/roost

An experimental new Zephyr client

Primary LanguageJavaScriptMIT LicenseMIT

Roost
  where owls go to sleep

Roost is an experimental new web-based zephyr client with proper
authentication. This is the backend component. The official frontend lives in
the companion roost-client.git repository. If you are primarily interested in
front-end development, you need only clone that one and develop against the
official backend.

  https://github.com/davidben/roost-client

Roost subscribes to, logs, and provides an interface for retrieving zephyrgrams
on behalf of a user. Public subscriptions are deduplicated and subscribed to
with a public subscriber. What differentiates Roost is how it handles
personals. Using Webathena, the Roost client gets a hold of a zephyr/zephyr
service ticket session for the user. This session is then forwarded to the
server which uses it to run a dedicated personals subscriber, known internally
as the user's "inner demon". The inner demon handles all personal subs, checks
authenticity, and sends outgoing messages.

Authentication to the Roost service itself is done with GSSAPI and Kerberos,
also handled in the browser by Webathena. By using Kerberos to properly
authenticate zephyr access, we hope that Roost will interoperate better with
existing zephyr clients while not requiring the user maintain a client or
mirroring script on some dialup. In addition, as the backend API is plain HTTP
(and WebSocket) and natively using Kerberos for authentication, we hope it will
be natural to write clients for non-web platforms using their native Kerberos
mechanisms.

The backend is written in Node.js, using SockJS to provide a WebSockets
fallback on older browsers.

Running the backend requires libzephyr 3.1 or newer.

Configuration uses node-convict. Configure with cjson files specified in a
comma-separated list in the CONFIG_FILES environment variable. To start, run

  # Install dependencies
  npm install
  # Database configuration, etc. See lib/config.js for all options.
  vim config.json
  # Generate secrets for sessions, etc.
  ./bin/generate-secrets.js secrets.json
  # Initialize database schema.
  CONFIG_FILES=secrets.json,config.json ./bin/init-tables.js
  # Start the server.
  CONFIG_FILES=secrets.json,config.json ./bin/server.js

By default, unless you configure a keytab, the server will run in fake
authentication mode where it issues a session token for any principal the
client requests. This is usually suitable for development, but do NOT run
without a real keytab in production.

Run the unit tests with

  npm test