blog-service | blog service @nestjs | GraphQL library

I new with Django. I hope you could help me with this error "No file was submitted. Check the encoding type on the form". I've read several questions on stackoverflow, but there was problems with absence of "save()" in function in views.py, or absence of method "post", or absence of "csrf_token" in HTML. But I use UpdateView class and method "post" and "csrf_token" are included in HTML file. I have no any idea what the problem is.

This is a blog-service with the function of adding/ updating/ deleting cities and trains. I use CreateView/ UpdateView/ DeleteView classes. Information regarding to cities and trains is stored in linked tables. All classes in the "cities" app (views.py) work without problems, the same classes copied to the "trains" app don't work for creating and changing data through the form on the site. It raise an error right on the page: "Not a single file was sent. Check the encoding type of the form".

At the same time, the deletion works correctly on the site. And create/ update/ delete work correctly through the admin panel.

The corresponding models and forms have been created for the "trains" app. Both apps are registered in settings.py.

Please tell me: where could be the problem? Thank you in advance.

views.py

Let's say I am developing blog platform where users can register account, pay for subscription and create their own blogs. Platform consists of following microservices:

• account-service
• auth-service
• subscription-service
• blog-service
• api-gateway

I am thinking of implementing api-gw pattern where all microservices except api-gw will be deployed to private network (where they will be able to talk with each other directly either synchronically or asynchronically through message broker) and they will be publicly available only through api-gw.

There will be two clients/consumers of the API:

• frontend (for clients)
• cms (for admins)

Therefore I want to make use of separate-api-gw-per-client pattern, so actually there will be two api gateways, one for regular frontend (frontent-api-gw) and one for cms (cms-api-gw), but both will talk with same microservices.

My question is about authorization and where it should take place (or rather what are pros/cons for different approaches). Let's focus on two "endpoints":

1. frontend-api-gw::createBlog() => blog-service::createBlog()

Frontend api-gw exposes endpoint to create a new blog and this api call is "forwarded" to blog-service::createBlog() endpoint. Let's say that user is already authenticated (i.e. correct JWT with user id is passed along with request to api-gw).

The authorization that has to be made is to determine if user with this id can create new blog. This can be done by calling subscription-service to check if user has paid subscription. The main question is if this authorization should be made still on api-gw side (A) or on blog-service side (B):

1. cms-api-gw / frontend-api-gw::listBlogs() => blog-service::listBlogs()

Similar case - should userContext / JWT in any format be passed to each individual microservice and that microservice should decide what to return? Or individual microservices should not be aware of userContext (maybe only for logging purposes), rely on API GW authorization and just receive some parameters/arguments?

My thoughts:

In case A, the logic in each individual microservice is more complicated because of authorization layer. Can get more complicated where there will be more API gws, user roles etc. However API GW in this case is simpler and it only forwards requests to microservices.

In case B, the logic in each individual microservice is less complicated, simple and straightforward. However there is more logic in API GW because it has to implement authorization for all platform (at least for the part that this api gw is responsible for). Maybe it can be also advantage to have all authorization in one place and not spread across microservices?

Also in case B there is less coupling between individual microservices I think.

What do you guys think of those two approaches / maybe you have other "ideas"?