ryochiji's blog
Brought to you fresh from the depths of Ryo Chijiiwa


 
Powered by IlohaBlog
Section: All | News & Politics | Geek Stuff | Devel | Non-existent Life | Random | Food! | Life |

Fri, May 30, 2003

IlohaBlog: Call me MovableType

I'm posting this from Kung-Log, which thinks it's talking to MovableType. I've finished implementing most of the XML-RPC calls that MovableType supports, and everything's working great. I just have two more calls to implement, and once I'm done with that, I'm going to start adding my own API. Read on for more about the IlohaBlog API and some thoughts on XML-RPC...
Show Rest of Post

posted in Devel at 05:08 [1 comments | View | Add Comment ] []


Before I get flamed, I'll state publicly that as a general principle, creating my own API is a bad idea. But the fact of it is, there really is no standard API for blogging systems yet, and the few APIs that exist are severely limited. If I introduce a new API with IlohaBlog, there's a chance -as remote as it may be- that it'll contribute towards the creation of a standard API sometime in the future...

The API calls I have in mind right now are:

  • ib.getLinks(appkey, blogid, username, password) returns array of structs
  • ib.addLink(appkey, blogid, username, password, link_struct) returns link id or fault
  • ib.deleteLink(appkey, blogid, username, password, link_id) returns boolean or fault
  • ib.getAuthors(appkey, blogid, username, password) returns array of structs
  • ib.addAuthor(appkey, blogid, username, password, author_struct) returns boolean or fault
  • ib.removeAuthor(appkey, blogid, username, password, author_id) returns boolean or fault
  • ib.setAuthorPermissions(appkey, blogid, username, password, author_id, permissions) returns boolean or fault
  • ib.setBlogOptions(appkey, blogid, username, password, options_struct) returns boolean or fault
  • ib.createBlog(appkey, blogid, username, password, blog_struct) returns blogid or fault
...and so on and so forth. I'll probably also add some extensions to the existing metaWeblog and mt APIs.

If you haven't noticed it, I'm in love with XML-RPC. It's clean and simple yet extensible. It makes it really easy to separate logic from design, and it promotes open protocols and interoperability. I think I finally understand what all the hype's about.

Having said that, I am a little concerned about the current state of blogging APIs: Partially due to the bad precendence Blogger set with the Blogger API, all methods pass username and passwords for authentication purposes. This is bad for two reasons: it's insecure, and worse, it's inflexible. Ideally, a client would log into the blog server once using either plain text or encrypted authentication (i.e. Kerberos, CRAM), then a session key should be used in subsequent method invocations. The problem is, what makes XML-RPCs so elegant is the fact that it's stateless, so trying to introduce the notion of sessions to XML-RPC might prove to be counter productive.
XML-RPC
Posted Sat, June 7, 2003 00:12 by Robert ramses(zero)@yahoo.com

1) Because XML-RPC is stateless, you *must* authenticate for every function call. Browsers support this through something called "cookies", but you are still "authing" every request.

2) If you are worried about people hax0ring your blog password, then only allow submit's over https. (this is elegant. Think about it, and you will understand why).

3) If you do not like the "crappiness" of having to pass L/P on every call, then either move to public / private key methods (still have to have the initial setup / handshake), and sign all uploads (posts) with a private key (that you must pass with every post). Or, have a function ib.getAuthToken( $login, $password ) => String, and all you ib.postMe( $token, $crap, $crap2, $etc ) ... but you're still reduced to having to pass something to every damned function.

4) If you are smart, you will have written a XML-RPC wrapper class that allows you to simply "wrap" an existing class with all this crap anway. Allow me to sketch:

class THING {
function get() { ... }
function post($thing) { ... }
function _auth( $l, $p ) { ... }
function _write_to_db( $sql ) { ... }
}


class XML_RPC_WRAPPER {
function XML_RPC_WRAPPER( $classname )
{ $this->class = new $classname }
function process_xml_call( $name, $val_ar, $etc ) {
if( method_exists($this->class, $name && $name[0] != "_" ) {
$login = array_shift( $val_ar );
$pass = array_shift( $val_ar );
if( $this->class->_auth( $login, $pass )
{ $this->class->$name( $val_ar ) }
}
}


...It is rough (ie: not perfect) but it is a decent method of doing this. Still needs a lot of details to it, though. Now, all you do is to implement a standard PHP class, and then "Wrap it" with this XML_WRAPPER. Marshall things back and forth to your functions, and viola. Easy to maintain code, and when you find out about SOAP, you don't have to rewrite any of your core functionality, you just have to implement a different wrapper. :^)

--Robert P.S.: Until you figure out html processing, please look at nl2br function.


Ryo Chijiiwa

I'm a biologically Japanese, culturally American, Germany-raised, socially liberal, politically independent, gun-totin', code writin' dude. My life is currently sponsored by Google.
www.flickr.com
This is a Flickr badge showing public photos and videos from ryochiji. Make your own badge here.
©Copyright 1998-2002, Ryo Chijiiwa
All material on this website, unless otherwise stated, may be copied in part or whole, provided that due credit is given and a link or URL to the page or this site is provided. Contact the webmaster here.