diff options
author | onefang | 2020-09-08 21:38:19 +1000 |
---|---|---|
committer | onefang | 2020-09-08 21:38:19 +1000 |
commit | fccdf8c6f0f2a062ed35e93c5c322d781c3e6c55 (patch) | |
tree | e86a9571a0c729ee279474652b383462b97aef61 /src/NOTES.txt | |
parent | Install notes. (diff) | |
download | opensim-SC-fccdf8c6f0f2a062ed35e93c5c322d781c3e6c55.zip opensim-SC-fccdf8c6f0f2a062ed35e93c5c322d781c3e6c55.tar.gz opensim-SC-fccdf8c6f0f2a062ed35e93c5c322d781c3e6c55.tar.bz2 opensim-SC-fccdf8c6f0f2a062ed35e93c5c322d781c3e6c55.tar.xz |
SledjChisl notes.
Diffstat (limited to '')
-rw-r--r-- | src/NOTES.txt | 383 |
1 files changed, 383 insertions, 0 deletions
diff --git a/src/NOTES.txt b/src/NOTES.txt new file mode 100644 index 0000000..a72e7c8 --- /dev/null +++ b/src/NOTES.txt | |||
@@ -0,0 +1,383 @@ | |||
1 | I'm re-purposing this for SledjHamr https://sledjhamr.org/git/docs/index.html | ||
2 | |||
3 | The general structure of SledjHamr is a bunch of servers talking to each | ||
4 | other via Internet (or just local) connections. One of them is a web | ||
5 | server for assets, world data, and inventory. | ||
6 | |||
7 | Originally I didn't think using a web based world client was a good idea, | ||
8 | however it might be better to have one, for reasons. Now I need a web | ||
9 | management console that can do all the things the current tmux console | ||
10 | can, including OpenSim console and commands. Plus account management for | ||
11 | users. I can also use a web based Jabber / XMPP front end to chat, IM, | ||
12 | and group chatter, which would run in the normal viewers web browser. | ||
13 | This provides a doorway into putting SledjHamr stuff in existing viewers | ||
14 | without needing them to support it. So a web based viewer now makes more | ||
15 | sense, and also means we can get away with not needing a viewer at all. | ||
16 | |||
17 | Toybox itself doesn't include a web server, and I don't think there is | ||
18 | one on the roadmap. So we have to use an external web server, which was | ||
19 | a design goal of SledjHamr in the first place, using existing mature | ||
20 | HTTP infrastructure, coz that's already solved problems for a bunch of | ||
21 | things that plague OS/SL to this day. Clear your cache! Pffft. | ||
22 | |||
23 | So sledjchisl.c will be the "love world server", though initially it just | ||
24 | drives OpenSim_SC in tmux via tmux commands to send keys and read output. | ||
25 | Later it might run opensim_SC directly and use STDIN and STDOUT to do | ||
26 | everything. It'll also provide the text management front end that runs | ||
27 | in the left tmux panel of the first window, which is why it's based on | ||
28 | boxes in the first place. Later still it can take over opensim_SC | ||
29 | functions as I move them out of mono. | ||
30 | |||
31 | We will need a text, web, and GUI version of this management front end. | ||
32 | Hmmm, maybe don't need a GUI version, GUI users can just run a terminal. | ||
33 | |||
34 | After much research, FastCGI / FCGI seems to be the most portable way of | ||
35 | interfacing with existing web servers. FCGI protocol closes STDERR and | ||
36 | STDOUT, and uses STDIN as it's two way communications channel to the web | ||
37 | server, so our FCGI module can't be used as the text management front | ||
38 | end. This is probably a good idea to keep them seperate anyway, for | ||
39 | security, coz the web server is exposed to the world, the console isn't. | ||
40 | |||
41 | Currently sledjchisl.c tests to see if it's running in tmux already, if | ||
42 | it isn't it starts up tmux runs itself into this new tmux, then exits. | ||
43 | So it could also test if it's running from FCGI, and switch to web mode, | ||
44 | then it'll need to find the tmuxed instance to send commands to it. | ||
45 | Either via nails connection, or sending tmux commands via shell. | ||
46 | |||
47 | FCGI has methods of dealing with auth and templates. B-) | ||
48 | |||
49 | So for now I think I'll have the text and web management front ends in | ||
50 | sledjchisl.c, and the love world server as well. I can split them up | ||
51 | later if I need to. | ||
52 | |||
53 | |||
54 | |||
55 | |||
56 | I has Apache 2.4.25-3+deb9u9 | ||
57 | MariaDB 10.1.44-MariaDB | ||
58 | |||
59 | |||
60 | https://gist.github.com/dermesser/e2f9b66457ae19ebd116 | ||
61 | Multithreaded example in C. | ||
62 | |||
63 | |||
64 | ------------------------------------------------------------------- | ||
65 | |||
66 | Apache doesn't seem to support FCGI filter role, so I might have to do | ||
67 | without. Might be better anyway. | ||
68 | |||
69 | |||
70 | "A Filter is similar in functionality to a Responder that takes a data | ||
71 | file as a parameter. The difference is that with a Filter, both the data | ||
72 | file and the Filter itself can be access controlled using the Web | ||
73 | server's access control mechanisms, while a Responder that takes the name | ||
74 | of a data file as a parameter must perform its own access control checks | ||
75 | on the data file." | ||
76 | |||
77 | Which is fine, our access control checks will be "Is this database | ||
78 | defined user already logged on via our FCGI script?". We should have | ||
79 | total control over that. I was planning on using the FCGI auth | ||
80 | mechanism anyway. | ||
81 | |||
82 | |||
83 | RESPONDER | ||
84 | web server sends FCGI_PARAMS | ||
85 | CONTENT_LENGTH | ||
86 | web server sends input body FCGI_STDIN | ||
87 | fcgi app sends result data over FCGI_STDOUT and error messages over FCGI_STDERR | ||
88 | it has to finish reading FCGI_PARAMS first | ||
89 | fcgi app sends FCGI_END_REQUEST(protocolStatus = FCGI_REQUEST_COMPLETE) | ||
90 | |||
91 | |||
92 | FILTER | ||
93 | filtered file has last modified time | ||
94 | web server sets FCGI_DATA_LAST_MOD accordingly | ||
95 | web server sends FCGI_PARAMS | ||
96 | CONTENT_LENGTH FCGI_DATA_LAST_MOD FCGI_DATA_LENGTH | ||
97 | web server sends input body FCGI_STDIN | ||
98 | web servers sends file over FCGI_DATA | ||
99 | fcgi app can ignore FCGI_DATA and use it's own cached copy based on FCGI_DATA_LAST_MOD | ||
100 | fcgi app sends result data over FCGI_STDOUT and error messages over FCGI_STDERR | ||
101 | it has to finish reading FCGI_STDIN first, but not FCGI_DATA | ||
102 | fcgi app sends FCGI_END_REQUEST(protocolStatus = FCGI_REQUEST_COMPLETE) | ||
103 | |||
104 | |||
105 | Soooo, FILTER might be slower anyway if we are caching the filtered file, | ||
106 | or mmapping it, coz filter has to start sending the filtered file, even | ||
107 | if it's to be served from cache. Plus no need to wait for FCGI_STDIN | ||
108 | before spewing it out. | ||
109 | |||
110 | |||
111 | Last update time for parameters, plus an update frequency. Once a minute. | ||
112 | |||
113 | NOTE - SSI is a bit more complex than what I'm currently using. | ||
114 | https://en.wikipedia.org/wiki/Server_Side_Includes | ||
115 | <!--#include virtual="menu.cgi" --> | ||
116 | <!--#include file="footer.html" --> | ||
117 | <!--#exec cgi="/cgi-bin/foo.cgi" --> | ||
118 | <!--#exec cmd="ls -l" --> | ||
119 | . <!--#echo var="REMOTE_ADDR" --> | ||
120 | <!--#config timefmt="%y %m %d" --> | ||
121 | <!--#config sizefmt="bytes" --> | ||
122 | <!--#config errmsg="SSI command failed!" --> | ||
123 | <!--#flastmod virtual="index.html" --> | ||
124 | <!--#fsize file="script.pl" --> | ||
125 | <!--#if expr="${Sec_Nav}" --> | ||
126 | <!--#include virtual="secondary_nav.txt" --> | ||
127 | <!--#elif expr="${Pri_Nav}" --> | ||
128 | <!--#include virtual="primary_nav.txt" --> | ||
129 | <!--#else --> | ||
130 | <!--#include virtual="article.txt" --> | ||
131 | <!--#endif --> | ||
132 | <!--#set var="foo" value="bar" --> | ||
133 | <!--#printenv --> | ||
134 | https://www.w3.org/Jigsaw/Doc/User/SSI.html | ||
135 | Adds lots of others, including Java stuff. | ||
136 | Mine | ||
137 | <!--#lua lua="print(table[key])" --> | ||
138 | <!--#lua file="/path/to/script.lua" --> | ||
139 | <!--#lua virtual="https://example.com/script.lua" --> | ||
140 | |||
141 | ------------------------------------------------------------------- | ||
142 | |||
143 | Account creation process in the database. | ||
144 | |||
145 | |||
146 | UserAccounts table - | ||
147 | UserFlags 64 is "allow gods to log in as me" | ||
148 | 0xf00 is membershipType, unles there's a title. Only sent to viewers I think. | ||
149 | 32 is Minors for estate banning purposes. | ||
150 | 4 is Anonymous for estate banning purposes. | ||
151 | 1 is AllowPublish in profile, but userprofile has this as separate field. | ||
152 | 2 is MaturePublish in profile, but userprofile has this as separate field. | ||
153 | Presence table - | ||
154 | UserID varchar(255) | ||
155 | RegionID char(36) | ||
156 | SessionID char(36) | ||
157 | SecureSessionID char(36) | ||
158 | LastSeen timestamp | ||
159 | tokens table (I think this is actually used for something) - | ||
160 | UUID char(36) | ||
161 | token varchar(255) current example looks like a UUID. | ||
162 | validity datetime | ||
163 | userdata (empty, can't find any actual usage in the source code, part of profiles) - | ||
164 | UserId char(36) primary index | ||
165 | TagId varchar(64) primary index | ||
166 | DataKey varchar(255) | ||
167 | DataVal varchar(255) | ||
168 | auth.webLoginKey seems to be some sort of passwordy type thing, though perhaps not actually hashed, rarely used, none of IG members have one. | ||
169 | |||
170 | |||
171 | Vouched for | ||
172 | userdata.UserId = UserAccounts.PrincipleID | ||
173 | userdata.TagId = "vouches" | ||
174 | userdata.DataKey = UUID of voucher | ||
175 | userdata.DataVal = timestamp of vouching | ||
176 | |||
177 | UserAccounts.Userlevel = -50 | ||
178 | UserAccounts.UserTitle = vouched for | ||
179 | |||
180 | |||
181 | ------------------------------------------------------------------- | ||
182 | |||
183 | https://project-awesome.org/aleksandar-todorovic/awesome-c | ||
184 | A curated list of C good stuff. | ||
185 | |||
186 | https://wolkykim.github.io/qdecoder/ | ||
187 | CGI library made by the qlibc guy, does support FCGI. | ||
188 | Might be a wrapper around the fcgi_stdio stuff I'm already using? | ||
189 | |||
190 | |||
191 | https://danielmiessler.com/study/http/ | ||
192 | A Security-focused HTTP Primer | ||
193 | Nothing much new except to say this about the Referer header - | ||
194 | "should not be used to make security decisions as it is controlled by the client" | ||
195 | Though others tell us to do precisely that. lol | ||
196 | |||
197 | http://opensimulator.org/wiki/Userlevel | ||
198 | |||
199 | http://www.catb.org/esr/structure-packing/ | ||
200 | A good read, including a few links to other good stuff. | ||
201 | Am I doing this stuff properly by intuition, or completely ballsing it up? lol | ||
202 | http://www.catb.org/esr/time-programming/ | ||
203 | |||
204 | ------------------------------------------------------------------- | ||
205 | |||
206 | apt install libmariadbclient-dev libapache2-mod-fcgid libssl1.0-dev uuid-dev spawn-fcgi | ||
207 | |||
208 | BTW, everything is some BSD licence variation, except MariaDB, which is | ||
209 | some combination of GPLv2, 2+, 3, and BSD variants. With FOSS License | ||
210 | Exception, which seems to mean "Oracles GPL isn't viral". Though my | ||
211 | license is "fuck you viral GPL, that's not your decision to make for my | ||
212 | fucking code" BSD. | ||
213 | |||
214 | ------------------------------------------------------------------- | ||
215 | |||
216 | Install / update / upgrade. | ||
217 | |||
218 | I could keep the version number around. | ||
219 | Include version numbers / branches of dependencies. | ||
220 | Update will grab any security updates for the installed version. | ||
221 | Upgrade will upgrade to a chosen later different version. | ||
222 | Downgrade will downgrade to a chosen earlier different version. | ||
223 | |||
224 | Note that we are currently using the LuaJIT 2.1.0-beta3 branch of the | ||
225 | main Luajit repo. Everything else is on their master branches. | ||
226 | |||
227 | Bootstrap - | ||
228 | bootstrap.sh or bootstrap.bat | ||
229 | |||
230 | Build the LuaJIT that comes with our source. It "builds out-of-the | ||
231 | box on most systems" and has no dependencies, other than a C build system. | ||
232 | |||
233 | Or download a prebuilt LuaJIT from somewhere. | ||
234 | |||
235 | After toybox has been LuaJITized. | ||
236 | |||
237 | Build the LuaJIT that comes with our source. It "builds out-of-the | ||
238 | box on most systems" and has no dependencies, other than a C build system. | ||
239 | |||
240 | Similar should apply to toybox, though it's our LuaJITized version. | ||
241 | Will need a specific miniconfig for this that doesn't include sledjchisl. | ||
242 | |||
243 | Or download a prebuilt toybox+LuaJIT from a SledjHamr package repo. | ||
244 | |||
245 | Install - | ||
246 | install.lua | ||
247 | |||
248 | Will need a pre flight check if the dependencies are installed. | ||
249 | It checks if the system is built and has source. | ||
250 | Build it all. | ||
251 | Do the usual copy stuff to a directory thing. | ||
252 | Run "sledjchisl -install" in that directory. | ||
253 | Which does the usual "check health of system and fix up problems" thing, then quits instead of keep running. | ||
254 | The health check should include making sure our database creds exist / work. | ||
255 | |||
256 | Update / upgrade / downgrade | ||
257 | install.lua -update | ||
258 | install.lua -upgrade | ||
259 | install.lua -downgrade | ||
260 | |||
261 | Check if we are a binary only, or a source install. | ||
262 | wget new binaries / git pull new source | ||
263 | Toybox has a wget in pending, otherwise it only has ftpget. | ||
264 | Git is standalone outside of the system, but if you are | ||
265 | running from source, you likely have standard build tools | ||
266 | like git. | ||
267 | |||
268 | |||
269 | Yeah I hate things that have their own packaging system, for needing to | ||
270 | step outside the operating systems packaging system, and adding to the too | ||
271 | long list of stuff I have to deal with manually, and now I are one. lol | ||
272 | |||
273 | |||
274 | ------------------------------------------------------------------- | ||
275 | ------------------------------------------------------------------- | ||
276 | |||
277 | For logged in user, at the top show their name as linky to their accountView http://localhost/sledjchisl.fcgi/account.html?user=account+name | ||
278 | That accountView offers edit / logout button, etc. | ||
279 | Display account stuff, but not edit it until they hit the edit button. | ||
280 | |||
281 | When showing other users | ||
282 | accountView, with edit / delete buttons if logged in user is high enough level. | ||
283 | |||
284 | |||
285 | ------------------------------------------------------------------- | ||
286 | |||
287 | NEXT - | ||
288 | |||
289 | Have the grid start up code also run the web backend inside the left over tmux panel. | ||
290 | And have it restart if it crashes. | ||
291 | |||
292 | Add the account.html stuff to the opensim-SC configuration, so viewers can get to it. | ||
293 | ditto loginpage.html | ||
294 | retire all the OpenSim web stuff I added before | ||
295 | write a stub page for the other pages viewers want | ||
296 | |||
297 | Implement poorMansCron.html. | ||
298 | |||
299 | Add the red asterisk to required fields, like every one else does. | ||
300 | |||
301 | In var/cache/sessions, keep a uuid.lua full of the sessions for that user. | ||
302 | Use it to clear out old sessions on login. | ||
303 | Use it to clear out old sessions on validation. | ||
304 | Use it to update the level in their session if some one changes their level. | ||
305 | |||
306 | ------------------------------------------------------------------- | ||
307 | |||
308 | Should clean things up. | ||
309 | TODO - | ||
310 | Move any side effects out of Validate functions, they should just stuff things into Rd->stuff. | ||
311 | sessionValidate should be the only thing putting things into shs? | ||
312 | Nope, gotta get uuid, name, and level from database / uuid.lua when they log in. | ||
313 | Move those side effects into Sub functions. | ||
314 | |||
315 | iF = accountPages->get(accountPages, form, NULL, false); | ||
316 | .. | ||
317 | sub = iF->subs->get(iF->subs, doit, NULL, false); | ||
318 | .. | ||
319 | i = collectFields(Rd, iF, iV, t); Stuffs cookies, body, queries, NOT stuff, into iV (including source type). | ||
320 | // Validate the input data. Loops through iV. | ||
321 | iV[i].field->validate(Rd, iF, &iV[i]); Stuffs things into Rd->stuff. | ||
322 | sessionValidate Is special, ignores iV, gets things directly, reads the session.lua, stuffs things into shs and Rd->stuff. | ||
323 | nameValidate Also combines names into Rd->stuff, and into shs. | ||
324 | passwordValidate Also special... | ||
325 | emailValidate Stuffs both into stuff even if not validated. | ||
326 | .. | ||
327 | // Submit the data. TODO - do more stuff here, like login/out the account. Login should check the password here and put things in shs. | ||
328 | Usually - | ||
329 | accountRead(Rd, iF, iV); | ||
330 | complain if found / not found | ||
331 | ... | ||
332 | freeSesh(Rd, FALSE, wipe); | ||
333 | newSesh(Rd, FALSE); | ||
334 | accountExploreValidatedVoucherSub Does nothing. | ||
335 | .. | ||
336 | // Return the result. | ||
337 | if no errors | ||
338 | redirect to GET if it's POST, otcherwise - | ||
339 | find the output form | ||
340 | collect from stuff into iV | ||
341 | call oF->web(Rd, iF, iV) | ||
342 | else | ||
343 | collect from stuff into iV | ||
344 | call iF->eweb() | ||
345 | |||
346 | ------------------------------------------------------------------- | ||
347 | |||
348 | Coffee Grid - | ||
349 | |||
350 | Destiny Grid - | ||
351 | Auto add Hypergrid visitors group to "partner" grids. | ||
352 | Estate has "Allow parcel access overide?". Not sure what that means. | ||
353 | Which does fuck all, and turns itself off. | ||
354 | |||
355 | Infinite Grid - | ||
356 | Set up the deault member and their IAR. | ||
357 | |||
358 | ------------------------------------------------------------------- | ||
359 | ------------------------------------------------------------------- | ||
360 | |||
361 | BUGS! | ||
362 | ----- | ||
363 | |||
364 | Check length in database values. | ||
365 | |||
366 | Names are case insensitive in world, should be on the web page to? | ||
367 | I think they are on the database side, so I should store the Lua files with lower case file names, but use the case from within the files for display. | ||
368 | I may have seen case insensitive grid logins fail, so should test this. | ||
369 | Now I have seen them work. Viewer dependant? | ||
370 | |||
371 | The autogroup thing seems to have broke. Doesn't work for gods. | ||
372 | Or I did that on purpose, should check. lol | ||
373 | |||
374 | Should limit viewing of other peoples account details, especially emails, to gods. | ||
375 | |||
376 | Clear out landmarks from the default IAR. | ||
377 | |||
378 | ------------------------------------------------------------------- | ||
379 | ------------------------------------------------------------------- | ||
380 | |||
381 | Hacks I should send up stream. | ||
382 | |||
383 | qlibc/src/extensions/qconfig.c line 402 - free(varstr) | ||