aboutsummaryrefslogtreecommitdiffstatshomepage
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/NOTES.txt383
1 files changed, 383 insertions, 0 deletions
diff --git a/src/NOTES.txt b/src/NOTES.txt
new file mode 100644
index 0000000..a72e7c8
--- /dev/null
+++ b/src/NOTES.txt
@@ -0,0 +1,383 @@
1I'm re-purposing this for SledjHamr https://sledjhamr.org/git/docs/index.html
2
3The general structure of SledjHamr is a bunch of servers talking to each
4other via Internet (or just local) connections. One of them is a web
5server for assets, world data, and inventory.
6
7Originally I didn't think using a web based world client was a good idea,
8however it might be better to have one, for reasons. Now I need a web
9management console that can do all the things the current tmux console
10can, including OpenSim console and commands. Plus account management for
11users. I can also use a web based Jabber / XMPP front end to chat, IM,
12and group chatter, which would run in the normal viewers web browser.
13This provides a doorway into putting SledjHamr stuff in existing viewers
14without needing them to support it. So a web based viewer now makes more
15sense, and also means we can get away with not needing a viewer at all.
16
17Toybox itself doesn't include a web server, and I don't think there is
18one on the roadmap. So we have to use an external web server, which was
19a design goal of SledjHamr in the first place, using existing mature
20HTTP infrastructure, coz that's already solved problems for a bunch of
21things that plague OS/SL to this day. Clear your cache! Pffft.
22
23So sledjchisl.c will be the "love world server", though initially it just
24drives OpenSim_SC in tmux via tmux commands to send keys and read output.
25Later it might run opensim_SC directly and use STDIN and STDOUT to do
26everything. It'll also provide the text management front end that runs
27in the left tmux panel of the first window, which is why it's based on
28boxes in the first place. Later still it can take over opensim_SC
29functions as I move them out of mono.
30
31We will need a text, web, and GUI version of this management front end.
32Hmmm, maybe don't need a GUI version, GUI users can just run a terminal.
33
34After much research, FastCGI / FCGI seems to be the most portable way of
35interfacing with existing web servers. FCGI protocol closes STDERR and
36STDOUT, and uses STDIN as it's two way communications channel to the web
37server, so our FCGI module can't be used as the text management front
38end. This is probably a good idea to keep them seperate anyway, for
39security, coz the web server is exposed to the world, the console isn't.
40
41Currently sledjchisl.c tests to see if it's running in tmux already, if
42it isn't it starts up tmux runs itself into this new tmux, then exits.
43So it could also test if it's running from FCGI, and switch to web mode,
44then it'll need to find the tmuxed instance to send commands to it.
45Either via nails connection, or sending tmux commands via shell.
46
47FCGI has methods of dealing with auth and templates. B-)
48
49So for now I think I'll have the text and web management front ends in
50sledjchisl.c, and the love world server as well. I can split them up
51later if I need to.
52
53
54
55
56I has Apache 2.4.25-3+deb9u9
57 MariaDB 10.1.44-MariaDB
58
59
60https://gist.github.com/dermesser/e2f9b66457ae19ebd116
61 Multithreaded example in C.
62
63
64-------------------------------------------------------------------
65
66Apache doesn't seem to support FCGI filter role, so I might have to do
67without. Might be better anyway.
68
69
70"A Filter is similar in functionality to a Responder that takes a data
71file as a parameter. The difference is that with a Filter, both the data
72file and the Filter itself can be access controlled using the Web
73server's access control mechanisms, while a Responder that takes the name
74of a data file as a parameter must perform its own access control checks
75on the data file."
76
77 Which is fine, our access control checks will be "Is this database
78 defined user already logged on via our FCGI script?". We should have
79 total control over that. I was planning on using the FCGI auth
80 mechanism anyway.
81
82
83RESPONDER
84 web server sends FCGI_PARAMS
85 CONTENT_LENGTH
86 web server sends input body FCGI_STDIN
87 fcgi app sends result data over FCGI_STDOUT and error messages over FCGI_STDERR
88 it has to finish reading FCGI_PARAMS first
89 fcgi app sends FCGI_END_REQUEST(protocolStatus = FCGI_REQUEST_COMPLETE)
90
91
92FILTER
93 filtered file has last modified time
94 web server sets FCGI_DATA_LAST_MOD accordingly
95 web server sends FCGI_PARAMS
96 CONTENT_LENGTH FCGI_DATA_LAST_MOD FCGI_DATA_LENGTH
97 web server sends input body FCGI_STDIN
98 web servers sends file over FCGI_DATA
99 fcgi app can ignore FCGI_DATA and use it's own cached copy based on FCGI_DATA_LAST_MOD
100 fcgi app sends result data over FCGI_STDOUT and error messages over FCGI_STDERR
101 it has to finish reading FCGI_STDIN first, but not FCGI_DATA
102 fcgi app sends FCGI_END_REQUEST(protocolStatus = FCGI_REQUEST_COMPLETE)
103
104
105Soooo, FILTER might be slower anyway if we are caching the filtered file,
106or mmapping it, coz filter has to start sending the filtered file, even
107if it's to be served from cache. Plus no need to wait for FCGI_STDIN
108before spewing it out.
109
110
111Last update time for parameters, plus an update frequency. Once a minute.
112
113 NOTE - SSI is a bit more complex than what I'm currently using.
114 https://en.wikipedia.org/wiki/Server_Side_Includes
115 <!--#include virtual="menu.cgi" -->
116 <!--#include file="footer.html" -->
117 <!--#exec cgi="/cgi-bin/foo.cgi" -->
118 <!--#exec cmd="ls -l" -->
119. <!--#echo var="REMOTE_ADDR" -->
120 <!--#config timefmt="%y %m %d" -->
121 <!--#config sizefmt="bytes" -->
122 <!--#config errmsg="SSI command failed!" -->
123 <!--#flastmod virtual="index.html" -->
124 <!--#fsize file="script.pl" -->
125 <!--#if expr="${Sec_Nav}" -->
126 <!--#include virtual="secondary_nav.txt" -->
127 <!--#elif expr="${Pri_Nav}" -->
128 <!--#include virtual="primary_nav.txt" -->
129 <!--#else -->
130 <!--#include virtual="article.txt" -->
131 <!--#endif -->
132 <!--#set var="foo" value="bar" -->
133 <!--#printenv -->
134 https://www.w3.org/Jigsaw/Doc/User/SSI.html
135 Adds lots of others, including Java stuff.
136 Mine
137 <!--#lua lua="print(table[key])" -->
138 <!--#lua file="/path/to/script.lua" -->
139 <!--#lua virtual="https://example.com/script.lua" -->
140
141-------------------------------------------------------------------
142
143Account creation process in the database.
144
145
146UserAccounts table -
147 UserFlags 64 is "allow gods to log in as me"
148 0xf00 is membershipType, unles there's a title. Only sent to viewers I think.
149 32 is Minors for estate banning purposes.
150 4 is Anonymous for estate banning purposes.
151 1 is AllowPublish in profile, but userprofile has this as separate field.
152 2 is MaturePublish in profile, but userprofile has this as separate field.
153Presence table -
154 UserID varchar(255)
155 RegionID char(36)
156 SessionID char(36)
157 SecureSessionID char(36)
158 LastSeen timestamp
159tokens table (I think this is actually used for something) -
160 UUID char(36)
161 token varchar(255) current example looks like a UUID.
162 validity datetime
163userdata (empty, can't find any actual usage in the source code, part of profiles) -
164 UserId char(36) primary index
165 TagId varchar(64) primary index
166 DataKey varchar(255)
167 DataVal varchar(255)
168auth.webLoginKey seems to be some sort of passwordy type thing, though perhaps not actually hashed, rarely used, none of IG members have one.
169
170
171 Vouched for
172 userdata.UserId = UserAccounts.PrincipleID
173 userdata.TagId = "vouches"
174 userdata.DataKey = UUID of voucher
175 userdata.DataVal = timestamp of vouching
176
177 UserAccounts.Userlevel = -50
178 UserAccounts.UserTitle = vouched for
179
180
181-------------------------------------------------------------------
182
183https://project-awesome.org/aleksandar-todorovic/awesome-c
184 A curated list of C good stuff.
185
186https://wolkykim.github.io/qdecoder/
187 CGI library made by the qlibc guy, does support FCGI.
188 Might be a wrapper around the fcgi_stdio stuff I'm already using?
189
190
191https://danielmiessler.com/study/http/
192 A Security-focused HTTP Primer
193 Nothing much new except to say this about the Referer header -
194 "should not be used to make security decisions as it is controlled by the client"
195 Though others tell us to do precisely that. lol
196
197http://opensimulator.org/wiki/Userlevel
198
199http://www.catb.org/esr/structure-packing/
200 A good read, including a few links to other good stuff.
201 Am I doing this stuff properly by intuition, or completely ballsing it up? lol
202 http://www.catb.org/esr/time-programming/
203
204-------------------------------------------------------------------
205
206apt install libmariadbclient-dev libapache2-mod-fcgid libssl1.0-dev uuid-dev spawn-fcgi
207
208BTW, everything is some BSD licence variation, except MariaDB, which is
209some combination of GPLv2, 2+, 3, and BSD variants. With FOSS License
210Exception, which seems to mean "Oracles GPL isn't viral". Though my
211license is "fuck you viral GPL, that's not your decision to make for my
212fucking code" BSD.
213
214-------------------------------------------------------------------
215
216Install / update / upgrade.
217
218I could keep the version number around.
219 Include version numbers / branches of dependencies.
220 Update will grab any security updates for the installed version.
221 Upgrade will upgrade to a chosen later different version.
222 Downgrade will downgrade to a chosen earlier different version.
223
224Note that we are currently using the LuaJIT 2.1.0-beta3 branch of the
225main Luajit repo. Everything else is on their master branches.
226
227Bootstrap -
228 bootstrap.sh or bootstrap.bat
229
230 Build the LuaJIT that comes with our source. It "builds out-of-the
231 box on most systems" and has no dependencies, other than a C build system.
232
233 Or download a prebuilt LuaJIT from somewhere.
234
235 After toybox has been LuaJITized.
236
237 Build the LuaJIT that comes with our source. It "builds out-of-the
238 box on most systems" and has no dependencies, other than a C build system.
239
240 Similar should apply to toybox, though it's our LuaJITized version.
241 Will need a specific miniconfig for this that doesn't include sledjchisl.
242
243 Or download a prebuilt toybox+LuaJIT from a SledjHamr package repo.
244
245Install -
246 install.lua
247
248 Will need a pre flight check if the dependencies are installed.
249 It checks if the system is built and has source.
250 Build it all.
251 Do the usual copy stuff to a directory thing.
252 Run "sledjchisl -install" in that directory.
253 Which does the usual "check health of system and fix up problems" thing, then quits instead of keep running.
254 The health check should include making sure our database creds exist / work.
255
256Update / upgrade / downgrade
257 install.lua -update
258 install.lua -upgrade
259 install.lua -downgrade
260
261 Check if we are a binary only, or a source install.
262 wget new binaries / git pull new source
263 Toybox has a wget in pending, otherwise it only has ftpget.
264 Git is standalone outside of the system, but if you are
265 running from source, you likely have standard build tools
266 like git.
267
268
269Yeah I hate things that have their own packaging system, for needing to
270step outside the operating systems packaging system, and adding to the too
271long list of stuff I have to deal with manually, and now I are one. lol
272
273
274-------------------------------------------------------------------
275-------------------------------------------------------------------
276
277For logged in user, at the top show their name as linky to their accountView http://localhost/sledjchisl.fcgi/account.html?user=account+name
278 That accountView offers edit / logout button, etc.
279 Display account stuff, but not edit it until they hit the edit button.
280
281When showing other users
282 accountView, with edit / delete buttons if logged in user is high enough level.
283
284
285-------------------------------------------------------------------
286
287NEXT -
288
289 Have the grid start up code also run the web backend inside the left over tmux panel.
290 And have it restart if it crashes.
291
292 Add the account.html stuff to the opensim-SC configuration, so viewers can get to it.
293 ditto loginpage.html
294 retire all the OpenSim web stuff I added before
295 write a stub page for the other pages viewers want
296
297 Implement poorMansCron.html.
298
299 Add the red asterisk to required fields, like every one else does.
300
301 In var/cache/sessions, keep a uuid.lua full of the sessions for that user.
302 Use it to clear out old sessions on login.
303 Use it to clear out old sessions on validation.
304 Use it to update the level in their session if some one changes their level.
305
306-------------------------------------------------------------------
307
308Should clean things up.
309TODO -
310 Move any side effects out of Validate functions, they should just stuff things into Rd->stuff.
311 sessionValidate should be the only thing putting things into shs?
312 Nope, gotta get uuid, name, and level from database / uuid.lua when they log in.
313 Move those side effects into Sub functions.
314
315iF = accountPages->get(accountPages, form, NULL, false);
316..
317sub = iF->subs->get(iF->subs, doit, NULL, false);
318..
319 i = collectFields(Rd, iF, iV, t); Stuffs cookies, body, queries, NOT stuff, into iV (including source type).
320// Validate the input data. Loops through iV.
321 iV[i].field->validate(Rd, iF, &iV[i]); Stuffs things into Rd->stuff.
322 sessionValidate Is special, ignores iV, gets things directly, reads the session.lua, stuffs things into shs and Rd->stuff.
323 nameValidate Also combines names into Rd->stuff, and into shs.
324 passwordValidate Also special...
325 emailValidate Stuffs both into stuff even if not validated.
326..
327// Submit the data. TODO - do more stuff here, like login/out the account. Login should check the password here and put things in shs.
328 Usually -
329 accountRead(Rd, iF, iV);
330 complain if found / not found
331 ...
332 freeSesh(Rd, FALSE, wipe);
333 newSesh(Rd, FALSE);
334 accountExploreValidatedVoucherSub Does nothing.
335..
336// Return the result.
337 if no errors
338 redirect to GET if it's POST, otcherwise -
339 find the output form
340 collect from stuff into iV
341 call oF->web(Rd, iF, iV)
342 else
343 collect from stuff into iV
344 call iF->eweb()
345
346-------------------------------------------------------------------
347
348Coffee Grid -
349
350Destiny Grid -
351 Auto add Hypergrid visitors group to "partner" grids.
352 Estate has "Allow parcel access overide?". Not sure what that means.
353 Which does fuck all, and turns itself off.
354
355Infinite Grid -
356 Set up the deault member and their IAR.
357
358-------------------------------------------------------------------
359-------------------------------------------------------------------
360
361BUGS!
362-----
363
364Check length in database values.
365
366Names are case insensitive in world, should be on the web page to?
367 I think they are on the database side, so I should store the Lua files with lower case file names, but use the case from within the files for display.
368 I may have seen case insensitive grid logins fail, so should test this.
369 Now I have seen them work. Viewer dependant?
370
371The autogroup thing seems to have broke. Doesn't work for gods.
372 Or I did that on purpose, should check. lol
373
374Should limit viewing of other peoples account details, especially emails, to gods.
375
376Clear out landmarks from the default IAR.
377
378-------------------------------------------------------------------
379-------------------------------------------------------------------
380
381Hacks I should send up stream.
382
383 qlibc/src/extensions/qconfig.c line 402 - free(varstr)