Commit Graph

4 Commits

Author SHA1 Message Date
mpl 4fc061e8a2 pkg/server/app: refresh cached domain blobs on 403
To decide whether a search submitted to the app search proxy is allowed,
we compare its results to the domain blobs, result of the master query,
that we cache when the master query is set.

However, since the results of the master query are liable to change when
new blobs arrive (e.g. a new camliMember is added to the set that is
published), that cache may need to be invalidated. Otherwise, we might
reply with a 403 to search query that is actually allowed.

Therefore, this CL adds a refresh of the cache on two instances:

-When the app handler gets a search query that seems to be forbidden.
Before replying with a 403, we refresh the cache with the master query,
and recheck whether the search query is allowed.

-When the publisher gets a request for a "members" page, or the "file"
page, it preemptively asks the app handler to refresh. Now that a lot of
the client workflow has been moved to javascript/the browser, these
kinds of requests should not happen too often, so it seems a reasonable
place to ask for a refresh. But this might change, so we should of
course be careful not to flood the app handler with refresh requests in
the future.

In any case, the app handler is suppressing the refresh requests, so
that it does not perform refreshes at more that one per minute.

As a smarter approach, we could later imagine a way for the app handler
to be aware of when new blobs get to the blobserver (akin to the blob
hub that the sync handler uses?), so that it only ever refreshes when
needed.

Fixes #851

Change-Id: Idc14cce5018053deac01ec454e5c936ed93e5a05
2016-09-02 18:40:42 +02:00
mpl 3df678b010 pkg/server/app: proxy search requests for publisher
Some of the publisher features have moved from the server-side app to
the client-side app (the browser) thanks to gopherjs. Some of these
features imply doing some search queries against Camlistore, which
requires authentication. The server-side app receives the necessary
credentials on creation, from Camlistore. However, we can't just
communicate them to the client-side (as we do with the web UI) since the
publisher app itself does not require any auth and is supposed to be
exposed to the world.

Therefore, we need to allow some search queries to be done without
authentication.

To this end, the app handler on Camlistore now assumes a new role: it is
also a search proxy for the app. The app sends an unauthenticated search
query to the app handler (instead of directly to the search handler),
and it is the role of the app handler to verify that this query is
allowed for the app, and if yes, to forward the search to the Camlistore's
search handler.

We introduce a new mechanism to filter the search queries in the form of
a master query. Upon startup, the publisher registers, using the new
CAMLI_APP_MASTERQUERY_URL env var, a *search.SearchQuery with the app
handler. The app handler runs that query and caches all the blob refs
included in the response to that query. In the following, all incoming
search queries are run by the app handler, which checks that none of the
response blobs are out of the set defined by the aforementioned cached
blob refs. If that check fails, the search response is not forwarded to
the app/client.

The process can be improved in a subsequent CL (or patchset), with finer
grained domains, i.e. a master search query per published camliPath,
instead of one for the whole app handler.

Change-Id: I00d91ff73e0cbe78744bfae9878077dc3a8521f4
2016-08-29 19:14:19 +02:00
mpl 65343d114d pkg/server/app: improve app handling
These improvements on the server app handler should help writing
and running stand-alone apps.

The two main goals are:
1) "simple" configurations should work automatically; the parameters for
the app are derived from the Listen and BaseURL of the Camlistore
server.
2) More advanced configurations, such as being behind a proxy, should be
easily configurable through the app's Listen, BackendURL, and ApiHost
parameters.

I had worked on them while doing the scanning cabinet app, and I am
backporting them now since we haven't landed the scanning cabinet yet,
and people have been having trouble setting up the publisher.

pkg/app/app_test.go is gone because app.ListenAddress is now dumb. The
hard work is done in pkg/server/app instead.

Fixes #818

Change-Id: Ice2610d6bac611b209cc3a928e67fa6093a41d3e
2016-07-04 22:21:16 +02:00
Will Norris 620d837a3d website: update misc docs to markdown
- merge json-signing/json-signing.txt into json-signing/README.md
- rename publishing/README to publishing/README.md
- convert several doc/* files

Change-Id: I0bb7c03adcfac3848f97a70092de384c72f45958
2016-04-26 18:10:58 -07:00