Advice needed - request a ressource server to server
Context
The
addon flashcards stores boxes of flashcards in json files, example:
#^https://ein-hub-von-vielen.de/cloud/einer/flashcards/0f118113e310cae.json of user
"einer"The json file
- holds a box of (test) cards,
- has permissions that are set in the "cloud app", public in this case.
User
"bob"User "bob" uses the addon flashcards on a
different server. He is connected with "einer" and has read permissions to some of the json files.
Objective
The addon wants to
- Contact all approved connections to find out who has the addon installed?
- What boxes (= json files) of a user are accessible (permissions)?
- Download a box (json file).
- Synchronize the content of the boxes between users.
Questions
What is the preferred way to request the resources?
1. Browser of "bob" -> server of "einer", or
2. Server of "bob" -> server of "einer"?
My idea: The addon could handle it with special api post endpoints, e.g. /flashards/einer/list or /flashards/einer/share. Some endpoints exist already. But these endpoints look directly into the database on the same server only and are not able to find boxes on other servers, see
#^https://framagit.org/hubzilla/addons/-/blob/dev/flashcards/Mod_Flashcards.php?ref_type=heads#L132.
Is there any example or advice how to implement this?
What is needed to authenticate user "bob" at the server of "einer"? The addon checks permission by checking the owner and the observer (using Zotlabs\Storage\BasicAuth for Zotlabs\Storage\Directory and Zotlabs\Storage\File).
