What does HackerNews think of sandman2?

Automatically generate a RESTful API service for your legacy database. No code required!

Language: Python

#13 in Database
#53 in Python
#2 in REST API
#3 in REST API
Nocodb: Turns Any MySQL, Postgres, SQLite into a Spreadsheet with REST APIs | Oct 2022
Expand Context ↕
https://github.com/jeffknupp/sandman2 works with many different backends including sqlite, but postgrest definitely have the auth flow and security model right for these things.
PostgREST v9.0.0 | Nov 2021
I'm using sandman2[0] as a wrapper for psql and mysql databases. how is it different or any feature/differentiating factor I should consider for my future wrappers?

[0] - https://github.com/jeffknupp/sandman2

Ask HN: Is there a CRUD front end for databases (especially SQLite)? | Aug 2019
There are lots of apps that do database introspection. Some also generate forms on the fly, but eventually it's necessary to: specify a forms widget for a particular field because SQL schema only describes the data and not the UI; and specify security authorization restrictions on who can create, read, update, or delete data.

And then you want to write arbitrary queries to filter on columns that aren't indexed; but it's really dangerous to allow clients to run arbitrary SQL queries because there basically are no row/object-level database permissions (the application must enforce row-level permissions).

Datasette is a great tool for read-only database introspection and queries of SQLite databases. https://github.com/simonw/datasette

Sandman2 generates a REST API for an arbitrary database. https://github.com/jeffknupp/sandman2

You can generate Django models and then write admin.py files for each model/table that you want to expose in the django.contrib.admin interface.

There are a number of apps for providing a GraphQL API given introspection of a database that occurs at every startup or at runtime; but that doesn't solve for row-level permissions (or web forms)

If you have an OpenAPI spec for the REST API that runs atop The database, you can generate forms ("scaffolding") from the OpenAPI spec and then customize those with form widgets; optionally with something like json-schema.

It's not safe to allow introspected CRUD like e.g. phpMyAdmin for anything but development. If there are no e.g. foreign-key constraints specified in the SQL schema,a blindly-introspected UI very easily results in database corruption due to invalid foreign key references (because the SQL schema doesn't specify what table.column a foreign key references).

Django models, for example, unify SQL schema and forms UI in models.py; admin.py is optional but really useful for scaffolding (such as when you're doing manual testing because you haven't yet written automated tests) https://docs.djangoproject.com/en/2.2/ref/contrib/admin/#mod...

Sqlite to Rest | Jul 2019
Jeff Knupp's sandman2 (https://github.com/jeffknupp/sandman2) has long been my go-to project for when i need to do this.

I don't have to very often, but it is _very_ handy when I do!

Semi-related (kind of the inverse) tool is simon w's datasette (https://github.com/simonw/datasette) which gives you a readonly view into a sqlite database, conveniently exposed as a website. I've fired that up in meetings before to general shock and acclaim...

PostgreSQL Features to Try | Apr 2019
Expand Context ↕
I've also been a happy user of Sandman: https://github.com/jeffknupp/sandman2
Show HN: Datasette – Create and publish an API for SQLite databases | Nov 2017
Expand Context ↕
The "REST API for your database" thing isn't actually the part of this I'm most excited about - there are quite a few entries in that category already, such as https://github.com/jeffknupp/sandman2

The thing that excites me is being able to take almost any dataset, package it up into a simple, well-understood format and then deploy that in a read-only, highly scalable way, taking advantage of modern containerization systems.

Read-only SQLite is /perfect/ for this use-case. It's fast, widely supported, has a great feature-set and can be distributed as a single file.

My favourite feature of Datasette isn't the web UI, it's the publish command:

    datasette publish now ~/path-to-my/sqlite.db
Combined with my https://github.com/simonw/csvs-to-sqlite tool it means you can take a CSV file and turn it into a live-on-the-internet REST SQL API in literally minutes. Here are a bunch of datasets that I've done that to just today: https://github.com/simonw/datasette/wiki/Datasettes
pREST – A fully RESTful API from any existing PostgreSQL database writting in Go | Jun 2017
Expand Context ↕
check out sandman, https://github.com/jeffknupp/sandman2
Is PostgreSQL good enough? | Feb 2017
Expand Context ↕
Nice, Postgrest looks really amazing, especially for long-term production needs. I've previously used Sandman, which is much easier to set up, which makes it ideal for more quick-and-dirty needs: https://github.com/jeffknupp/sandman2
Automatic REST API for Any Postgres Database | Jan 2015
Expand Context ↕
That probably is because he rewrote it:

https://github.com/jeffknupp/sandman2