mozilla / videur

Deprecated: Lua scripts for Nginx
40 stars 8 forks source link

spec params #4

Closed tarekziade closed 10 years ago

tarekziade commented 10 years ago

@jvehent

we have some parameters like rfc3339date and also some regexp.

It makes it hard to distinguish constants from regexps or other things

I'd like to clarify the syntax, and add a prefix to provide the type when it's not a constant, and also simple matches to avoid writhing regexps

tarekziade commented 10 years ago

also note that lua's regexp implementation is not the posix implementation - so we might get some surprises there

tarekziade commented 10 years ago

Forget about this last comment - lrexlib has a posix implementation - https://github.com/rrthomas/lrexlib

tarekziade commented 10 years ago

Another remark: should we have a way to mark mandatory options from non-mandatory ones in GETs ?

jvehent commented 10 years ago

Yes, we should. We can either nest it under the parameter name, or create a parameter array. Which one do you prefer?

Nested under the parameter name:

            "/action": {
                "GET": {
                    "parameters": {
                        "actionid": {
                            "validation": "digits:1,20",
                            "required": true
                        },
                        "caribouName": {
                            "validation": "regex:[a-zA-Z0-9]{1,64}",
                            "required": false
                        },
                   }
                }
            }

In a parameters array

            "/action": {
                "GET": {
                    "parameters": [
                        {
                            "name": "actionid",
                            "validation": "digits:1,20",
                            "required": true
                        },
                        {
                            "name": "caribouName",
                            "validation": "regex:[a-zA-Z0-9]{1,64}",
                            "required": false
                        },
                   ]
                }
            }
jvehent commented 10 years ago

A few more types that would be useful, may be defined as default regexes under the hood:

ipv4 and ipv6 would be useful as well, especially if properly defined (not as regexes) so we can do IP/network operations on them. Example: is 172.21.13.34 in network 172.20.0.0/23?

tarekziade commented 10 years ago

ok great, will add all of this

tarekziade commented 10 years ago

btw I like your first one better, it's simpler to parse :)

jvehent commented 10 years ago

For GET requests, the name would be a query parameter. That's fairly easy. What about POST requests? Should it be a form parameter? Or should we not attempt to match parameters in POST requests?

tarekziade commented 10 years ago

What about POST requests? Should it be a form parameter? Or should we not attempt to match parameters in POST requests?

I don't know. In my use cases, we have to parse and validate the POST data in any case, so I am not sure if an extra (de)serialization has a benefit

But maybe you have some infrasec use cases on your side ?

tarekziade commented 10 years ago

okay I have implemented everything in here