Initial Implementation - Githubissues

tionis commented 4 weeks ago

Should also extend patchbay: e.g. listen to prefixes etc

tionis commented 3 weeks ago

Ideas:

add ssh key based mode (e.g. for an authenticated event stream0
locking (persistent/leases)
prefixes (mainly for requests to use it for some UI abstraction)
auth (permissions encoded in path (as there is not persistence))

tionis commented 2 weeks ago

ssh-key based mode will not use signed requests, instead I'll use an ssh-signature to sign a kind of jwt. This jwt will encode:

valid time start and end
some namespace limits (with this a read-only token could be published so that anonymous users could listen on the namespace (or part of it))

tionis commented 2 weeks ago

Also embed huproxy?

tionis commented 2 weeks ago

Policies for development:

writing always needs authentication of some kind
no state should be stored on the server (only some state for connection management in ram)
authentication works via JWTs (either JWTs signed with a server key or a client's ssh key)
gh auth works via a jwt that can be obtained by making a POST request to /gh with a Personal Access Token in a header and a jwt to sign in the body (max age limited by token lifetime, encrypted issuing token is also embedded in JWT)
when gh jwts are checked, the issuing token is extracted and checked against an in-memory cache if it is still valid (the keys are invalidated with a TTL of 300s)

Options that can be specified when pushing data:

public read (allows anonymous reading of the resource)
pubsub: block until first read (at-least-once guaranty)

Idea for path handling:

/ssh/{url-safe-base64-encoded-ssh-key}/{operation}/{namespace}
/gh/{user}/{operation}/{namespace}

tionis commented 2 weeks ago

Should operations be embedded in URL?

tionis commented 2 weeks ago

Idea: also add a special websocket/server-sent-events mode on /ssh/${KEY} and /gh/${USERNAME/ORG} that allows to specify a pattern list of paths to listen to.

tionis commented 2 weeks ago

Plan:

write ssh-jwt prototype 1.1 write pattern list parser 1.2 write canonical json encoder
1.3 write ssh signer
write ram kv-cache with TTL
write server handling
build internal tracking for advanced mode
combine components for finished prototype
add github auth using ssh-keys
add github auth using personal access tokens and JWTs
think about advanced features (ssh-certs, more complex data structures, later maybe stateful things)

tionis / patchwork

Initial Implementation #1