id,node_id,number,title,user,user_label,state,locked,assignee,assignee_label,milestone,milestone_label,comments,created_at,updated_at,closed_at,author_association,pull_request,body,repo,repo_label,type,active_lock_reason,performed_via_github_app,reactions,draft,state_reason
635049296,MDU6SXNzdWU2MzUwNDkyOTY=,820,Idea: Plugin hook for registering canned queries,9599,simonw,closed,0,,,,,2,2020-06-09T01:58:21Z,2020-06-18T17:58:02Z,2020-06-18T17:58:02Z,OWNER,,"Thought of this while thinking about possible permissions plugins (#818).

Imagine an API key plugin which allows access for API keys. It could let users register new API keys by providing a writable canned query for writing to the `api_keys` table.

To do this the plugin needs to register the query. At the moment queries have to be registered in `metadata.json` - a plugin hook for registering additional queries could help solve this.

One challenge: how does the plugin know which named database the query should be registered for?

It could default to the first attached database and allow users to optionally tell the plugin ""actually use this named database instead"" in plugin configuration.",107914493,datasette,issue,,,"{""url"": ""https://api.github.com/repos/simonw/datasette/issues/820/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,completed
635108074,MDU6SXNzdWU2MzUxMDgwNzQ=,824,Example authentication plugin,9599,simonw,closed,0,,,5512395,Datasette 0.44,4,2020-06-09T04:49:53Z,2020-06-12T00:11:51Z,2020-06-12T00:11:50Z,OWNER,,https://github.com/simonw/datasette-auth-github/issues/62 will work for this.,107914493,datasette,issue,,,"{""url"": ""https://api.github.com/repos/simonw/datasette/issues/824/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,completed
635519358,MDU6SXNzdWU2MzU1MTkzNTg=,826,Document the ds_actor signed cookie,9599,simonw,closed,0,,,5512395,Datasette 0.44,3,2020-06-09T15:06:52Z,2020-06-09T22:33:12Z,2020-06-09T22:32:31Z,OWNER,,"Most authentication plugins (https://github.com/simonw/datasette-auth-github for example) are likely to work by setting the `ds_actor` signed cookie, which is already magically decoded and supported by default Datasette here:

https://github.com/simonw/datasette/blob/4fa7cf68536628344356d3ef8c92c25c249067a0/datasette/actor_auth_cookie.py#L1-L13

I should document this.",107914493,datasette,issue,,,"{""url"": ""https://api.github.com/repos/simonw/datasette/issues/826/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,completed
635696400,MDU6SXNzdWU2MzU2OTY0MDA=,827,Document CSRF protection (for plugins),9599,simonw,closed,0,,,5512395,Datasette 0.44,1,2020-06-09T19:19:10Z,2020-06-09T19:38:30Z,2020-06-09T19:35:13Z,OWNER,,"Plugin authors need to know that if they want to POST a form they should include this:
```html+jinja
<input type=""hidden"" name=""csrftoken"" value=""{{ csrftoken() }}"">
```",107914493,datasette,issue,,,"{""url"": ""https://api.github.com/repos/simonw/datasette/issues/827/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,completed
635147716,MDU6SXNzdWU2MzUxNDc3MTY=,825,Way to enable a default=False permission for anonymous users,9599,simonw,closed,0,,,5512395,Datasette 0.44,6,2020-06-09T06:26:27Z,2020-06-09T17:19:19Z,2020-06-09T17:01:10Z,OWNER,,"I'd like plugins to be able to ship with a default that says ""anonymous users cannot do this"", but allow site administrators to over-ride that such that anonymous users can use the feature after all.

This is tricky because right now the anonymous user doesn't have an actor dictionary at all, so there's no key to match to an allow block.",107914493,datasette,issue,,,"{""url"": ""https://api.github.com/repos/simonw/datasette/issues/825/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,completed
635107393,MDU6SXNzdWU2MzUxMDczOTM=,823,"Documentation is inconsistent about ""id"" as required field on actor",9599,simonw,closed,0,,,5512395,Datasette 0.44,3,2020-06-09T04:47:58Z,2020-06-09T14:58:36Z,2020-06-09T14:58:19Z,OWNER,,"Docs at https://github.com/simonw/datasette/blob/5a6a73e3190cac103906b479d56129413e5ef190/docs/authentication.rst#actors say:

> The only required field in an actor is `""id""`, which must be a string.

But the example here returns `{""token"": token}`:

```python
@hookimpl
def actor_from_request(datasette, request):
    async def inner():
        token = request.args.get(""_token"")
        if not token:
            return None
        # Look up ?_token=xxx in sessions table
        result = await datasette.get_database().execute(
            ""select count(*) from sessions where token = ?"", [token]
        )
        if result.first()[0]:
            return {""token"": token}
        else:
            return None

    return inner
```",107914493,datasette,issue,,,"{""url"": ""https://api.github.com/repos/simonw/datasette/issues/823/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,completed
635077656,MDU6SXNzdWU2MzUwNzc2NTY=,822,request.url_vars helper property,9599,simonw,closed,0,,,5512395,Datasette 0.44,2,2020-06-09T03:15:53Z,2020-06-09T03:40:07Z,2020-06-09T03:40:06Z,OWNER,,"This example: https://github.com/simonw/datasette/blob/f5e79adf26d0daa3831e3fba022f1b749a9efdee/docs/plugins.rst#register_routes

```python
from datasette.utils.asgi import Response
import html


async def hello_from(scope):
    name = scope[""url_route""][""kwargs""][""name""]
    return Response.html(""Hello from {}"".format(
        html.escape(name)
    ))


@hookimpl
def register_routes():
    return [
        (r""^/hello-from/(?P<name>.*)$""), hello_from)
    ]
```
Would be nicer if you could easily get `scope[""url_route""][""kwargs""][""name""]` directly from the request object, without looking at the `scope`.",107914493,datasette,issue,,,"{""url"": ""https://api.github.com/repos/simonw/datasette/issues/822/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,completed
635076066,MDU6SXNzdWU2MzUwNzYwNjY=,821,Add Response class to internals documentation,9599,simonw,closed,0,,,5512395,Datasette 0.44,0,2020-06-09T03:11:06Z,2020-06-09T03:32:16Z,2020-06-09T03:32:16Z,OWNER,,"> I'll need to add documentation of the `Response` object (and `Response.html()` and `Response.text()` class methods - I should add `Response.json()` too) to the internals page https://datasette.readthedocs.io/en/stable/internals.html

_Originally posted by @simonw in https://github.com/simonw/datasette/issues/215#issuecomment-640971470_",107914493,datasette,issue,,,"{""url"": ""https://api.github.com/repos/simonw/datasette/issues/821/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,completed
635037204,MDExOlB1bGxSZXF1ZXN0NDMxNDc4NzI0,819,register_routes() plugin hook,9599,simonw,closed,0,,,5512395,Datasette 0.44,0,2020-06-09T01:20:44Z,2020-06-09T03:12:08Z,2020-06-09T03:12:07Z,OWNER,simonw/datasette/pulls/819,Refs #215,107914493,datasette,pull,,,"{""url"": ""https://api.github.com/repos/simonw/datasette/issues/819/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",0,