-
Notifications
You must be signed in to change notification settings - Fork 28
/
Copy pathprotocol.html
137 lines (129 loc) · 6.57 KB
/
protocol.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>UNHOSTED - Freedom from web 2.0's monopoly platforms</title>
</head>
<body>
<div style="color:red;"><h1>Original UJ/0.1 protocol spec; provided for historic reference</h1>
See <a href="https://github.com/unhosted/website/tree/94f40baad96ed7fc8c8e13870524d5">our website repo</a> for full history of the unhosted.org website.
</div>
<div class="preload"></div>
<div class="preload2"></div>
<header>
<div class="container_12">
<div id="title" class="grid_6">
<h1>Unhosted</h1>
<h2>Freedom from web 2.0's monopoly platforms</h2>
<p>
<strong>Unhosted is a project for strengthening free software against hosted software</strong>. With our protocol, a website is only source code. Dynamic data is encrypted and decentralised, to per-user storage nodes. This benefits <strong>free software</strong>, as well as <strong>scalability</strong>, <strong>robustness</strong>, and <strong>online privacy</strong>.
</p>
<a class="button download" href="https://github.com/michiel-unhosted/unhosted/tarball/v0.1">Download the code at gitHub</a>
<a class="button manifesto" href="manifesto.html">Read the manifesto</a>
</div>
<div id="island" class="grid_6"><figure></figure></div>
</div>
</header>
<table><tr><td align="center"><p><table width="80%"><tr><td><p>
<H2>UJ/0.1</H2>
UJ/0.1, or UJ/0.1-over-PubSign, is a protocol in which an unhosted web app that is running in a browser, makes an AJAX call to a storage node, to which the storage nodes responds. The call is made to the root of the domain, with the HTTP POST method.
<br><br><br><br>
<H3>PubSign-compatible command POST content:</H3>
Although at some point we will probably change to the MagicEnvelope that Salmon uses, version 0.1 uses "PubSign" to <strong>sign</strong> things you <strong>publish</strong>. There are four commands, two of which follow the PubSign convention, which is as follows:
<ul>
<li> "protocol": <name of the specific PubSign-compatible protocol>
<li> "cmd": <whatever it is you want to publish - should adhere to protocol chosen above>
<li> "PubSign": <raw hex RSA-signature signing the content of "cmd" above>
<li> <other field/value pairs allowed by specific protocol...>
</ul>
<br/>
The content of the POST must be exactly one of the following four possible commands (valid responses are below each one):
<br><br><br><br>
<H3>SET command POST content:</H3>
<ul>
<li> "protocol": "UJ/0.1"
<li> "cmd": <a JSON string, which decodes to:>
<ul>
<li> "method": "SET"
<li> "chan": <the channel, so for '[email protected]', chan='test'>
<li> "keyPath": <an ascii name for the key in the key-value store>
<li> "value": <the value you want to store, can be any JSON object>
</ul>
<li> "WriteCaps": <password for writing/receiving this chan on this storage node>
<li> "PubSign": <raw hex RSA-signature signing the content of "cmd" above>
</ul>
Response: "OK" or "ERROR:" followed by some error message in English
<br><br><br><br>
<H3>GET command POST content:</H3>
<ul>
<li> "protocol": "UJ/0.1"
<li> "cmd": <a JSON string, which decodes to:>
<ul>
<li> "method": "GET"
<li> "chan": <the channel, so for '[email protected]', chan='test'>
<li> "keyPath": <an ascii name for the key in the key-value store>
</ul>
</ul>
Response: the JSON that was in the "value" field of the last SET command for that chan and keyPath, or "ERROR:" followed by some error message in English
<br><br><br><br>
<H3>SEND command POST content:</H3>
<ul>
<li> "protocol": "UJ/0.1"
<li> "cmd": <a JSON string, which decodes to:>
<ul>
<li> "method": "SEND"
<li> "chan": <the channel, so for '[email protected]', chan='test'>
<li> "keyPath": <an ascii name for a mailfolder within the chan's message store>
<li> "value": <the body of the message, encrypted to the chan's public key>
</ul>
<li> "PubSign": <raw hex RSA-signature signing the content of "cmd" above>
</ul>
Response: "OK" or "ERROR:" followed by some error message in English
<br><br><br><br>
<H3>RECEIVE command POST content:</H3>
<ul>
<li> "protocol": "UJ/0.1"
<li> "cmd": <a JSON string, which decodes to:>
<ul>
<li> "method": "RECEIVE"
<li> "chan": <the channel, so for '[email protected]', chan='test'>
<li> "keyPath": <an ascii name for the key in the key-value store>
<li> "delete": <boolean indicating whether to delete or leave on server>
</ul>
<li> "WriteCaps": <password for writing/receiving this chan on this storage node>
</ul>
Response: an array of messages, or an empty array, or "ERROR:" followed by some error message in English
<br><br><br><br>
<H3>Additionally, the storage node should:</H3>
<ul>
<li> respond with correct CORS headers, in response to both HTTP POST and HTTP OPTIONS.
<li> check the HTTP referer that the browser sent, and make sure it keeps all data of one referer completely separate from the data of another.
</ul>
If any of this is unclear or ambiguous, then check the reference implementation at:
<a href="https://github.com/michiel-unhosted/unhosted/tree/v0.1" target="_blank">https://github.com/michiel-unhosted/unhosted/tree/v0.1</a>
<br/>
This protocol is part of the alpha-release of the <a href="http://www.unhosted.org/">Unhosted project</a>. It is likely to be changed to the next version before Unhosted reaches beta. For instance, the storage node could easily take advantage of the presence of PubSign signatures, and then we could get rid of the WriteCaps. Also, it has been suggested we should do at least the GET command with an HTTP GET method and not an HTTP POST.
<br><br>
<a href="/">[back]</a>
</p></td></tr></table></p></td></tr></table>
<div class="clear"></div>
<footer>
<div class="container_12">
<div id="twitter">
<a href="http://twitter.com/unhosted" target="_blank" id="icon">Follow us! @Unhosted on Twitter</a>
<h4>Follow us on <a href="http://identi.ca/unhosted" target="_blank">identi.ca</a> or
<a href="http://twitter.com/unhosted" target="_blank" id="twittitle">twitter</a>
<span>@Unhosted</span>
</h4>
<ul id="twitter_update_list"></ul>
<script type="text/javascript" src="http://twitter.com/javascripts/blogger.js"></script>
<script type="text/javascript" src="http://twitter.com/statuses/user_timeline/unhosted.json?callback=twitterCallback2&count=1"></script>
</div>
<div id="participate">
<div class="icon"></div>
<h4>Participate</h4>
<p>Unhosted is an <strong>open source</strong> project, and entirely altruistic. <strong>If you want to help, please join</strong> <a href="http://groups.google.com/group/unhosted" target="_blank">the mailing list</a>, and open a thread about what you think should happen next.</p>
</div>
</footer>
</body>
</html>