Skip to content

Cloudflare sidecar app for mediating API calls between Retool and Directus as an edge worker

Notifications You must be signed in to change notification settings

nsip/retool-sidecar-eval

Repository files navigation

retool-sidecar-eval

This is an edge worker, implemented to pass JWT-authenticated requests to Directus (backend database) from Retool (frontend interface), for the ST4S evaluation tool used by NSIP. The edge worker has been put in place as the time lag in queries posted directly to Directus from Retool was unacceptably large, in the realm of 3 sec: Retool updates are issued incrementally and interactively as assessors navigate from control to control, with one update query issued per control: they are meant to be rapid-fire updates to the Directus backend source of truth about assessments.

The edge worker receives JWT-authenticated requests from Retool, and validates them with a shared secret between Retool and the Cloudflare deployment. The implementation is documented in JWT_IMPLEMENTATION_SUMMARY.md, and (with some redundancy) CREATE_UPDATE_OPERATIONS.md.

The edge worker is invoked in Retool by save_evaluation_blob, the module which saves JSON create/update payloads relating to one or more controls and their assessor evaluations to Directus:

    const workerUrl = "https://sidecar-eval.nsip-esa.workers.dev";

    try {
      // Generate JWT for authentication (direct call - no trigger overhead)
      const secretForSigning = retoolContext.configVars.directus_bearer_token_plaintext;
      const jwtToken = await window.generateJWT(secretForSigning, "retool", "sidecar-eval", 60);

      const response = await fetch(workerUrl, {
        method: "POST",
        headers: {
          "Content-Type": "application/json",
          "Authorization": `Bearer ${jwtToken}`
        },
        body: JSON.stringify({
          operation: "update",
          id: eval_id,
          blob: ret, // paylod to save to Directus
          Assessment: assessment_id,
          Control_Code: parseInt(control_id)
        })
      });

      const result = await response.json();

The edge worker is at this time deployed on Cloudflare, as https://sidecar-eval.nsip-esa.workers.dev. The credentials to access the account on Cloudflare where it is deployed are available on Sharepoint: ST4S/ST4S Tech and Tools/Retool/sidecar-eval

About

Cloudflare sidecar app for mediating API calls between Retool and Directus as an edge worker

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published