External Interfaces: RPC, REST
TODO in the RPC Interface
- Create tests for each RPC function
- Document the new interface
- Check all input
create: when creating some objects, one should be able to directly add some information.
real_nameto not remain with unnamed users.
- ??? distinguish between remote users and local users, to protect local users from being exposed to where they are hosted. This should be a changeabel option for local users to allow them to login remotely.
- Set a
- distinguish between a group and a 1-to-1 chat.
- require a room-name for groups. To not remain with unnamed rooms.
chat-rooms create returns an array with the
room_idon success. This should be single value.
error. How about returning a the changed object on success?
- maybe only change that for REST?
Stabilize the Interface
To stabilize the RPC interface it needs to response nicely to wrong input. In the first place it must not crash ever, as this would not only be bad behavior but also an attack vector.
Things discovered to crash RPC interface:
- ??? not providing valid JSON
- not providing expected JSON structure
not providing all the needed values (missing
providing a wrong type for a value (string for
purgeinstead of boolean)
- not providing all the needed values (missing
when modifying an object
unseta not set value.
Check for Input values
we should be able to check input values on the following options:
- mandatory value: this value needs to be set
- specific value: e.g. string without spaces ...
- ??? where to do that???
- specifically in the RPC functions? this would most probably be the easiest way.