arvidn
commented
4 years ago you would probably need permissions to such service. Especially if you expose it to (untrusted) web pages running in your browser.
Open SoniEx2 opened 4 years ago
arvidn
commented
4 years ago you would probably need permissions to such service. Especially if you expose it to (untrusted) web pages running in your browser.
SoniEx2
commented
4 years ago nah, just restrict what it can do. :p
the basic idea is to treat torrents as public resources, as if hosted on a domain with Access-Control-Allow-Origin: *. I think it's important to limit what such an API can do, tho, so I'd personally consider:
this should keep the native client (and thus the user) in full control, altho you, as the webapp/API client, can still use other mechanisms (WebRTC, etc) to collect the pieces. but yeah idk what it should actually look like and I'm making some (a lot of) assumptions. it's also seamless. (webpages can "just use it", like they can http/https. with things like peertube this is a benefit.)
also note that I propose not passing any info around, other than the pieces themselves. perhaps it'd be a good idea to pass the info dict around too, tho. obviously the magnet's as/xs sources should be ignored and so on (you don't want to leak those if there's no Access-Control-Allow-Origin. or you might even choose to implement CORS.), but other than that I can't see any other issues...?
Bittorrent doesn't normally get embedded into apps like world of warcraft or peertube, so maybe this is a silly proposal, but, what about providing a localhost websocket on some port (like 7087) and taking full advantage of the native torrent client's implementation? That is to say, rather than implementing/embedding a fully fledged torrent client, keeping it updated etc and fighting with other installed torrent clients over bandwidth/etc, you'd just implement a minimal filesystem-like interface and send the proper requests to the native client. Additionally, fully-featured implementations can use this protocol to detect and reuse an existing, properly configured native client, without having to fight over bandwidth/etc. It's a win-win all around.