1. Actions for REST/HTTP req/res processing
2. CORS
3. Logging
4. Rate Limiting
5. Authorization
6. Express/KOA middleware

1. Transports/protocols
2. WebSocket
3. MQTT
4. gRPC (HTTP2 & ProtoBuffer3)

1. API styles
2. GraphQL
3. oData
4. JSON API http://jsonapi.org/
5. XML

1. Cloud native integration
2. Docker/compose/k8s/
3. Istio: Metrics/Distributed tracing
4. Bluemix/AWS/Azure

1. Built-in models
2. User/Team/Organization
3. Application
4. AccessToken

1. Mixins

1. Connectors

1. CLI commands

1. Caching

1. Boot
2. OpenAPI Specs
3. Controllers
4. Repositories/Services
5. Components
6. Model definitions
   
   
   
   • JSON schemas
   
   
   • OpenAPI specs
   
   
   • WSDL/XML Schema
   
   
   • GraphQL Schema
   
   
   • ...
   
   
7. Data sources
8. Connectors
9. gRPC service/message
10. ...

A visual builder/app inspector to develop, modify and debug a Loopback4 app.
ARC, but more functionality
API Connect Developer Toolkit, but without the IBM account tie-in.
Node-RED, but for Loopback :)

1. Connectors
2. Minio (https://github.com/minio/minio)

A well defined connector fintech/payment interface whose services such as credit cards, Plaid, PayPal, Android Pay, Apple Pay could be reduced to.

CMS like Keystone.js

• Implementation for Angular Universal and SSR

Left and Inner Joins on queries. Perhaps just use GraphQL with something like Join Monster to generate smart SQL behind the scenes.

Cross-posting from https://github.com/strongloop/loopback-next/issues/540 (cc @delebash)

Offline first synchronization

In loopback 3 you have offline sync abilities. I think being able to have two way sync from local to remote database is very important. At least for me :)

PouchDB is a good example of offline first synchronization

Another example not reliant on CouchDB is DexieJs seems like they have a nice synchronization component built in and are nearing version 2.0 release

A customizable control panel for administrators similar to strapi.io ?
Could this be provided as an extension ?

• Add a client SDK for VueJs.
• Internationalization

Feature/External Component Support

Please remove whatever is implemented. I have not read 4.0 docs completely

• Current 3.0 like generators (Model, Relation, API, Swagger support, etc)
• Model property level ACL
• Multi-Tenant level support (add remove model properties for specific tenant, different ACLs for tenant) for models
• Flow Support (possible extended component for Workflow support component based on BPMN/CMMN)
• OAuth Server (Auth/Resource) / Login system External Component
• Comprehensive Storage External Component
• Comprehensive DB Support like 3.0 Single API Component
• Working Example or Implementation based Documentation (bettered). Currently new loopback users can find it blocking to implement some sections without working example

• ArangoDB connector

• RethinkDB connector

To extend what @jpventura said about a payment interface. Could add Stripe.

FireStore connector

Client SDK for Angular

Soft Deletes

Multi-Tenant Model Generator

Integrating SDK for Angular 2+

Crypto shredding

Quoting from the latest ThoughtWorks Technology Radar:

Maintaining proper control over sensitive data is difficult, especially when—for backup and recovery purposes—data is copied outside of a master system of record. Crypto shredding is the practice of rendering sensitive data unreadable by deliberately overwriting or deleting encryption keys used to secure that data. For example, an entire table of customer personal details could be encrypted using random keys for each record, with a different table storing the keys. If a customer exercised their "right to be forgotten," we can simply delete the appropriate key, effectively "shredding" the encrypted data. This technique can be useful where we're confident of maintaining appropriate control of a smaller set of encryption keys but less confident about control over a larger data set.

A connector for CockroachDB.

Quoting from https://www.thoughtworks.com/radar/platforms/cockroachdb:

CockroachDB is an open source distributed database inspired by the white paper Spanner: Google's distributed database. In CockroachDB, data is automatically divided into ranges, usually 64MB, and distributed across nodes in the cluster. Each range has a consensus group and, because it uses the Raft consensus algorithm/, the data is always kept in sync. With its unique design, CockroachDB provides distributed transactions and geo-partitioning while still supporting SQL. Unlike Spannerr, which relies on TrueTime with atomic clock for linearizability, CockroachDB uses NTPl for clock synchronization and provides serializability as the default isolation level. If you're working with structured data that fits in a single node, then choose a traditional relational database. However, if your data needs to scale across nodes, be consistent and survive failures, then we recommend you take a closer look at CockroachDB.

Access control

Access control
Authorization

For those looking for loopback 4 access control, you can use a third party service to handle it.
https://github.com/ory/keto

I've had great success with ORY Keto.

I made a typescript client for it if anyone is interested.
https://github.com/codejamninja/ory-keto-client

Honestly, in a microservice environment, your services probably shouldn't be handling access control anyways.

I'm also delegating Authorization to another ORY 3rd party service called Hydra.
https://github.com/ory/hydra

It's fully Oauth2 compliant, which is highly recommended for new services in a time where handling and securing user data is getting scrutinized under a microscope.

You can see my loopback integration code in the following repos . . .
https://github.com/codejamninja/loopback4-hydra
https://github.com/codejamninja/ory-stack
https://github.com/codejamninja/login-ui

I'm kinda thinking if people choose to use third-party services for access control and authorization, it will free up the loopback team to focus on other important features third-party services can't solve, like better database support and more database relations.

Mongodb transactions support

_Merging #509 into this issue so that we have all extension wish list in one place_

Cross posting https://github.com/strongloop/loopback-next/issues/509#issuecomment-322518526 from @kjdelisle.

8 👍 in the original post

RequestContext Extension

Purpose

Using the existing ParameterObject definitions, and your OpenAPI spec, make a new custom Sequence extension that automatically converts incoming requests into POTOs (Plain Old TypeScript Objects) that will simplify handling of incoming arguments and parameters.

Example:

const offsetSpec: ParameterObject = {
         name: 'offsetSpec',
         type: 'number',
         in: 'query',
};

const pageSizeSpec: ParameterObject = {
         name: 'pageSize',
         type: 'number',
         in: 'query',
};

const List: RequestObject = {
   parameters: [
     offsetSpec,
     pageSizeSpec,
   ]
};

class MyController {
  @operation('get', '/', {responses})
  @request(List)
  list(list: List) {
    // Auto-populate a List (RequestObject) instance based on provided values
  }
}

See https://github.com/strongloop/loopback-next/issues/476 for a complete proposal.

Why?

• Don't have to deal with parsing requests yourself; it gets turned into a request object for you!
• You can make those objects extensions of your models (ex. ListRequest extends List) to transform those objects into logical model instances for ease-of-use in your Repository implementation(s).

Estimated Development Time

Assuming no technical blockers, I'd roughly estimate this to take approx. two weeks for development and unit testing

Will You Build It?

I would be willing to build this myself, with some help of course. :)

_Merging #509 into this issue so that we have all extension wish list in one place_

Cross posting https://github.com/strongloop/loopback-next/issues/509#issuecomment-328367346 from @MartinCerny-awin .

20 👍 in the original post

Audit Log

Log changes performed on models. It would help to keep track of who used, created or changed an entity and the point in time this happened.

The same model that is being audited would be created with added properties mentioned in what should be stored section. This model will get updated when audit action happens.

When should audit happen (taken from #2872)

1. We give users the option which RESTfull endpoint (or which model) they want to have the audit middleware active for. Or introducing exceptions option which makes the middleware active for all endpoints except the ones mentioned in exceptions
2. We give them option which req.methods they want to have this middleware active for... I think it does not make sense to have this middleware active for req.method == 'GET' since this middleware would become a bottleneck of the application and you would not get that useful information either.

What should be stored

• Model properites
• Created timestamp
• Modified timestamp
• HTTP method
• Path
• User Id

_Merging #509 into this issue so that we have all extension wish list in one place_

Cross posting https://github.com/strongloop/loopback-next/issues/509#issuecomment-329100530 from @bajtos .

17 👍 in the original post

Cross-posting from #119

Real-Time features

I'm opening this thread to discuss and define a scope for real-time functionalities possibly provided by LB-Next.

Currently there are implemented functionalities like event streams, but honestly are not helpful at all when building real life applications, therefore I have built several real-time approaches on top of loopback, which I believe 2 were the most important.

1.- Implemented PubSub functionality.
2.- Implemented Firebase alike interface.

_Merging #509 into this issue so that we have all extension wish list in one place_

Cross posting https://github.com/strongloop/loopback-next/issues/509#issuecomment-340876230 from @jackrvaughan .

14 👍 in the original post

ACL Restrictions on Model Properties

Restrict certain model properties to different user types. For example, a user model could have an account-type property that could only be changed by an admin and not by the owner (but the rest of the model could be changed by the owner).

Will You Build It?

I don't think I'd know where/how to start - but I could definitely try with some guidance.

_Merging #509 into this issue so that we have all extension wish list in one place_

Cross posting https://github.com/strongloop/loopback-next/issues/509#issuecomment-342788573 from @akashjarad.

9 👍 in the original post

Loopback mqtt/amqp support.
make an extension for MQTT protocol.
Will You Build It?
i am willing to contribute , and need guidance .

_Merging #509 into this issue so that we have all extension wish list in one place_

Cross posting https://github.com/strongloop/loopback-next/issues/509#issuecomment-348083203 from @rpinaa .

5 👍 in the original post

Features!

• Define validating data inside @property annotation like Java Bean Validation (https://docs.oracle.com/javaee/6/tutorial/doc/gircz.html). Making this approach we can delegate the business constraints to domain-model layer.
• Standardize the environment profiles, local (default), development, staging and production; perhaps using the loopback 3.x.x functionality or making it better.
• Improve the transactional support for relational data bases, helping it with an annotation @transactional and define isolation levels like loopback 3.x.x approach.

_Merging #509 into this issue so that we have all extension wish list in one place_

Cross posting https://github.com/strongloop/loopback-next/issues/509#issuecomment-358761993 from @monster910 .

API Tool Improvements

1. Make a custom API and expose it to explorer
   https://groups.google.com/forum/#!searchin/loopbackjs/swagger%7Csort:date/loopbackjs/l6FQGCjNpEY/rrTqHFbZAQAJ

2. Make a custom API and generate swagger def from it. Same as #1 above except make sure the export to swagger works

3. Improved error handing for APIs using 400 and 500 HTML status codes and allow the explorer to test those cases

4. Generate swagger properly from #3 above

5. Ability to defined a API that is NOT attached to a model

Will You Build It?

Perhaps

_Merging #509 into this issue so that we have all extension wish list in one place_

Cross posting https://github.com/strongloop/loopback-next/issues/509#issuecomment-374447040 from @ganeshkbhat .

2 👍 in the original post

Feature/External Component Support

Please remove whatever is implemented. I have not read 4.0 docs completely

• Current 3.0 like generators (Model, Relation, API, Swagger support, etc)
• Model property level ACL
• Multi-Tenant level support (add remove model properties for specific tenant, different ACLs for tenant) for models
• Flow Support (possible extended component for Workflow support component based on BPMN/CMMN)
• OAuth Server (Auth/Resource) / Login system External Component
• Comprehensive Storage External Component
• Comprehensive DB Support like 3.0 Single API - Multiple DB Adaptor Component
• Working Example or Implementation based Documentation (bettered). Currently new loopback users like me can find it blocking to implement some sections without working example

Will you build it?

I would definitely like to contribute if I have guidance

• Discovering models from a database (as done in loopback 2 with slc arc)

Metrics

firestore connector

Open the where-filter, to get something like this

labels @> ARRAY['pommes','ketchup']::varchar[]

to work.

Is there any plan to add support for Compression Middleware? Also, it would be nice to have some form of logging out of the box, maybe with morgan

Is there any plan to add support for Compression Middleware? Also, it would be nice to have some form of logging out of the box, maybe with morgan

Eventually, we would like to allow LB4 applications to mount any Express middleware for request pre-processing, but we are not there yet. See https://github.com/strongloop/loopback-next/issues/1293.

For now, you can mount LB4 application on a top-level Express application and configure middleware like compression and morgan on that Express application. See
https://loopback.io/doc/en/lb4/express-with-lb4-rest-tutorial.html

Personally, I'd prefer to use 🌲pino🌲 as the default logger, because of its performance.

1. Authorisation headers in GraphQL mutation and queries.
2. Reading session information headers.

1. Built-in models

• User/Team/Organization
• Application
• AccessToken

User, Group, Role, Permission models was added on loopback-authorization-extension

A visual builder/app inspector to develop, modify and debug a Loopback4 app.
ARC, but more functionality
API Connect Developer Toolkit, but without the IBM account tie-in.
Node-RED, but for Loopback :)

I'd like to add an idea for some low-hanging but powerful fruit: There's a great visual model builder I'm using called GenMyModel.com (free for solo use). You can export your data model as .xmi file. And I've just convinced one of my clients to let me re-create their back end with lb4. Would be nice if I could feed the .xmi to loopback and it would auto-scaffold everything in one command including lb4 model, controllers, and database. Then I can just go and tweak the routing and functionality as needed. I might build that extension myself if I get time in a few months.

I'd like to add an idea for some low-hanging but powerful fruit: There's a great visual model builder I'm using called GenMyModel.com (free for solo use). You can export your data model as .xmi file. And I've just convinced one of my clients to let me re-create their back end with lb4. Would be nice if I could feed the .xmi to loopback and it would auto-scaffold everything in one command including lb4 model, controllers, and database. Then I can just go and tweak the routing and functionality as needed. I might build that extension myself if I get time in a few months.

Thank you @consultantcraig for posting this idea. Our CLI tool can be invoked in a non-interactive headless mode where answers from prompts are supplied via a JSON file. I think it should be possible to build a tool you have described using this feature.

I can also imagine adding a new command to the CLI that will accept a single JSON file with a list of commands & their arguments to run. With such command in place, your .xmi converter can be simple - just convert .xmi into JSON input expected by LB4 CLI.

Having said that, I don't think we will have bandwidth to make these CLI improvements ourselves in the near future. However, we are happy to help you along the way if you decide to contribute it yourself.

Schematics support with the CLI like in Angular CLI

SLC ARC with visual builder like version 3. Not command line based like apic discover.

Left and Inner Joins on queries. Perhaps just use GraphQL with something like Join Monster to generate smart SQL behind the scenes.

I'd also like a simple solution to modelling a database table which doesn't have a typical primary key (e.g. a column named id). I often have to build applications that read data from an IW that was designed more for management reports, where the tables use "real data" columns for their primary key. A simple example could be an order view/table where the order number is the primary key, or a product table where the part number (or SKU) is the PK. Or a list of employees where w3 ID is the PK. It's a common scenario when an application needs to interface to a database that's owned by a third-party.

Similarly, there are times when I want to include data within one LB4 model that is sourced from more than one table in the database layer. Sample use case: an Inventory model, where I would like to include the product description from the Product table along with the inventory data.

Better documentation with more useful examples about WebSocket e.g:
https://github.com/strongloop/loopback-next/issues/4044

Messaging connectors and bridge:
strong-pubsub
strong-pubsub-bridge
strong-pubsub-connection-mqtt

• AWS Services Extensions like:

1. S3 bucket datasource to handle file object related operations.
2. Elastic Search datasource extension.
3. Lambda functions supports extensions (development/deployment using loopback extensions)