A month has passed and a new release was just published - Alpha 8. Let’s zoom into what’s new.
Integrator Goodies
For those of you running or planning to run Rafiki yourselves, we have added two features that give you more optionality. First of all, you can disable Rafiki’s support for SPSP, in case you won’t allow direct ILP access for third parties (which is probably the case for almost all integrators). Furthermore, we have added the ability to run database migrations manually. With this in place, if Rafiki is installed on kubernetes cluster, it is possible to leverage Init Containers for database migrations.
Integration Tests
This last release of Rafiki Alpha 8 also includes a set of integration tests that go through several Rafiki to Rafiki payment flows, check that all the endpoints behave as expected, and that all the webhook events are fired accordingly. These can be triggered manually, but they are also part of our CI pipeline. We plan to expand these tests and are open to suggestions on what to add.
Release Pipeline
Thanks to the newest addition to the Interledger team, @golobitch, we are ready to move our releases to the next level. As soon as Rafiki is ready for Beta, we have an improved and flexible release pipeline in place to automate the process using Github Workflows.
Security Fixes
So, “when is Rafiki ready for Beta?”, you may ask. The answer to that is: As soon as all our security additions are merged in. Alpha 8 already contains some security features added to our GraphQL servers, easily enabled thanks to GraphQL Armor, that limit the depth of a query and disables field suggestions. Additionally, we set the X-Frame-Options header to SAMEORIGIN for the Rafiki frontend to prevent clickjacking.
We currently also have an open pull request to secure the Rafiki Admin UI with Ory Kratos. Finally, @feraltc is busy securing the Rafiki Admin APIs.
Upcoming Changes
I really hope that this month is the month that we release our first Beta version. We will definitely push for it! Additionally, we will be working on making quoting within Open Payments and Rafiki optional to allow for a smoother flow in Web Monetization. Finally, we will add a bunch of logs to Rafiki to ramp up our developer and integrator experience.
Top comments (1)