Before I get into details on that, I want to say a few things about this project that I have been meaning to say for a while now.
An interesting fact about the Manager is that, since I started it, I have hardly played any KD:M at all. Rather, I spend most of my personal "Kingdom Death time" working on the Manager, or the API, or other projects related to The Watcher, etc.
Every so often however, usually when a major release or upgrade has been released (and patched) or when I add coverage for a new expansion (and get it patched), I'll break out the box, fire up the Manager and do a little "play-testing".
It's great. It's my favorite thing: it makes it all worth while. It also really helps the so-called quality of life (QoL) features evolve and improve.
To wit: most of the application updates and fixes in 2.1.188 are the result of one of my play-testing sessions: the QoL improvements and bug fixes in this release are pretty much the direct result of my getting to sit down with the Manager and roll some dice (though there are a few fixes and resolutions that were submitted as GitHub issues or via email, etc.).
But, to get back to what I started out saying, the rest of what's included in 2.1.188 is API enhancements related to our phase one/pre-alpha stuff for The Watcher.
Which, to put that another way, is to confirm that the major work on the The Watcher is officially underway, and that another huge feature push for http://kdm-manager.com will probably not happen for a while, if at all.
(Personally, I would very much like to keep things incremental, going forward: the Anniversary Release was way too huge of an advance in way too short of a time span and ended up turning into a month-long nightmare for me, and I definitely don't plan on doing that to myself again!)
That said (and I know I've been saying this for weeks), I plan to add Slenderman Expansion support this weekend, so keep an eye out for that.
Thanks for using the Manager!
Corrections and Fixes
- Addressed a JS comparison/evaluation bug that broke certain conditional aspects of Survivor and Settlement Sheet display.
- Fixed a bug where the Flower Knight Resources location was not appearing in the settlement storage menu.
- Fixed an major API bug where cursed item options list were incomplete due to a crazy typo.
- Normalized presentation on Cursed Items controls: mouse-over no longer changes font-weight to bold, Metrophobic replaces Arial, sizes are adjusted at all breakpoints.
- Fixed an API bug where survivors could sometimes be serialized to JSON strings and then NOT reloaded as JSON strings, causing them to remain as strings (and breaking parsing, causing JS errors, etc.).
- Fixed a session bug introduced by the AR where settlements and survivors could not be removed. -gregrebholz
- Fixed a bug where "norefresh" requests to the legacy app were actually rendering HTML (and returning it, in some cases). -mdbarnett
- Fixed a bug where bogus quarry handles could cause a blank row to be added to settlement quarries (and the abrupt end of the user's session). -mdbarnett
- Keyed in a few new epithets and bunch of new names. Really trying to enrich the peripheral, QoL experience (haha).
- Removed some redundant duck-typing from session.new() and added a "created_by" attribute to all new sessions (just to follow our convention there: it was always a little weird that the one user asset in the MDB without a "created_by" attrib was the most basic one).
- Removed some old, vestigial valkyrie code from admin.py
- Added pipes as brackets to admin.dump_document() display (to help show leading/trailing white space issues).
- Revised api.py (from the legacy app) to eschew GET requests to private routes (see below).
- Punched up admin.py to start to support @khoa's new security regime/design:
- admin.authenticate() method now uses werkzeug.security.safe_str_cmp() rather than the simple, potentially exploitable python string comparison
- New sessions (sessions.Session objects) now get a JWT "access_token" attributeappended to them upon creation.
- Cleaned up admin.authenticate() and html.auth() to just be easier to read and more PEP8-ish and less cracked-out-looking.
- Added three retries to api.post_JSON_to_route() method (our main API data retrieval method in the legacy webapp). This should address issue #205. I'm going to leave the issue open though, in case it doesn't.
- The apiService factory in kdmManager.js no longer does POST requests when retrieving settlement data (and therefore no longer triggers the API warning about a POST with no JSON payload, etc.).
- The modifyAsset() function in kdmManager.js now has a callback method for its asynchronous POST operations back to the legacy app, so we can catpure errors and display the error pop-up now.
- Improved assets.Settlement.update_quarries() to fail gracefully (and log hugely) when it cannot complete an operation based on bad input.
- Keyed in a few new causes of death.
- Deprecated the /cursed_items route (since "cursed_items" are now an attribute of a settlement's "game_assets" dict).
- Failing to submit params to /monster now returns an HTTP 422 (instead of a 500).
- The /monster route now accepts GET and POST requests (handling both identically). This one goes out to my REST purists out there in the peanut gallery who don't like to transmit JSON with a GET. Holler!
- Rewrote the documentation (i.e. the document root route HTML) to reflect recent changes to the API and the Anniversary Release. Only public routes are included for now, since the private methods are pretty much changing daily.
- User asset models now have unique render_response() methods that will be used to respond to requests over the private routes. Private routes ONLY support POST and OPTIONS methods!
- Fixed a bug on the /monster route where handles could be processed as names if they contained certain characters.
- Added CORS support for /world and /survivor routes. -Khoa
- /survivor route now supports the <action> convention, e.g. /survivor/do_stuff/<survivor_id>
- Revised private routes for DRYness and condensed response code for /settlement and /survivor into a single, parameterized Flask function.
- Deprecated the whole "routes" module because the concept was kind of overkill to begin with. Also, I think the whole API needs to get "flatter" over time.
- Replaced the modules in "routes" with individual asset model render_response() methods.
- Deprecated Models.http_response() in favor of using an asset model's private individual render_response() methods for returning a serialized version of its MDB document.
- Added a new module called request_broker.py to liaison between incoming user asset requests and initialized user assets. For now, it's the gatekeeper: if it can't initialize an asset, then you get a bad request (422, 500, etc.). In the future, it will probably expand to be the recorder of traffic and the tracker of game sessions.
- Added support for JWT authentication to api.py (followed the guide at https://pythonhosted.org/Flask-JWT/ and it's fucking great: definitely check it out for your Flask JWT needs), which adds the new /auth route. No routes are protected in this release, but the so-called private routes will require JWT auth soon.
- models.settlements.Settlement.get_players() no longer includes the full MDB document for players. settlement.user_assets.players list items now include whether the player is an admin, the founder, etc.
- Added support to Models.py for initializing user objects and created a module in models for working with user objects (models/users.py).
- The new models.users.User.serialize() method synthesizes a bunch of user fact elements about the user, including asset counts, friend count, etc.
- Bad requests along private routes now return a 400 (instead of a 422).
- settings.py now has a __main__ namespace get() method that supports private settings.
- Added an Assets() class to models.settlements.py to render the odd-ball /new_settlement route.
- Added an Flask application-level log handler for flask_jwt.
- Added /static/<sub_dir> routing to api.py (for css, js, etc.) because explicit is better than implicit.