Hi Dave,
On Apr 2, 2009, at 10:55 PM, Dave Engberg wrote:
Hey, Brian -
I'm basically in charge of our API stuff (wrote the IDL, docs,
service implementation, etc.), and would be happy to chime in on any
questions you have.
Neat. I figured you guys were on this list.
Brian Hammond wrote:
I'm assuming EverNote is running the PHP generated "server" since
their staging/testing web service box is running Apache.
Our service implementation is Java on Tomcat, but some of our static
web pages run out of a PHP server for historic reasons. All of the
Thrift goes through a single Java Servlet. Originally, this servlet
was pretty small, and we could have given out the source, but now
it's all munged up with code for logging, throttling, etc.
Oh, Java. OK.
The HTTP service basically needs to take the binary contents of the
HTTP POST and then hand them over to the server skeleton for
processing, and then marshal the results back into the binary
reply. To correctly implement HTTP for portability, you need to
buffer the reply so you can give back a Content-Length header.
The basic implementation is really simple if you're running on a
decent HTTP server, but you will need to add a decent amount of
exception handling to deal with all of the mess you get from
Internet connectivity if you're opening this up to the world.
OK. I get it. So I suppose if I were to open this up to the world
I'd want to use nginx with mod_wsgi - it's very efficient. Given
that, I suppose I'd need to create the equivalent of TPhpStream,
similar to what you did in your Java servlet.
I suppose I need to dig into the WSGI spec a bit deeper then but
perhaps it's as simple as using the TBufferedTransport on the
environ['wsgi.input'] ... Not sure yet if this is correct or not but
this is encouraging: http://wsgi.org/wsgi/Specifications/handling_post_forms
Currently environ['wsgi.input'] points to a stream that represents
the body of the HTTP request.
...
1) use SSL to encrypt user credentials
By using HTTP, we basically got HTTPS for free ... we offload it to
our Citrix load balancers, in fact, so our app servers just handle
HTTP.
Yeah, that's my thought exactly -- use HTTP and deploy to a solid
httpd like nginx and you get all the heavy lifting for free, including
epoll/poll/etc and HTTPS support.
OK, this is good.
Thanks!
Brian
