File download is done by a GET request to a URL from the FILE_INFO element. The file offset, if any, is given in Range: attribute of the HTTP header.
File upload is done using POST operations to a CGI program. A security mechanism prevents unauthorized upload of large amounts of data to the server. Two RPC operations are used.
1) Get file size
The request message has the form:
<data_server_request>
<core_client_major_version>1</core_client_major_version>
<core_client_minor_version>1</core_client_minor_version>
<get_file_size>filename</get_file_size>
</data_server_request>
The reply message has the form:
<data_server_reply>
<status>x</status>
[ <message>text</message>
| <file_size>nbytes</file_size> ]
</data_server_reply>
The <file_size> element is omitted in error cases;
nbytes is -1 if the file doesn't exist.
There are no security mechanisms.
TODO: should distinguish between permanent and transient errors
(i.e. whether should retry or give up).
2) Upload file
Request message format:
<data_server_request> <core_client_major_version>1</core_client_major_version> <core_client_minor_version>1</core_client_minor_version> <file_upload> <file_info> ... <xml_signature> ... </xml_signature> </file_info> <nbytes>x</nbytes> <offset>x</offset> <data> ... (nbytes bytes of data; may be binary) </data>
The <file_info> element is the exact text sent from the scheduling server to the client. It includes a signature based on the project's file upload authentication key pair. <nbytes> is the amount of data being uploaded. <offset> is the offset within the file.
Reply message format:
<data_server_reply>
<status>x</status>
<message>x</message>
</data_server_reply>
The status is zero if the operation succeeded.
TODO: should distinguish between permanent and transient errors
(i.e. whether should retry or give up).