tests for PUT method in Role [shangerdi] [done]
* Tests for captcha [done]
* Tests for logout [done]

