-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathstructure_thoughts
More file actions
48 lines (34 loc) · 3.34 KB
/
structure_thoughts
File metadata and controls
48 lines (34 loc) · 3.34 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
! Big Structure
Front end - one static html file and static javascript that uses api calls to interact with the backend.
Back end - rust executable, talking to a database. Perhaps with SSL proxying by nginx.
! Front end API needs -
* authenticate_fe - pass a username (email) and password, get a session key or failure.
* validate_session_fe - pass a session key, get success / fail
* get_channel_lists - pass a session key, get a list of lists
* get_channel_list - pass a session key and a list name, get the channel data as json - channel list will include stuff like the channel name and art
* set_channel_list - pass a session key and a list name and list data, get back a success or failure - the back end should build the channel data after setting this, so it can be easily retrieved
* create_channel_list - pass a session key and a list name, get back a success or failure (name has to be unique for the user)
* set_active_channel - pass a session key and a list name, get back success or failure - this sets the channel that will be retrieve by a roku when requesting your data
* create_account - pass a username (email), password, other user data, get a success / fail - email must be unique (failure code -2? otherwise), user account will not have "validation" set yet, user will get an email and must click on a link in it
* validate_account - this is a get request with the validation code (big unique random number) embedded in it as val_code, and when this url gets hit then the validation gets set on the user account and the validation code gets set to 0
The front end authentication should allow users to read/write, but should also timeout after a short time (1 day of unuse?). I need to do a little research or think about ways to trip up during authentication, and cross site request forgery, and cache busting.
! Roku API needs -
* authenticate_ro - pass a username and password and roku data, get a session key or failure
** post request, with username / pass in the body
* validate_session_ro - pass a session key, get success / fail
* get_channel_xml_ro - pass a session key, get channel data from the active channel
The roku authentication should only allow users to read, and should timeout after a long time (1 year of unuse?).
! API Notes
* Pass username and password via post
* Put random session busters in URL params that get ignored
* Put session keys in the cookies
* Most api things should have a standard JSON response that includes success / fail integer and maybe fail would be a negative code number (-1 for invalid session key)
* All api names should be prefixed by /api/v1/
* The server can authenticate a roku device with instructions at https://developer.roku.com/docs/references/brightscript/components/rourltransfer.md
! Database needs
Backend will need to read and write some different database stuff:
* User data - username (unique email) and (nicely done) password hash, password hash type number (so I can change that over time), validation status (clicked link in email?), validation code, active channel (channel data foreign key) ...
* Front end session key - big random unique key (uuid?) and user data foreign key, last usage
* Roku session key - same as front end
* channel list (many per user) - user data foreign key, channel name, channel data json
* channel data - channel XML - ACTUALLY - I'm planning to generate this on the fly for now