Either document or enable --shell-escape usage

The payload is not valid, but the server was not handling the error properly.

Now it returns a more explicit response:

$ http -v POST https://latex.ytotech.com/builds/sync compiler=pdflatex resources='[{"main": "true", "url": "https://framagit.org/lamadone/informatique/premiere-nsi/-/raw/master/LaTeX/devoir2.tex"}]'         

POST /builds/sync HTTP/1.1
Accept: application/json, */*;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Content-Length: 164
Content-Type: application/json
Host: latex.ytotech.com
User-Agent: HTTPie/3.2.1

{
    "compiler": "pdflatex",
    "resources": "[{\"main\": \"true\", \"url\": \"https://framagit.org/lamadone/informatique/premiere-nsi/-/raw/master/LaTeX/devoir2.tex\"}]"
}

HTTP/1.1 400 BAD REQUEST
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 298
Content-Type: application/json
Date: Wed, 07 Dec 2022 15:50:55 GMT
Server: nginx

{
    "error": "INVALID_PAYLOAD_SHAPE",
    "input_spec": {
        "compiler": "pdflatex",
        "resources": "[{\"main\": \"true\", \"url\": \"https://framagit.org/lamadone/informatique/premiere-nsi/-/raw/master/LaTeX/devoir2.tex\"}]"
    },
    "input_spec_mode": "json",
    "shape_errors": {
        "resources": [
            "must be of list type"
        ]
    }
}

Issue with the example payload

As it does not contains any file (like in the multipart example), HTTPie send the payload as JSON. An the resources entry is then invalid, as it is a string (representing the JSON) and not the JSON itself.

It should be (note the := for passing raw json)

http -v POST https://latex.ytotech.com/builds/sync compiler=pdflatex resources:='[{"main": true, "url": "https://framagit.org/lamadone/informatique/premiere-nsi/-/raw/master/LaTeX/devoir2.tex"}]'

Or with the nested JSON syntax:

http -v POST https://latex.ytotech.com/builds/sync compiler=pdflatex 'resources[0][main]:=true' 'resources[0][url]=https://framagit.org/lamadone/informatique/premiere-nsi/-/raw/master/LaTeX/devoir2.tex'

Or multipart must be "forced" on the HTTP client:

http -v --multipart POST https://latex.ytotech.com/builds/sync compiler=pdflatex resources='[{"main": "true", "url": "https://framagit.org/lamadone/informatique/premiere-nsi/-/raw/master/LaTeX/devoir2.tex"}]'

Issue with piping to a `.pdf` file

When piping directly to .pdf file, it is not clear there has been an error reported, as it is not valid PDF: you see a blank PDF. I don't see other ways than to have a system or wrapper that check the HTTP return code first before creating the PDF file (only on 200/201 codes).

With HTTPie is is rather easy, but should not use piping but the --download flag with the --output option.

For eg.

http --multipart --download --output hello.pdf -v POST https://latex.ytotech.com/builds/sync \
    compiler=pdflatex \
    resources='[{"main": true, "content": "\\documentclass{article}\n \\begin{document}\n Hello World\n \\end{document}"}]'

In your case:

http --output devoir2.pdf --download --multipart POST https://latex.ytotech.com/builds/sync compiler=pdflatex resources='[{"main": true, "url": "https://framagit.org/lamadone/informatique/premiere-nsi/-/raw/master/LaTeX/devoir2.tex"}]'

HTTPie will returns a proper error instead of just silently downloading the error to a PDF file.

About `--shell-escape` feature

For now it is not available, for security reasons. The compilation environment is isolated from the host, but not between successive compilations. Without specific hardening work, enabling shell-escaping would make it very easy to disturb the service (won't elaborate here). Now this isolation issue is the next big thing I should work on... but it has been years I didn't put the time for it. It has to be said it is not so trivial a subject (for me at least). One day!

I kept the issue open for this last one.

YtoTech / latex-on-http