Story #5824

Updated by Tom Clegg about 6 years ago

* source:services/keep-web
* deb/rpm package name: keep-web

Authentication mechanisms needed
* Accept @Authorization: OAuth2 {token}@ header, and set CORS headers[1] (suitable for aware clients, like an in-browser app)
* HTTP basic authentication just like arv-git-httpd (probably easier to use with general purpose tools: curl, wget, .netrc)
* reader_token in path (suitable for "get a link to share" downloads)
* Configured anonymous token (try this if other auths don't work)

Download URIs mirror Workbench's
* http://dl.{domain}/collections/{uuid}/path/file.ext
* http://dl.{domain}/collections/{portable_data_hash}/path/file.ext
* http://dl.{domain}/collections/download/{uuid}/{token}/path/file.ext
* http://dl.{domain}/collections/download/{portable_data_hash}/{token}/path/file.ext

MIME types
* Look up file extension with "mime.TypeByExtension()":

* Install docs & source:docker/ need to run keep-web keepdl

Nice to have: directory listings
* Very basic formatting (bootstrap would be nice but can wait)
* OK if we show a directory listing only at the top level, similar to the way Workbench does it.
* OK not to support directory listings _at all_ (at least for the first version), and just let Workbench do that part?
* Explicitly no index.html in place of directory listings.
** This means "wget -r" can always be expected to work, but it also ensures this can't be used to host entire web sites along the lines of github pages. If we add this capability in the future we could add a -render-index flag. This would make more sense if it came with a bunch of other features anyway, like dynamically mapping vhosts to collections.

fn1. Do not accept cookies with CORS requests!