New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RFC JSONRPC ZeroMQServer #5098
RFC JSONRPC ZeroMQServer #5098
Conversation
Does this support authentication ? Http is authenticated but slow and needed for file download. |
Don't think this will help with authentication and probably not download
|
#include "interfaces/json-rpc/ITransportLayer.h" | ||
#include "threads/CriticalSection.h" | ||
#include "threads/Thread.h" | ||
#include "websocket/WebSocket.h" |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
I've never heard of ZeroMQ before but the concept sounds very interesting. I'll try to find some time to read more about it. It looks like you copied a lot of code from CTCPServer (and forgot to remove some of it). As I was contemplating rewriting/restructuring CTCPServer to make it easier to use different "services" (JSON-RPC over raw TCP, JSON-RPC over WebSockets) I was wondering if this would make sense here too. Since this is a message based system it's probably even much easier and maybe it would make sense to allow different message handlers. That way we could add support for other stuff (like file download) in addition to JSON-RPC. Not sure though if this fits into the basic concept of ZeroMQ. |
Forget to answer about auth, but if there's no way to add some auth / security to tcp and this, would it be possible to have a new setting for all those, instead of the allow remoting from external devices ? Or at least to change description, as the option for local does explain that this opens JSON-RPC too (well it also talks about web interface that could lead to confusion). But the "other devices" in a "remote control" part really sounds like simple remoting and not all the power of those and most users do not understand it. |
@Tolriq Its good that you brought up authentication, I've never really thought of it being relevant on TCP as I mostly consider it being used on a local network. However I think we could add authentication on both a ZeroMQ and the original TCP server through one of two ways.
From what I can gather ZeroMQ has added authentication in version 3 and they seem to have done it via (2), which makes sense as they are lower level than us. And IMO I think that would be the simplest way for us to do aswell. And if its available in the transport we just use their encryption/authentication Does this sound ok to you? @Montellese Yeah its a very quick POC, so mostly copied from the TCP server, and noticed I left a bunch hehe. It's very close to the TCP Server so I'm sure we could combine them somewhat. I think we only would need a virtual SendReply, SendRequest, SendNotification essentially. And possibly some events like onClientAdded we could trigger in each handler. And regarding file download, yeah we really need to find a way to do that :) Perhaps we could have an IRC discussion about it at some point, (not to hide anything, just that its quicker). |
Sorry, meant ZeroMQ version 4 seems to have security. |
IMO (1) and (2) (can) solve different problems. (1) can make sure that a specific client can only perform specific actions and deny access to other actions. It works per-request and is transport protocol independent (and also covers requests from python addons). IMO both concepts are valid and have their use cases and they are not mutually exclusive. |
Yeah thats true, so using (2) would only really bring tcp servers up to the same standard as the webserver really. |
Well both have pro and cons. But from my remote writer perspective 2 is not viable :( This sound like a crazy solution from an optimisation point of view. (Not talking rpi that already cries to encode to simple json, so adding encryption to big data would kinda kill those). |
The problem with 1 is how to handle this correctly without breaking backward compatibility. HTTP could use headers, but not TCP. |
@Tolriq: Could you open a thread in the forum to discuss these issues (and post the link here) as they are not really blockers for this PR. I have already done quite some work on JSON-RPC authentication but that was 2-3 years ago. |
http://forum.xbmc.org/showthread.php?tid=200894 will complete the post later today when more time. |
I think we could add 1 without breaking compatibility, I mean, if an old client would try to execute on a server with authentication that request would yield an error. I'm fairly sure there are encodings which are streamable, I'll see if I can find one which might be suitable. Because in a proper secure world we would almost need both solutions. |
It's called a stream cipher (like the very old RC4). |
As long as it's optional or can be disabled by the user if low end device on any end of the protocol sounds good. |
Any updates on this? I am currently developing a client that uses the JSON RPC API (with TCP transport) and it's so much pain to implement, so an alternative would be awesome. (Or just some properly delimited JSON RPC over TCP…) |
I don't think I'll make any updates to it, IMO zmq is far to restrictive
for jsonrpc.
I have been thinking about revisiting this with libenet which would
probably fit a lot better. But its based on UDP instead (but provides
reliable transport if so is wished).
|
Oh and if what you really desire is packet delimitation you can use
websockets. Or use a streaming JSON parser (yajl for example)
|
I'm not sure if this is something we would want? Basically its an alternative to the web and tcp server which is much easier to use as it both provides framing and is bidirectional.
Some benefits with ZeroMQ