Patchwork is simple communication backend to distribute data mainly meant for scripts and small applications.
It's design is based patchbay.pub's with the addition of an authentication layer based
on private ssh/webcrypto keys.
This service can then be used to power use cases like static file hosting, file sharing,
cross-platform notifications, webhooks handling (including the maybe simplest CI setup using
traditional git forges), smart home routing, IoT Reporting, job queues, chat systems, bots....
All without bothering with writing a proper server hosting setup. For many use case curl and bash are enough.
Patchwork provides a nearly unlimited amount of virtual channels represented by a path and a namespace.
Data POSTed to a channel can be received by clients doing GET requests, the exact behaviour depends on the
type (specified with the type query parameter).
The available types are:
- fifo/queue: Each message is received by exactly one receiver, if no listeners are active the server blocks until there is one. This is the default mode.
- pubsub: All receivers receive the published message, if no listeners are active the server returns "HTTP 204 NO CONTENT".
- blockpub/blocksub: Same behaviour as pubsub, but the server blocks until there is at least one listener.
- req/req: Each request is matched one-on-one to a recipient who can also send data back.
type-> set the type of querypersist=true-> for listeners, don't close the request after receiving the first message/requestmime-> set the mime-type at the other end of the channel- ``
The server is partionend by namespaces. Each namespace has different rules for auth:
- /p/**: No authentication required.
- /u/{github_user}/**: Token has to be signed by a ssh key of the github user.
- /k/{key_fingerprint}/**: Token has to be signed by the ssh key with the given fingerprint.
- /w/{webcrypto_fingerprint}/**: Token has to be signed by the webcrypto key with the given fingerprint.
- /g/{gist_id}/**: Token has to be signed by an allowed signer loaded from the gist
Tokens are base64-encoded, gzipped json objects with two keys:
signature and data. The signature is an openssh signature of
the data. The data key is a json object with the following keys:
{
AllowedWritePaths: ["/some-path/*", "!/some-path/forbidden/*"],
AllowedReadPaths: [],
ValidBefore: -1,
ValidAfter: -1,
}AllowedWritePaths and AllowedReadPaths are OpenSSH style pattern lists (essentially a list of globs), while the ValidBefore and ValidAfter fields specify a unix time after/before which the token is invalid. If it's -1, there is no expiry.
You can download a bash based client here.