Unauthed access to private resources in tiddlyweb
cdent/tiddlywebplugins.privateer
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
A TiddlyWeb plugin for providing unauthed access to private resources using "unguessable" URIs. A URI at a uuid provides an id for a mapping to another URI, internal to the tiddlyweb server, with the active user being "faked". This works out okay because: * only GET is supported * there's no state that gets carried to the next request Tiddlers in a bag called PRIVATEER are used to maintain the mappings. The title of the tiddler is the uuid. The tiddler has two fields: * uri: the mapped to uri * user: the user to proxy the action as An authenticated user can create a new mapping by making a POST to /_ as either a JSON dictionary with a 'uri' key, or a CGI form with a uri parameter. URIs are not checked, you can store what you like and the system will happily do the internal redirect to it. If junk is stored, a 404 will result. An authenticated user can list their own mappings by doing a GET to /_. A JSON dictionary of mappings to uris is returned. Only those mappings which have a user that matches the currently active user will be shown. A user can delete their own mapping by sending DELETE to the URI.
About
Unauthed access to private resources in tiddlyweb
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published