💾 Archived View for bbs.geminispace.org › u › zzo38 › 19567 captured on 2024-12-17 at 15:34:57. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
Re: "geminiprotocol.net: Gemini app developer's guide published..."
I think that it should be OK to use any fields in the client certificates as long as you do not rely on them, and that you should document what fields are used. If accounts are independent from certificates, the account settings can be changed without needing to change the certificate and without requiring any fields in the certificate, although if they are present, they could be used to load the initial values of some settings.
There might be other requirements of certificates as well, such as which types of keys and signatures can be used. If the server sends a TLS certificate request message (which is not the same as the Gemini 6x status code, although it will send that too) to the client, then I would think that the client can know what key types and signature algorithms are acceptable. Therefore, I would think it would probably not be necessary to document these requirements, since TLS will already do this (unless the TLS certificate request message is omitted); however, I am not sure how to check this with OpenSSL. I am not entirely sure of how TLS is working anyways (although I did read the documentation for TLS), so hopefully someone who understands it better might be able to explain if this will work and if so, how.
The security token hash including the current time is something that I had mentioned too (although I mentioned using one day as the interval, although maybe that is too long and five minutes will be better, like mbays suggests). You can check the hash for the previous interval as well as the current interval, in order that they will not expire in only a few seconds.
Using ANSI escapes "only if the user has specifically asked for it" (as mbays suggests) is a reasonable idea and could be an option in a menu, but you could also define a X.509 extension for preloading the setting automatically (but like I mentioned above, you do not need to rely on this).
Indefinite streaming will not be implemented in all clients (it is also possible that some clients will support indefinite streaming but will only render full lines, although as dimkr mentions some might display partial lines even if it results in an incorrect display), so services should avoid relying on that when possible. A service might still send a part of the text and in some cases there might be a necessary delay for the rest of the text (suggested by dimkr), even if a client only displays it when the entire file has been downloaded.
Sep 10 · 3 months ago
Excellent writeup! One thing I learned about CGIs is that user state is very important, and one should consider carefully how to handle it. My chess service used a full database to retain player state across requests. Meanwhile, my todo.txt service manages it with only a user certificate and the contents of flat text files. Sometimes one can get away with storing a state within a query string if the user is not expected to modify the query manually; some examples of this are Minesweeper by @Acidus or my twisty puzzles, where users alter the state by selecting links that contain query strings modified according to the rules of the puzzle.
Thank you guys you're the best! 👏
🕹️ skyjake [OP/mod...] · Sep 15 at 18:07:
Thanks for the feedback so far, everyone! When I find a suitable moment I'll make a few edits and additions to the guide. This will probably be after the Lagrange v1.18 release, though.
Here's a neat trick for CGIs I forgot to mention. Sometimes you may want to send a value as a query string but only have that value act on a certain location. For example, you may want to edit just the Nth line of a file, or return the Nth page of search results. One way to do this is to build a base CGI file, then create a symlink to the file, with the link name being the location you want to act on. The CGI can then use its own filename as a location parameter, without the user needing to specify a location in the query along with a value. I use this trick in both my todo.txt service and the OEIS mirror.
— geminiprotocol.net: Gemini app developer's guide published
Thank you @Solderpunk for giving me the chance to contribute some official Gemini documentation in the form of a new developer guide. I look forward to hearing from @Acidus, @mbays, @gritty, @stack and all other Geminauts who have been working on interactive Gemini apps! I'm sure we can keep improving this guide further with your insights and/or comments and corrections.
💬 skyjake [mod...] · 9 comments · 10 likes · Sep 08 · 3 months ago