A simplified, old-fart-stupid-web-0.9-compliant-dumbed-down-rest-file-transfer-protocol
I publish this in English since my frustration is to be heard all over the world.
After having developed at least three clean, nice, and neat RESTful file and application servers in PHP (for plain vanilla Apache installations), when deploying it at my web hotels' (servers outside my control), I discovered a lot of problems:
First: the authorization headers. Stupid safe-mode schmafe-schmode that restricts my scripts from reading those headers.
Then: the firewall only let GET and POST through!
Gnash gnash!
RESTfulness is beautiful, but since the world doesn't understand the economic value of protocol beauty, we have to go ugly.
My former take on the problem, the BOX server, was competent but a bit too complex.
Need to restate the problem: never mind the full functionality, here's the BAG (Bare-bones All Good) server, implementing Lowly Old School Transfers.
Workings
The URL space of LOSTful servers only references one type of resource: the folder. LOSTfulness is about storing and getting chunks of octets in folders. Folders are named using a path. Octet chunks are named using a file name.
Only two HTTP verbs are used, the plain old comrades GET and POST.
The folder itself understands more verbs.
GET
LOSTfulness in its most primitive form only recognize GET to the folders.
GET /foo/bar?name=my_file.txt
...returns the octet chunk that has its name property called "my_file.txt".
This ensures the RESTfulness of LOST: GET is still a safe operation.
POST
POSTs are not safe (they change stuff on the server), but should be idempotent (POSTing the same message twice should not mean something else than POSTing it once or trice).
For putting octet chunks at the server, we use the file-upload mechanism (POSTing "multipart/form-data").
For other verbs, we have to resort to command message postings.
Delete: cmd=del&name=my_file.txt
Removes the my_file.txt at the folder.
Security: user=foo&pass=qwerty
Basic authentication is used.
For legacy support, POSTing or GETting user/pass pairs will result in a session id header.
The security domain is a folder and all its subfolders.
Inga kommentarer:
Skicka en kommentar