search

sandstorm-io / sandstorm

Sandstorm is a self-hostable web productivity suite. It's implemented as a security-hardened web app package manager.
https://sandstorm.io
Other
6.75k stars 706 forks source link

Private web publishing #3545

Open garrison opened 3 years ago

garrison commented 3 years ago

The current web publishing model makes published content available to everyone. However, using Sandstorm for web publishing is arguably a bit of a novelty; for instance, I see no compelling reason to host a public website using Hugo on Sandstorm, rather than using a service like Netlify, Vercel, Cloudflare Pages, or just using my own nginx server.

I think the use case where Sandstorm could really shine is to allow the published web site to be private. Roughly speaking, the ability to view the site should be a capability. This capability could either be granted to everyone (public), or granted to individuals through Sandstorm. For a private site, people would view the content through the Sandstorm UI, but displaying the content would not actually require the grain/container to start, since it is all static content.

There are probably apps for which it only makes sense to have the static pages be public: piwik comes to mind, although one could imagine a "private" piwik site if it is only used for the analytics of some other private grain.

Previously, I thought that private publishing should be a feature of individual apps (see e.g. https://github.com/sandstormports/wordpress-sandstorm/issues/13), but I think there is real power in having it as an overall platform feature as part of Sandstorm's capability model.

xet7 commented 3 years ago

@garrison

For Sandstorm web publishing apps, it could have additional feature of having website only private, or shared via PowerBox.

For my current usage, I have published very many websites with Sandstorm using:

And I have also shared editing to some of my customers. In front of Sandstorm I have CloudFlare SSL, domain management, and caching where needed.

So for me, it currently works amazingly great.

garrison commented 3 years ago

For Sandstorm web publishing apps, it could have additional feature of having website only private, or shared via PowerBox.

@xet7 it sounds like we are in agreement then, though I perhaps underestimated how useful the current public-only web publishing is :)

ocdtrekkie commented 3 years ago

I think presumably the current web publishing URLs are also supposed to be random enough that they at least allow a certain amount of secrecy unless you bind a well-known URL to them. They are supposed to be unguessable.

I know our existing web publishing stack is pretty legacy, and Ian would like to replace it someday. There's odd issues with it, like that it isn't accounted for in grain storage quotas. This feature request might make sense to bear in mind if progress is taken up on that again.

zenhack commented 3 years ago

that it isn't accounted for in grain storage quotas.

This is not true; storage for static publishing is just in the grain's own /var, so this is fine. Probably what you're thinking of is when I experimented with doing static publishing via powerbox, the designs I was thinking of transferred the data to whatever was actually serving the data, which meant that we no longer get that for free -- so I had an open question about how to deal with.

They are supposed to be unguessable.

I'm not sure this is the case either; the grainIds handed back by HackSession are comparatively shorter than the sharing tokens. Maybe @kentonv can comment on the original design thinking here.

I would, at some point, like to replace the web publishing API with a powerbox offer of some kind, with a compatibility shim. If that were in place, we could add other ways of handling the offer besides the current one.