Comments (11)
@spaceone I dare say though that is is almost by design :)
However; I believe we should address this! Any ideas?
from circuits.
Maybe whitelist for allowed events?
from circuits.
Is there any real life example where it is used?
from circuits.
Yeah I've used the JSONRPC Dispatcher in https://github.com/prologic/autodock
In terms of fixing this though; perhaps we need to think about a redesign for JSONRPC/XMLRPC in general where it doesn't blindly translate RPC methods into events.
from circuits.
Retracted last comment; I'm not sure how to solve this. @spaceone: thoughts?
from circuits.
@spaceone: Actually now that I think about the particular use-cases; I think we should just remove the ability to target "channels" via RPC and instead let the user/developer do this if they so desire in their own "dispatchers" that listen to "rpc" events. This would be the simplest way and most secure as incoming "rpc" payloads would only ever hit the component/channel you specify in JSONRPC("/path", "encoding", "rpcchannel")
.
from circuits.
This looks way better. There is still no validation of the event name. Now everybody can fire arbitrary events into self.rpc_channel.
from circuits.
We could prefix the event name with 'rpc.' or/and call a method which can be overridden which dies a mapping from method → event name.
from circuits.
I don't think we should do this; primarily because it completely breaks the API and the notion that you can loosely couple and cooperate with components that listen to events on the rpc_channel
. This would also completely break for example kdb and it's various plugins that listen to "rpc" events.
I believe the kind of "whitelist/blacklist" you're talking about can in fact be implemented by a user application (which I could demo in this issue?); otherwise let's close this and move on :)
from circuits.
With the fix you can still call the init() method of Component-inherited classes.
from circuits.
That would be because of:
from circuits import Component
class App(Component):
def init(self):
pass
I suspect if you @handler(None)
it won't get exposed?
from circuits.
Related Issues (20)
- Speed up more tests
- re-raise KeyboardInterrupt
- Drop Python 2 support HOT 9
- remove landscape.io tooling and references HOT 1
- SSL based tests fail on Ubuntu 20.04 HOT 3
- chunked multi-part web posts HOT 10
- 📣 Migrating off of Github 📣 HOT 5
- Migrate circuits.web HTTP parser to httoop HOT 7
- circuits.web.tools.validate_etags(autotags=True) is broken
- Migrate from Travis-CI to github actions HOT 2
- Fix Python 3.10 support HOT 2
- reduce possible XSS attack vector
- Integrate tornado
- allow coroutines with Python 3 syntax as async def functions HOT 4
- circuits.web error handling broken HOT 1
- circuits.web.tools.validate_etags(autotags=True) is broken
- Missing A record for domain circuitsframework.com HOT 9
- failing IRC byte representation
- Couple of questions the documentation seems to be lacking HOT 4
- TravisCI blocks Pull Requests HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from circuits.