Category Archives: Known

Posted on
by

In my earlier post on this subject, I gave a brief overview of the Known API. I hope people found this useful.

Anyway, it is the nature of development that things change, and recently I pushed a patch that fixed a couple of potential security issues. I won’t bore you with the details, except to say that this might well have an effect on how you use the API.

Sessions are destroyed after page display

In the older instance of the API, once you had authenticated, HMAC validation was short circuited and you were treated as logged in on subsequent requests (provided you remembered to store cookies). This was really a workaround to handle the way that Known would forward you to a created object after creation, and since this was a new URL, you’d need a new HMAC, but the 302 would happen before you could generate one.

Now, you are only logged in for the duration of the page visit, and sessions are destroyed after the page has been sent. Each request must now be individually signed.

Which brings us to the next big change..

No more automatic forwards

Because each page request must be individually signed, it is no longer possible to forward you automatically to the created object. It is also no longer necessary for you to configure CURL to automatically handle 302 responses.

Instead, if you’re making an API request, instead of forwarding, Known will return some JSON containing a location for your next GET request, e.g.:

{
    "location": "https://known.example.com/2015/example?_t=json"
}

This also gives room for extension.

Enjoy!

Posted on
by

The other week, I wrote about introducing SQLite support to Known.

Seemingly, I was on a role, and because a client asked me to look in to Postgres support for a separate project, I thought I’d have a crack at implementing support for Known, which I’m glad has been merged in.

This turns out to have been useful to a bunch of folk, for which I am glad.

Installation

Postgres support is still in Beta, and MySQL is still the recommended database engine, so currently installation is a bit of a manual process.

First, you need to make sure you’ve got Postgres support built in to PHP:

apt-get install php5-pgsql
php5enmod pgsql

Then, you need to modify your config.ini

database = 'Postgres'
dbname = 'dbname'
dbpass = 'password'
dbuser = 'username'
dbhost = 'hostname'

filesystem = 'local'
uploadpath = '/path/to/upload_directory/

Once you’ve done that, you need to install the schema, which currently needs to be done from the command line.

psql -c 'create database ;' -U 
psql -U  -d  -a -f schemas/postgres/postgres.sql

Assuming you got no errors, you should now be good to go!

Posted on
by

SQLite is a SQL powered relational database that is implemented using a file on disk, rather than a client server. This means that, among other things, you don’t need a standalone process to run a database, and it also makes backups easier.

A few weeks ago, support for sqlite landed into Known.

I put together this patch primarily to scratch my own itch; I was having to set up a lot of Known based for testing as part of client projects, and I needed a way to quickly swap around configuration and data sets. I also figured it’d help out the number of folk out there who run their Known sites on devices like the Raspberry Pi.

Usage

Firstly, make sure you’ve got SQLite support built in to php:

apt-get install php5-sqlite
php5enmod sqlite

Then, you need to modify your config.ini

database = 'Sqlite3'
dbname = '/path/to/sqlite.db'

filesystem = 'local'
uploadpath = '/path/to/upload_directory/

The first two lines tell Known to use SQLite for the backend database, and where this database lives. Note, that this location needs to be writeable by your web server user (usually www-data) but, for obvious security reasons, should be somewhere outside of your Known docroot, so that it can’t be downloaded!

The last two lines tell Known to use a disk based file store for pictures and other uploads. This is important as the SQLite engine currently doesn’t support file storage in database like the Mongo engine does.

That’s it! Fire up your browser and visit your site. All being well, Known will automatically create the database and set up the schema.

Bug reports and patches to the usual place!