add some kind of administration through the http DELETE method #4

Since moderation is an issue, but we don't generally do javascript, it seems like a http request on the specific post/thread uri should do the trick. This can be improved on the client side with an extension for convenience, or with some kind of API a simple management client could be made. The request would then be authorized with a header holding a key.
The big question right now is whether this key should be symmetric or not, and whether kchan should work with a single key or multiple keys.
Multiple keys would be great if they could be dynamically read from a file, like with .ssh/authorized_keys, but that kind of design is the opposite of where kchan is currently heading.
If the key is symmetric, then curl -X POST <adress>/<post/thread id> -H "Auth: <key>" should be good enough, but there are serious security concerns connected to using a symmetric key in this case.
Asymmetric key would in turn add another dependency, and then the -H Auth: would probably contain a private key encrypted post/thread id, which could be compared on the server side.
Maybe we could make this a compile-time feature? No idea.

Since moderation is an issue, but we don't generally do javascript, it seems like a http request on the specific post/thread uri should do the trick. This can be improved on the client side with an extension for convenience, or with some kind of API a simple management client could be made. The request would then be authorized with a header holding a key. The big question right now is whether this key should be symmetric or not, and whether kchan should work with a single key or multiple keys. Multiple keys would be great if they could be dynamically read from a file, like with `.ssh/authorized_keys`, but that kind of design is the opposite of where kchan is currently heading. If the key is symmetric, then `curl -X POST <adress>/<post/thread id> -H "Auth: <key>"` should be good enough, but there are serious security concerns connected to using a symmetric key in this case. Asymmetric key would in turn add another dependency, and then the `-H Auth:` would probably contain a private key encrypted post/thread id, which could be compared on the server side. Maybe we could make this a compile-time feature? No idea.

This should wait for #5 i think.

Administration added as of 7cf755b47b, authorization is not necessary since it can be handled in nginx. Kchan does not authorize requests, but simply does as it is told upon receiving a DELETE request. A client side script/extension can be used for convenience, but that is entirely up to the user.

Administration added as of 7cf755b47b41fe7768c9300438b1ae02f6dbf918, authorization is not necessary since it can be handled in nginx. Kchan does not authorize requests, but simply does as it is told upon receiving a DELETE request. A client side script/extension can be used for convenience, but that is entirely up to the user.

Labels Milestones

add some kind of administration through the http `DELETE` method #4

Labels Milestones

add some kind of administration through the http DELETE method #4

add some kind of administration through the http `DELETE` method #4