📝 docs: planning auth route
parent
0d155a5b36
commit
fa070ea7d0
|
@ -98,7 +98,7 @@ stronger is ready.
|
||||||
- (X) Clean up scraper endpoint
|
- (X) Clean up scraper endpoint
|
||||||
- (X) Add (almost) end-to-end tests for test scraper endpoint
|
- (X) Add (almost) end-to-end tests for test scraper endpoint
|
||||||
- (X) Thread server endpoints through relay scraper auth
|
- (X) Thread server endpoints through relay scraper auth
|
||||||
- ( ) Add tests for other scraper endpoints
|
- (don't care) Add tests for other scraper endpoints
|
||||||
- (don't care) Factor v1 API into v1 module
|
- (don't care) Factor v1 API into v1 module
|
||||||
- (X) Add real scraper endpoints
|
- (X) Add real scraper endpoints
|
||||||
- ( ) Manually create SQLite DB for scraper keys, add 1 hash
|
- ( ) Manually create SQLite DB for scraper keys, add 1 hash
|
||||||
|
@ -139,6 +139,74 @@ These will all be JSON for now since Python, Rust, C++, C#, etc. can handle it.
|
||||||
For compatibility with wget spidering, I _might_ do XML or HTML that's
|
For compatibility with wget spidering, I _might_ do XML or HTML that's
|
||||||
machine-readable. We'll see.
|
machine-readable. We'll see.
|
||||||
|
|
||||||
|
## DB / UI impl
|
||||||
|
|
||||||
|
Sprint 1:
|
||||||
|
|
||||||
|
- Look up keys by their hash
|
||||||
|
- not_before
|
||||||
|
- not_after
|
||||||
|
- name
|
||||||
|
- X-Email associated with key
|
||||||
|
|
||||||
|
Sprint 2:
|
||||||
|
|
||||||
|
- UI to generate / revoke keys
|
||||||
|
|
||||||
|
## SQL schema
|
||||||
|
|
||||||
|
Migration
|
||||||
|
|
||||||
|
```
|
||||||
|
create table scraper_keys (
|
||||||
|
hash text primary key, -- Using blake3 for this because it's not a password
|
||||||
|
not_before integer not null, -- Seconds since epoch
|
||||||
|
not_after integer not null, -- Seconds since epoch
|
||||||
|
name text not null, -- Human-friendly nickname
|
||||||
|
email text not null -- Email address that created the key
|
||||||
|
);
|
||||||
|
```
|
||||||
|
|
||||||
|
Look up hash
|
||||||
|
|
||||||
|
```
|
||||||
|
select not_before, not_after name, email
|
||||||
|
from scraper_keys
|
||||||
|
where
|
||||||
|
hash = $1 and
|
||||||
|
strftime ('%s') >= not_before and
|
||||||
|
strftime ('%s') < not_after
|
||||||
|
;
|
||||||
|
```
|
||||||
|
|
||||||
|
Create key
|
||||||
|
|
||||||
|
```
|
||||||
|
-- Generate entropy in app code
|
||||||
|
insert into scraper_keys (
|
||||||
|
hash,
|
||||||
|
not_before,
|
||||||
|
not_after,
|
||||||
|
name,
|
||||||
|
email
|
||||||
|
) values (
|
||||||
|
$1,
|
||||||
|
strftime ('%s'),
|
||||||
|
strftime ('%s') + 2592000,
|
||||||
|
$4,
|
||||||
|
$5
|
||||||
|
);
|
||||||
|
|
||||||
|
-- Respond to client with plaintext key and then forget it.
|
||||||
|
-- If a network blip causes the key to evaporate, the client should revoke it.
|
||||||
|
```
|
||||||
|
|
||||||
|
Revoke key
|
||||||
|
|
||||||
|
```
|
||||||
|
|
||||||
|
```
|
||||||
|
|
||||||
## Decision journal
|
## Decision journal
|
||||||
|
|
||||||
**Who generates the API key? The scraper client, or the PTTH relay server?**
|
**Who generates the API key? The scraper client, or the PTTH relay server?**
|
||||||
|
|
Loading…
Reference in New Issue