5.1 Introduction CYFS for Developers: O Link

[streetycat]

cyfs://

Now, we know some basic concepts in the CYFS protocol, how to exchange information between the client and server, and some internal implementation principles. But there is still a little difference from http://, that is how to use cyfs:// in browsers and html pages.

In CYFS, all information is an object, and cyfs:// provides a variety of ways to manipulate objects:

• O link: by ObjectId.
• R link: path by RootState.
• A link: access the specified version of DECApp.

O Link

It's like below:

cyfs://o/$target_zone/$obj_id[?mode=json&mime=txt]
cyfs://o/$target_zone/$dir_id/$inner_path[?mode=json&mime=txt]

This protocol is the simplest and most used cyfs protocol. Since the obj_id is included in the request, the result must be credible. Since it is used the most, default parameters are used in most times to construct requests, and the FastResp mechanism of BDT is used as much as possible.

• $target_zone: As the domain for http, It represents the zone who will receive and responce the request.
• $obj_id: The object which we want to get.
• $dir_id: The ObjectId of the directory which we want to read.
• $inner_path: The relative path which the file in the directory specified by the $dir_id.

If the mode is not specified, there are different default Response Body for different types of objid. The Body of FileObject is the most special, which is a continuous binary file.

Accelerate for O Link

Batch: When requesting objB, objC..., if you know that the request is initiated after requesting objA to the same zone (Learning the source grouping of HTTP requests), unless the relevant URL has special configuration, you can ignore objB, objC O Link target_zone, but uniformly initiate batch obj requests to target_zone_A.

Client load balancing: There are CacheNodes configuration in the target_zone, the client will request CacheA, CacheB, OOD in order of distance from itself to try to get the Object.

Domain for O Link

For browsers, the second segment of the URL is the domain, so all O Links are in the same domain.It means there are no cross domain issues and defense. It's a static content, and the defense is not needed.

Permissions for O Link

1. If someone leak the ObjectId, the Object will be at risk of being accessed, So we should not tell the ObjectId to others if it's confidential.
2. In default, A object can be accessed by the owner and his friends, The others must access it from the shared friends.
3. The owner can set the ACL to open permissions for others.

Simplify O Link with name

cyfs://eips/index.html

We can register a name for Object to simplify the access link to Object, and we can publish a static website like above.

Cross domain security

• There is no cross-domain problem with static resources.
• Cross-domain is the earliest execution sandbox, and some domains allow access to code running in other domains.
• Script code S in domain A requests resources from domain B, which may cause problems.
  • Potential attack on B's server.
  • Easy to make mock up stations.
  • Get cookies.