perkeep

History

mpl 3df678b010 pkg/server/app: proxy search requests for publisher Some of the publisher features have moved from the server-side app to the client-side app (the browser) thanks to gopherjs. Some of these features imply doing some search queries against Camlistore, which requires authentication. The server-side app receives the necessary credentials on creation, from Camlistore. However, we can't just communicate them to the client-side (as we do with the web UI) since the publisher app itself does not require any auth and is supposed to be exposed to the world. Therefore, we need to allow some search queries to be done without authentication. To this end, the app handler on Camlistore now assumes a new role: it is also a search proxy for the app. The app sends an unauthenticated search query to the app handler (instead of directly to the search handler), and it is the role of the app handler to verify that this query is allowed for the app, and if yes, to forward the search to the Camlistore's search handler. We introduce a new mechanism to filter the search queries in the form of a master query. Upon startup, the publisher registers, using the new CAMLI_APP_MASTERQUERY_URL env var, a *search.SearchQuery with the app handler. The app handler runs that query and caches all the blob refs included in the response to that query. In the following, all incoming search queries are run by the app handler, which checks that none of the response blobs are out of the set defined by the aforementioned cached blob refs. If that check fails, the search response is not forwarded to the app/client. The process can be improved in a subsequent CL (or patchset), with finer grained domains, i.e. a master search query per published camliPath, instead of one for the whole app handler. Change-Id: I00d91ff73e0cbe78744bfae9878077dc3a8521f4	2016-08-29 19:14:19 +02:00
..
app.go	pkg/server/app: proxy search requests for publisher	2016-08-29 19:14:19 +02:00

mpl 3df678b010 pkg/server/app: proxy search requests for publisher

Some of the publisher features have moved from the server-side app to
the client-side app (the browser) thanks to gopherjs. Some of these
features imply doing some search queries against Camlistore, which
requires authentication. The server-side app receives the necessary
credentials on creation, from Camlistore. However, we can't just
communicate them to the client-side (as we do with the web UI) since the
publisher app itself does not require any auth and is supposed to be
exposed to the world.

Therefore, we need to allow some search queries to be done without
authentication.

To this end, the app handler on Camlistore now assumes a new role: it is
also a search proxy for the app. The app sends an unauthenticated search
query to the app handler (instead of directly to the search handler),
and it is the role of the app handler to verify that this query is
allowed for the app, and if yes, to forward the search to the Camlistore's
search handler.

We introduce a new mechanism to filter the search queries in the form of
a master query. Upon startup, the publisher registers, using the new
CAMLI_APP_MASTERQUERY_URL env var, a *search.SearchQuery with the app
handler. The app handler runs that query and caches all the blob refs
included in the response to that query. In the following, all incoming
search queries are run by the app handler, which checks that none of the
response blobs are out of the set defined by the aforementioned cached
blob refs. If that check fails, the search response is not forwarded to
the app/client.

The process can be improved in a subsequent CL (or patchset), with finer
grained domains, i.e. a master search query per published camliPath,
instead of one for the whole app handler.

Change-Id: I00d91ff73e0cbe78744bfae9878077dc3a8521f4

2016-08-29 19:14:19 +02:00

app.go

pkg/server/app: proxy search requests for publisher

2016-08-29 19:14:19 +02:00