GET layer, page, and line data #442
Description
In the current implementation the following endpoints do not require any authentication or authorization. They are open endpoints freely available to the internet.
- https://api.t-pen.org/project/:projectid/layer/:layerid
- https://api.t-pen.org/project/:projectid/layer/:layerid/page/:pageid
- https://api.t-pen.org/project/:projectid/layer/:layerid/page/:pageid/line/:lineid
Decide on if and how the request for "open data" should behave for the "same data" via the following URI patterns
Claude, Copilot, and RCG Devs have a feeling that all data requests involving a https://api.t-pen.org/project/:projectid/ should be protected in some way. The very minimum is to ensure only a valid logged in user can do it using programmatic GETs or by using the address bar in their browser. The maximum is ensuring it is a valid logged in user that is a part of the project with the appropriate permissions.
Note there is no need to change how the https://store.rerum.io/v1/id/:dataid URLs behave
We thought about this during #441 but have not officially made a stance yet. For now, both URI patterns behave the same way where all GETs are open and the data is freely available at the URI, no Bearer token required.
Encountered this again working on #453 and the pr #455 . There were issues negotiating between a Line and a raw Annotation, how data moves forward, and how errors in the pipeline of that data moving forward occur. The instinct of the AI was to preference raw data being processed through Line instead of moving forward freely.