HomeOpen SourceComa Comet ServerDocumentation

API

Overview

Coma is built on top of a series of base classes (objects) that store all the runtime variables. The API defines these objects and how they are used. Each object must have the following characteristics:

  • Must be thread safe
  • Must be simple enough to be mapped to a Javascript counterpart
  • Must incorporate security authorization if object exposes restricted functionality

Thread Safety

Chances are that some of these objects are being referenced by more than a single thread. Because of this, data access must be encompassed by a mutual exclusion mechanism.

Javascript Friendly

Each object must be representable as a Javascript object. Functions should process data types that are compatible with Javascript data types.

Security

Objects that expose potential security issues, such as the file system or networking, must extend a base security class. Objects are scoped to a context: server, site, connection, and request. By default, scopes cascade down security rights.

Any code compiled into the main executable is considered to be trusted and has full access to any object in any scope.

The server must be explicitly told each native C++ modules and Javascript modules to dynamically load and what scope they belong to. Server scoped modules must be explicitly told to allow access from lesser scopes using access control lists.

Scopes

There are 4 scopes:

  • Server
    • Top level global scope
    • Must explicitly be allowed read-only or read/write access to each site
    • Stores system info (os, hardware, etc)
    • Stores server-wide configuration settings
  • Site
    • Only accessible to a particular site
    • Stores site specific info (name, ip, port, etc)
  • Connection
    • Stores information about a particular connection (session id, user id, etc)
    • Expires after timeout or disconnect
  • Request
    • Stores information about a request
    • Expires after request has ended
‹ DocumentationupServer Process Flow ›