New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RSS feed support #204
RSS feed support #204
Conversation
Cool stuff! I guess this is the first true c++ contribution i get :-) |
Thanks :-) By the way, I finished the RPC proxy in Node.js you suggested. I did it about three weeks ago, but I need help setting the defaults for call limits, and I would appreciate some code review before we declare it ready for use. But the Twister messages I sent you were not delivered, they can only be sent to followers. They are too short to discuss this anyway. Can you please give me your email address? |
one email can be found on page 1 of the preprint: http://twister.net.co/?attachment_id=355 |
@@ -979,6 +980,28 @@ void ServiceConnection(AcceptedConnection *conn) | |||
if(strMethod == "GET" && strURI == "/") | |||
strURI="/home.html"; | |||
|
|||
if(strMethod == "GET" && strURI.substr(0, 4) == "/rss" && !GetBoolArg("-public_server_mode",false)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure if we want /rss to bypass authentication, do we?
One might argue that we already bypass authentication for http static web serving, but we should change that sooner or later. Besides, static serving looks less dangerous than rss.
Update: now i see getposts and getdirectmsgs below. both require authentication. so we certainly don't want to bypass authentication here.
I added the improvements. But I would like to warn that having authenticated RSS doesn't make opening twisterd secure (unless you activate public_server_mode restrictions). Here is why I think it is insecure: rpcuser and rpcpassword values are currently hardcoded in the twister html client. An attacker can bypass authentication simply by opening normal web interface (home.html) and read the same information (postboard, direct messages) as in RSS. And not just read, he can also post. The only thing preventing this is rpcallowip - as long as it is set to localhost. Also, the credentials are always user:pwd, and users can't change it without manually editing the hardcoded value in UI javascript, because all functionality would break due to not being able to connect. It would be a nice idea to support custom login credentials in twister-html. It would enable people to do things like run their Twister on a private home server, and access it from a tablet or other device. The credentials shouldn't be sent in plaintext, but you could probably just run it with -rpcssl. So what do you think? Should I add support for custom username and password to twister-html? |
You can change rpcuser and rpcpassword in the .twister/twister.conf file, then twister-html just prompt (in the classic http auth way) for the custom credentials. I added a SSL proxy in front of twister-core for serving static contents and provide encryption and it works like a charm. |
Maybe I'm doing something wrong, but Firefox doesn't even prompt for the credentials, it just displays “Error connecting to local twister daemon”. Chromium asks for them, but doesn't use them, the default credentials are used again, and the prompt is displayed again as a result of the 401 / HTTP_UNAUTHORIZED code it always receives. You will see these results when using Twister directly without the Apache proxy, which can probably get around this problem. I would see this as a bug to be fixed - but I agree it is much better to run Twister behind an Apache proxy with SSL like you do. |
strange, my iceweasel (v30) prompt for credentials and everything work after, even without SSL proxy. Maybe I'm just lucky… |
@digital-dreamer don't worry: we will remove the hardcoded values from twister-html and start requiring authentication for everything. |
Glad to hear about auth, @miguelfreitas. Was about to pull-request it instead of hacking it manually each time 😉 Non-direct-message RSS is kinda public domain content anyway (that's what "censorship-free" is all about. No? 👼). Not sure whether this should be password protected (maybe if RSS content depends on who I follow, cache, etc, it could leak some matadata-ish info. IDK), so maybe best is to let users decide about this at |
thedod - good point, I added the commit. So now, direct messages are not synchronized by default, you can manually enable them in twister.conf with rss_dm=1 |
Is there a pressing reason to choose RSS over ATOM ? The latter is a much better format, specifically designed to be the successor of RSS. |
@digital-dreamer @miguelfreitas doesn't compile, error in make-step: src/json/json_spirit_value.h:219:5: note: json_spirit::Value_impl::Value_impl(json_spirit::Value_impl::Const_str_ptr) [with Config = json_spirit::Config_vectorstd::basic_string; json_spirit::Value_impl::Const_str_ptr = const char*] src/json/json_spirit_value.h:219:5: note: no known conversion for argument 1 from ‘time_t {aka long int}’ to ‘json_spirit::Value_impl<json_spirit::Config_vector<std::basic_string > >::Const_str_ptr {aka const char*}’ make[1]: *** [src/twister_rss.o] Fehler 1 more at: http://skilledtests.com/twister/twister-core-pullrequest204.txt |
stat so far: |
@Erkan-Yilmaz, thank you for reporting this, I'm on a 64bit system and didn't think about the differences. Here is a patch: #208. Can you please try it to see if everything works for you now? |
Resulting feeds also forget to escape XML chars. For example, the note:
will throw errors on the |
@digital-dreamer THX (just tested and it's compiling again) |
You can now subscribe to your twister postboard via RSS feed reader. Incoming direct messages are synchronized too. Feed URL is /rss on your twister client, for example http://127.0.0.1:28332/rss
Parameters: If you have more than one username, you can specify which one you want with the “account” parameter. If you want to change number of items, use the “max” parameter, default is 20. Format is the same as in any other HTTP URL. For example:
http://127.0.0.1:28332/rss?account=johndoe&max=10
Implements feature request #161