perkeep/doc/app-environment.md

40 lines
1.7 KiB
Markdown
Raw Normal View History

# Application Environment
Perkeep applications run with the following environment variables set:
`CAMLI_API_HOST` (string)
: URL prefix of the Perkeep server which the app should use to make API calls.
It always ends in a trailing slash. Examples:
- https://foo.org:3178/pub/
- https://foo.org/pub/
- http://192.168.0.1/
- http://192.168.0.1:1234/
`CAMLI_APP_LISTEN` (string)
: address (of the form host|ip:port) on which the app will listen.
See https://golang.org/pkg/net/#Dial for the supported syntax.
`CAMLI_APP_CONFIG_URL` (string)
: URL containing JSON configuration for the app. The app should once, upon
startup, fetch this URL (using CAMLI_AUTH) to retrieve its configuration data.
The response JSON is the contents of the app's "appConfig" part of the config
file.
pkg/server/app: proxy search requests for publisher Some of the publisher features have moved from the server-side app to the client-side app (the browser) thanks to gopherjs. Some of these features imply doing some search queries against Camlistore, which requires authentication. The server-side app receives the necessary credentials on creation, from Camlistore. However, we can't just communicate them to the client-side (as we do with the web UI) since the publisher app itself does not require any auth and is supposed to be exposed to the world. Therefore, we need to allow some search queries to be done without authentication. To this end, the app handler on Camlistore now assumes a new role: it is also a search proxy for the app. The app sends an unauthenticated search query to the app handler (instead of directly to the search handler), and it is the role of the app handler to verify that this query is allowed for the app, and if yes, to forward the search to the Camlistore's search handler. We introduce a new mechanism to filter the search queries in the form of a master query. Upon startup, the publisher registers, using the new CAMLI_APP_MASTERQUERY_URL env var, a *search.SearchQuery with the app handler. The app handler runs that query and caches all the blob refs included in the response to that query. In the following, all incoming search queries are run by the app handler, which checks that none of the response blobs are out of the set defined by the aforementioned cached blob refs. If that check fails, the search response is not forwarded to the app/client. The process can be improved in a subsequent CL (or patchset), with finer grained domains, i.e. a master search query per published camliPath, instead of one for the whole app handler. Change-Id: I00d91ff73e0cbe78744bfae9878077dc3a8521f4
2016-07-20 15:54:29 +00:00
`CAMLI_APP_MASTERQUERY_URL` (string)
: URL to Post (using CAMLI_AUTH) the search.SearchQuery, that the app
handler should register as being the master query for the app handler search
proxy. All subsequent searches will then only be allowed if their response is a
pkg/server/app: refresh cached domain blobs on 403 To decide whether a search submitted to the app search proxy is allowed, we compare its results to the domain blobs, result of the master query, that we cache when the master query is set. However, since the results of the master query are liable to change when new blobs arrive (e.g. a new camliMember is added to the set that is published), that cache may need to be invalidated. Otherwise, we might reply with a 403 to search query that is actually allowed. Therefore, this CL adds a refresh of the cache on two instances: -When the app handler gets a search query that seems to be forbidden. Before replying with a 403, we refresh the cache with the master query, and recheck whether the search query is allowed. -When the publisher gets a request for a "members" page, or the "file" page, it preemptively asks the app handler to refresh. Now that a lot of the client workflow has been moved to javascript/the browser, these kinds of requests should not happen too often, so it seems a reasonable place to ask for a refresh. But this might change, so we should of course be careful not to flood the app handler with refresh requests in the future. In any case, the app handler is suppressing the refresh requests, so that it does not perform refreshes at more that one per minute. As a smarter approach, we could later imagine a way for the app handler to be aware of when new blobs get to the blobserver (akin to the blob hub that the sync handler uses?), so that it only ever refreshes when needed. Fixes #851 Change-Id: Idc14cce5018053deac01ec454e5c936ed93e5a05
2016-09-01 18:05:38 +00:00
subset of the master query response. If the URL parameter "refresh=1" is sent,
the SearchQuery is ignored and the app handler will rerun the currently registered
master query to refresh the corresponding cache.
pkg/server/app: proxy search requests for publisher Some of the publisher features have moved from the server-side app to the client-side app (the browser) thanks to gopherjs. Some of these features imply doing some search queries against Camlistore, which requires authentication. The server-side app receives the necessary credentials on creation, from Camlistore. However, we can't just communicate them to the client-side (as we do with the web UI) since the publisher app itself does not require any auth and is supposed to be exposed to the world. Therefore, we need to allow some search queries to be done without authentication. To this end, the app handler on Camlistore now assumes a new role: it is also a search proxy for the app. The app sends an unauthenticated search query to the app handler (instead of directly to the search handler), and it is the role of the app handler to verify that this query is allowed for the app, and if yes, to forward the search to the Camlistore's search handler. We introduce a new mechanism to filter the search queries in the form of a master query. Upon startup, the publisher registers, using the new CAMLI_APP_MASTERQUERY_URL env var, a *search.SearchQuery with the app handler. The app handler runs that query and caches all the blob refs included in the response to that query. In the following, all incoming search queries are run by the app handler, which checks that none of the response blobs are out of the set defined by the aforementioned cached blob refs. If that check fails, the search response is not forwarded to the app/client. The process can be improved in a subsequent CL (or patchset), with finer grained domains, i.e. a master search query per published camliPath, instead of one for the whole app handler. Change-Id: I00d91ff73e0cbe78744bfae9878077dc3a8521f4
2016-07-20 15:54:29 +00:00
`CAMLI_AUTH` (string)
: Username and password (username:password) that the app should use to
authenticate over HTTP basic auth with the Perkeep server. Basic auth is
unencrypted, hence it should only be used with HTTPS or in a secure (local
loopback) environment.
See the
[app.HandlerConfig](https://camlistore.org/pkg/server/app/#HandlerConfig)
type for how the Perkeep app handler sets the variables up.