Promptly-Technologies-LLC
diff --git a/‎docs/architecture.qmd
Lines changed: 107 additions & 1 deletion b/‎docs/architecture.qmd
Lines changed: 107 additions & 1 deletion
diff --git a/‎docs/authentication.qmd
Lines changed: 2 additions & 2 deletions b/‎docs/authentication.qmd
Lines changed: 2 additions & 2 deletions
diff --git a/‎docs/contributing.qmd
Lines changed: 49 additions & 9 deletions b/‎docs/contributing.qmd
Lines changed: 49 additions & 9 deletions
@@ -59,4 +59,110 @@ dot.render('static/data_flow', format='png', cleanup=True)
 
 ![Data flow diagram](static/data_flow.png)
 
-The advantage of the PRG pattern is that it is very straightforward to implement and keeps most of the rendering logic on the server side. The disadvantage is that it requires an extra round trip to the database to fetch the updated data, and re-rendering the entire page template may be less efficient than a partial page update on the client side.
+The advantage of the PRG pattern is that it is very straightforward to implement and keeps most of the rendering logic on the server side. The disadvantage is that it requires an extra round trip to the database to fetch the updated data, and re-rendering the entire page template may be less efficient than a partial page update on the client side.
+
+## Form validation flow
+
+We've experimented with several approaches to validating form inputs in the FastAPI endpoints.
+
+### Objectives
+
+Ideally, on an invalid input, we would redirect the user back to the form, preserving their inputs and displaying an error message about which input was invalid.
+
+This would keep the error handling consistent with the PRG pattern described in the [Architecture](https://promptlytechnologies.com/fastapi-jinja2-postgres-webapp/docs/architecture) section of this documentation.
+
+To keep the code DRY, we'd also like to handle such validation with Pydantic dependencies, Python exceptions, and exception-handling middleware as much as possible.
+
+### Obstacles
+
+One challenge is that if we redirect back to the page with the form, the page is re-rendered with empty form fields. 
+
+This can be overcome by passing the inputs from the request as context variables to the template. 
+
+But that's a bit clunky, because then we have to support form-specific context variables in every form page and corresponding GET endpoint.
+
+Also, we have to:
+
+1. access the request object (which is not by default available to our middleware), and 
+2. extract the form inputs (at least one of which is invalid in this error case), and 
+3. pass the form inputs to the template (which is a bit challenging to do in a DRY way since there are different sets of form inputs for different forms).
+
+Solving these challenges is possible, but gets high-complexity pretty quickly.
+
+### Approaches
+
+The best solution, I think, is to use really robust client-side form validation to prevent invalid inputs from being sent to the server in the first place. That makes it less important what we do on the server side, although we still need to handle the server-side error case as a backup in the event that something slips past our validation on the client side.
+
+Here are some patterns we've considered for server-side error handling:
+
+<style>
+.styled-table, .styled-table th, .styled-table td {
+  border: 1px solid black;
+  padding: 8px;
+  border-collapse: collapse;
+}
+
+.styled-table th:nth-child(1) { width: 5%; }
+.styled-table th:nth-child(2) { width: 50%; }
+.styled-table th:nth-child(3), 
+.styled-table th:nth-child(4),
+.styled-table th:nth-child(5) { width: 15%; }
+.styled-table th:nth-child(6) { width: 10%; }
+</style>
+
+<table class="styled-table">
+  <thead>
+    <tr>
+      <th>ID</th>
+      <th>Approach</th>
+      <th>Returns to same page</th>
+      <th>Preserves form inputs</th>
+      <th>Follows PRG pattern</th>
+      <th>Complexity</th>
+    </tr>
+  </thead>
+  <tbody>
+    <tr>
+      <td>1</td>
+      <td>Validate with Pydantic dependency, catch and redirect from middleware (with exception message as context) to an error page with "go back" button</td>
+      <td>No</td>
+      <td>Yes</td>
+      <td>Yes</td>
+      <td>Low</td>
+    </tr>
+    <tr>
+      <td>2</td>
+      <td>Validate in FastAPI endpoint function body, redirect to origin page with error message query param</td>
+      <td>Yes</td>
+      <td>No</td>
+      <td>Yes</td>
+      <td>Medium</td>
+    </tr>
+    <tr>
+      <td>3</td>
+      <td>Validate in FastAPI endpoint function body, redirect to origin page with error message query param and form inputs as context so we can re-render page with original form inputs</td>
+      <td>Yes</td>
+      <td>Yes</td>
+      <td>Yes</td>
+      <td>High</td>
+    </tr>
+    <tr>
+      <td>4</td>
+      <td>Validate with Pydantic dependency, use session context to get form inputs from request, redirect to origin page from middleware with exception message and form inputs as context so we can re-render page with original form inputs</td>
+      <td>Yes</td>
+      <td>Yes</td>
+      <td>Yes</td>
+      <td>High</td>
+    </tr>
+    <tr>
+      <td>5</td>
+      <td>Validate in either Pydantic dependency or function endpoint body and directly return error message or error toast HTML partial in JSON, then mount error toast with HTMX or some simple layout-level Javascript</td>
+      <td>Yes</td>
+      <td>Yes</td>
+      <td>No</td>
+      <td>Low</td>
+    </tr>
+  </tbody>
+</table>
+
+Presently this template primarily uses option 1 but also supports option 2. Ultimately, I think option 5 will be preferable; support for that [is planned](https://github.com/Promptly-Technologies-LLC/fastapi-jinja2-postgres-webapp/issues/5) for a future update or fork of this template.
@@ -32,7 +32,7 @@ This template implements a comprehensive authentication system with security bes
 
 The diagrams below show the main authentication flows.
 
-### Registration and login flow
+## Registration and login flow
 
 ``` {python}
 #| echo: false
@@ -87,7 +87,7 @@ auth.render('static/auth_flow', format='png', cleanup=True)
 
 ![Registration and login flow](static/auth_flow.png)
 
-### Password reset flow
+## Password reset flow
 
 ``` {python}
 #| echo: false
 
@@ -4,11 +4,46 @@ title: "Contributing"
 
 ## Contributors
 
-Fork the repository, create a new branch, make your changes, and submit a pull request.
+### Opening issues and bug reports
 
-### Render the documentation
+When opening a new issue or submitting a bug report, please include:
 
-The README and documentation website are rendered with [Quarto](https://quarto.org/docs/). Make changes to the `.qmd` files in the root folder and the `docs` folder. Then run the following commands to render:
+1. A clear, descriptive title
+2. For bug reports:
+   - Description of the expected behavior
+   - Description of the actual behavior
+   - Steps to reproduce the issue
+   - Version information (OS, Python version, package version)
+   - Any relevant error messages or screenshots
+3. For feature requests:
+   - Description of the proposed feature
+   - Use case or motivation for the feature
+   - Any implementation suggestions (optional)
+
+Labels help categorize issues:
+- Use `bug` for reporting problems
+- Use `enhancement` for feature requests
+- Use `documentation` for documentation improvements
+- Use `question` for general queries
+
+### Contributing code
+
+To contribute code to the project:
+
+1. Fork the repository and clone your fork locally
+2. Create a new branch from `main` with a descriptive name
+3. Review the [customization](https://promptlytechnologies.com/fastapi-jinja2-postgres-webapp/customization.html), [architecture](https://promptlytechnologies.com/fastapi-jinja2-postgres-webapp/architecture.html), and [authentication](https://promptlytechnologies.com/fastapi-jinja2-postgres-webapp/authentication.html) pages for guidance on design patterns and code structure and style
+4. Ensure all tests pass, including `mypy` type checking
+5. Stage, commit, and push your changes to the branch:
+   - Use clear, descriptive commit messages
+   - Keep commits focused and atomic
+6. Submit your pull request:
+   - Provide a clear description of the changes
+   - Link to any related issues
+
+### Rendering the documentation
+
+The README and documentation website are rendered with [Quarto](https://quarto.org/docs/). If you ,make changes to the `.qmd` files in the root folder and the `docs` folder, run the following commands to re-render the docs:
 
 ``` bash
 # To render the documentation website
@@ -19,17 +54,22 @@ quarto render index.qmd --output-dir . --output README.md --to gfm
 
 Due to a quirk of Quarto, an unnecessary `index.html` file is created in the root folder when the README is rendered. This file can be safely deleted.
 
+Note that even if your pull request is merged, your changes will not be reflected on the live website until a maintainer republishes the docs.
+
 ## Maintainers
 
-### Increment the version
+### Git flow
 
-Run the following command to increment the version:
+When creating new features,
 
-``` bash
-poetry version patch minor
-```
+1. Open a Github issue with the label `feature` and assign it to yourself.
+2. Create a new branch from the issue sidebar.
+3. Follow the instructions in the popup to check out the branch locally and make your changes on the branch.
+4. Commit your changes and push to the branch.
+5. When you are ready to merge, open a pull request from the branch to main.
+6. Assign someone else for code review.
 
-### Publish the documentation
+### Publishing the documentation
 
 To publish the documentation to GitHub Pages, run the following command: