https://github.com/cdent/tiddlywebplugins.privateer
Unauthed access to private resources in tiddlyweb
https://github.com/cdent/tiddlywebplugins.privateer
Last synced: about 1 year ago
JSON representation
Unauthed access to private resources in tiddlyweb
- Host: GitHub
- URL: https://github.com/cdent/tiddlywebplugins.privateer
- Owner: cdent
- License: other
- Created: 2010-11-03T15:58:03.000Z (over 15 years ago)
- Default Branch: master
- Last Pushed: 2012-12-13T20:48:57.000Z (over 13 years ago)
- Last Synced: 2025-02-01T03:28:52.664Z (over 1 year ago)
- Language: Python
- Homepage: http://tiddlyweb.com/
- Size: 121 KB
- Stars: 1
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README
Awesome Lists containing this project
README
A TiddlyWeb plugin for providing unauthed access to private resources
using "unguessable" URIs.
A URI at a uuid provides an id for a mapping to another URI, internal
to the tiddlyweb server, with the active user being "faked".
This works out okay because:
* only GET is supported
* there's no state that gets carried to the next request
Tiddlers in a bag called PRIVATEER are used to maintain the mappings.
The title of the tiddler is the uuid. The tiddler has two fields:
* uri: the mapped to uri
* user: the user to proxy the action as
An authenticated user can create a new mapping by making a POST
to /_ as either a JSON dictionary with a 'uri' key, or a CGI form
with a uri parameter.
URIs are not checked, you can store what you like and the system
will happily do the internal redirect to it. If junk is stored, a
404 will result.
An authenticated user can list their own mappings by doing a GET to
/_. A JSON dictionary of mappings to uris is returned. Only those
mappings which have a user that matches the currently active user
will be shown.
A user can delete their own mapping by sending DELETE to the URI.