Public access to private things.
Project description
A TiddlyWeb plugin for providing unauthed access to private resources using “unguessable” URIs.
A URI at a uuid provides an id for a mapping to another URI, internal to the tiddlyweb server, with the active user being “faked”.
This works out okay because: * only GET is supported * there’s no state that gets carried to the next request
Tiddlers in a bag called PRIVATEER are used to maintain the mappings. The title of the tiddler is the uuid. The tiddler has two fields:
uri: the mapped to uri
user: the user to proxy the action as
An authenticated user can create a new mapping by making a POST to /_ as either a JSON dictionary with a ‘uri’ key, or a CGI form with a uri parameter.
URIs are not checked, you can store what you like and the system will happily do the internal redirect to it. If junk is stored, a 404 will result.
An authenticated user can list their own mappings by doing a GET to /_. A JSON dictionary of mappings to uris is returned. Only those mappings which have a user that matches the currently active user will be shown.
A user can delete a mapping by sending DELETE to the URI.
Copyright 2010 Chris Dent <cdent@peemore.com>
Licensed as TiddlyWeb, using the BSD License.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Hashes for tiddlywebplugins.privateer-0.1.tar.gz
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 56b4339462bfbd58d5e16429f241fbe20f12792ea631bfd4b7d53b30369cf0f4 |
|
| MD5 | 6ec1100c67cef3cc6f32651c5eae13a2 |
|
| BLAKE2b-256 | b833bf4771f78f4a75ab1fc47735d524bbeac90798193ea1d7d44a7bed68f6ae |
