Allowing arbitrary data to be posted to the /late_bytes endpoint, which is currently neither subject to anomaly checks nor size limits, seems like asking for trouble. Posting to this endpoint should be less permissive, not more so.
The acceptance criteria that should close this are as follows:
[ ] Log the late byte offset relative to the original demo stream in the database
[ ] Update the markov_score upon late byte receipt
pretty simple to do: $\frac{n\text{orig} \cdot s\text{orig} + n\text{late} \cdot s\text{late}}{n\text{late} + n\text{orig}}$, where $n$ = payload length and $s$ = markov scores
[ ] Optional: store markov scores for late bytes separately
[ ] Enforce length requirement
[ ] Upon session closure, issue a one-time use token a client can use to POST their late_bytes; deny all other requests to alter session payloads
[ ] #65: Object composition is used to 'append' to the original demo
Create a new object {demo_name}.late
Create an object that "composes" {demo_name} and {demo_name}.late
Allowing arbitrary data to be posted to the
/late_bytes
endpoint, which is currently neither subject to anomaly checks nor size limits, seems like asking for trouble. Posting to this endpoint should be less permissive, not more so.The acceptance criteria that should close this are as follows:
markov_score
upon late byte receiptlate_bytes
; deny all other requests to alter session payloads{demo_name}.late
{demo_name}
and{demo_name}.late
{demo_name}
{demo_name}.late