[vlc-devel] [PATCH 08/10][RFC][WIP] cloudstorage: access: custom-made html pages to the http server responses (personalized for VLC)

Diogo Silva dbtdsilva at gmail.com
Thu Aug 17 14:09:38 CEST 2017


On Thu, Aug 17, 2017 at 7:18 AM, Marvin Scholz <epirat07 at gmail.com> wrote:

> Hi, thanks for your work.
>
>
> On 17 Aug 2017, at 3:08, Diogo Silva wrote:
>>
>> +++ b/share/cloudstorage/amazons3_login.html
>> @@ -0,0 +1,52 @@
>> +<html>
>> +<head>
>> +  <meta name="Author" content="VideoLAN" />
>> +  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
>> +  <meta http-equiv="X-UA-Compatible" content="IE=edge" />
>> +  <meta name="viewport" content="width=device-width, initial-scale=1" />
>> +  <title>VLC Local Authentication Server</title>
>> +  <script src='//ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min
>> .js' type='text/javascript'></script>
>> +  <script async="async" src="//images.videolan.org/js/bootstrap.min.js"
>> type="text/javascript"></script>
>> +  <script src='https://cdnjs.cloudflare.com/ajax/libs/js-url/2.5.0/url
>> .min.js'></script>
>> +  <link rel="stylesheet" type="text/css" href="//images.videolan.org/st
>> yle/bootstrap.min.css" />
>> +  <link rel="stylesheet" type="text/css" href="//images.videolan.org/st
>> yle/style.min.css" />
>>
>
> If I understand this correctly, this is a HTML page that will be rendered
> to the user to login to
> Amazon S3. I don't think it is acceptable or necessary to include so many
> external scripts here.




I can take a look at those scripts (maybe url.min.js can be removed with
some additional js code) but the others are a
bit essential in order to provide some pretty pages to the user.


>
> +</head>
>> +<body class="new-design">
>> +  <div id='bodyInner' class='blue' style='padding:0'>
>> +    <nav id="nav" class="navbar navbar-default navbar-static-top">
>> +      <div class="container">
>> +        <div class="navbar-header"><a class="navbar-brand" href="//
>> www.videolan.org/"><img src='//images.videolan.org/images/logoBlue.png'
>> alt='VideoLAN association' /></a>
>> +          <a class="navbar-brand" style="padding: 15px 15px">VLC Local
>> Server</a><button type="button" class="navbar-toggle collapsed"
>> +            data-toggle="collapse" data-target="#main-navbar"
>> aria-expanded="false"><span class="sr-only">Toggle navigation</span><span
>> class="icon-bar"></span><span class="icon-bar"></span><span
>> class="icon-bar"></span></button></div>
>> +      </div>
>> +    </nav>
>> +    <div class="container center-block">
>> +      <script>
>> +        function submitData() {
>> +          var code = encodeURIComponent($('#inputAccessKey').val() +
>> '@' + $('#inputRegion').val() + '##' + $('#inputSecretKey').val());
>> +          window.location.href = location.pathname.split("/").slice(0,-1).join("/")
>> + "?code=" + code + "&state=" + url('?').state;
>> +          return false;
>> +        };
>>
>
> That javascript looks awful. Why is it necessary, can't the form just do a
> POST? If this is necessary and can't be written in a less
> obfuscated way, I would at least add a comment explaining what it does.


Indeed, I will write it in a cleaner way.


>
>
> +      </script>
>> +      <h2 class="text-center">Amazon S3 Login</h2>
>> +      <h5>VLC requires access to your Amazon S3 account in order to
>> display the content of your cloud storage.<br/>Amazon
>> +        S3 requires generating an access and a secret token in order to
>> be used in external applications. To generate those
>> +        tokens, go to "My security credentials", then "Access Keys" and
>> create them.</h5><br/>
>> +      <form class="form-horizontal" onsubmit="return submitData()">
>> +        <div class="form-group"><label for="inputRegion" class="col-sm-2
>> control-label">Region</label>
>> +          <div class="col-sm-10"><select id="inputRegion"
>> class="form-control"><option value="ap-northeast-1">Asia Pacific
>> (Tokyo)</option><option value="ap-northeast-2">Asia Pacific
>> (Seoul)</option><option value="ap-south-1">Asia Pacific
>> (Mumbai)</option><option value="ap-southeast-1">Asia Pacific
>> (Singapore)</option><option value="ap-southeast-2">Asia Pacific
>> (Sydney)</option><option value="ca-central-1">Canada
>> (Central)</option><option value="eu-central-1">EU
>> (Frankfurt)</option><option value="eu-west-1">EU (Ireland)</option><option
>> value="eu-west-2">EU (London)</option><option value="sa-east-1">South
>> America (São Paulo)</option><option value="us-east-1">US East (N.
>> Virginia)</option><option value="us-east-2">US East (Ohio)</option><option
>> value="us-west-1">US West (N. California)</option><option
>> value="us-west-2">US West (Oregon)</option></select></div>
>> +        </div>
>> +        <div class="form-group"><label for="inputAccessKey"
>> class="col-sm-2 control-label">Access Key</label>
>> +          <div class="col-sm-10"><input type="text" class="form-control"
>> id="inputAccessKey" placeholder="Access Key ID"></div>
>> +        </div>
>> +        <div class="form-group"><label for="inputSecretKey"
>> class="col-sm-2 control-label">Secret Key</label>
>> +          <div class="col-sm-10"><input type="password"
>> class="form-control" id="inputSecretKey" placeholder="Secret Access
>> Key"></div>
>> +        </div>
>> +        <div class="form-group">
>> +          <div class="col-sm-offset-2 col-sm-10"><button type="submit"
>> id="submit" class="btn btn-default">Sign in</button></div>
>> +      </form><br/><br/>
>> +      <h5>This page is running locally and is hosted by your machine.
>> The inserted data is going to be safely sent to <a href="
>> https://aws.amazon.com/s3/">Amazon S3</a>        servers.</h5>
>>
>
> Sure it is running locally, but pulls in a bunch of scripts from external
> sources.
>

This module completely requires access to internet. After receiving that
data, it is going to be sent within a POST request to Amazon (properly
managed).



>
> In general: Why have so many different HTMLs instead of a generic one with
> replaceable variables for the different services?
>

Indeed, it can be easily loaded with replaceable variables and it would
look much better and consume less space.


> Yours sincerely,
> Marvin Scholz


Thanks for the feedback!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.videolan.org/pipermail/vlc-devel/attachments/20170817/93af24e6/attachment.html>


More information about the vlc-devel mailing list