617bb03ad5
This removes "side" and "msgnum" from the URLs, and puts them in a JSON request body instead. The server now maintains a simple set of messages for each channel-id, and isn't responsible for removing duplicates. The client now fetches all messages, and just ignores everything it sent itself. This removes the "reflection attack". Deallocate now returns JSON, for consistency. DB and API use "phase" and "body" instead of msgnum/message. This changes the DB schema, so delete the DB before upgrading the server.
26 lines
597 B
SQL
26 lines
597 B
SQL
|
|
-- note: anything which isn't an boolean, integer, or human-readable unicode
|
|
-- string, (i.e. binary strings) will be stored as hex
|
|
|
|
CREATE TABLE `version`
|
|
(
|
|
`version` INTEGER -- contains one row, set to 1
|
|
);
|
|
|
|
CREATE TABLE `messages`
|
|
(
|
|
`channel_id` INTEGER,
|
|
`side` VARCHAR,
|
|
`phase` VARCHAR, -- not numeric, more of a PAKE-phase indicator string
|
|
`body` VARCHAR,
|
|
`when` INTEGER
|
|
);
|
|
CREATE INDEX `messages_idx` ON `messages` (`channel_id`, `side`, `phase`);
|
|
|
|
CREATE TABLE `allocations`
|
|
(
|
|
`channel_id` INTEGER,
|
|
`side` VARCHAR
|
|
);
|
|
CREATE INDEX `allocations_idx` ON `allocations` (`channel_id`);
|