creating/interacting with random scratchpad/graphentry/pointer by passing the private key as hex encoded string as header param

[rid-dim]

the idea is that creating/interacting with random scratchpad/graphentry/pointer by passing the private key as hex encoded string as header param would enable a lot of additional use cases where shared access to those data types would be useful.

currently dweb derives from a global secret with app-id and object-id which is great for recovery without the need to store a list of private keys somewhere but prevents people from

• just creating a scratchpad to share with someone else to modify it
• tell someone "I expect your answer on that graphEntry key/address" and that other party being able to asynchronously answer at some later point in time (autonomi mail system; you create a receiving branch for every contact you invite to write you)

this is not super urgent - I would love to see deterministic ports and https sooner.
but e.g. for a public billboard app where anybody can just modify/update the content I would love to have this feature ... just hard-coding some private-keys into the app (or maybe a derivation rule if the scratchpad is at its max_count to prevent people from breaking it)

[rid-dim]

other use case:

friendship requests in friends!

the publicly visible account package specifying where you expect friendship requests to be located => the other one can create a scratchpad there with a link to his profile

[happybeing]

This is already implemented I believe 🎉 Take a look here:

https://github.com/happybeing/dweb/blob/main/dweb-cli/src/services/api_ant/v0/scratchpad.rs#L152

I haven't tested this, so that is your mission should you choose to accept it 🤣 Looks pretty bullet proof though so I don't expect problems.

N.B. I had commented out the header in the docs because I want to highlight the 'standard' approach and not make it look like providing a secret in the header is normal or expected... if you really want to know what's going on, look at the code 😆

I'll close this but feel free to open if you want to discuss further.

[rid-dim]

oookay - I tried it and the issue seems to me to be:

I can GET a random scratchpad (pass the private key via Ant-Owner-Secret) and read it if it. but when I POST or PUT it there is no route for {random address} and trying to use the route without explicit address parsing fails because then it tries to derive the address ...

I started to implement the additional routes and then did start to refactor to not introtuce too many duplications with the other PUT/POST routes ... and it completely escalated xD ... not sure I should change your codebase that much tbh xD ...

[rid-dim]

oh - and the "issue" with using the explicit address route is (I think we should still go this route in the first iteration ... ):

the private key would be enough to derive the address and do the put ... but if we use explicit addresses then the app needs to manage the addresses + keys correctly ...

another "issue" is that with dweb alone there is no way to create such an independent scratchpad and get the owner-secret out of dweb to share it with someone else ... would be nice to request
(use case: I want to put a secret key into my friends profile description -> "send your friendship request there" - if we could just get a random pair of secret+address from the API; combined with using the explicit address route for PUT and POST too that would be pretty cool for now :-) )

[happybeing]

Well I said it wasn't tested, but obvs not thought through either 🤣 so thanks for doing this.

It may just be a bit early on a Sunday but could you help me understand what you need by specifying the routes you would like here? I'll read again later but am not getting it yet.

[rid-dim]

scratchpad-private/{ScratchpadAddess}

PUT and POST

Using the ant-owner-secret
(the Scratchpad public route ofc would be nice too but not as important for me in this moment of time)

[happybeing]

Looking at the code it appears to do what you ask there so I'm still not understanding this, sorry. Can you post an example which shows what doesn't work, maybe using the SwaggerUI step 1, step 2 ... (if you uncomment the Ant-Owner-Secret and build yourself that is)?