Skip to content

Invites

hbons edited this page Dec 1, 2012 · 32 revisions

SparkleShare can link to a host with a click of a button. It can open small xml files called invites issued by hosts to link up with a host without users having to enter any configuration. When the user accepts an invite, SparkleShare is automatically configured to use a repository, and the user's public key is automatically uploaded.

When SparkleShare is running, it will open any file linked to with the sparkleshare:// protocol handler. For example, on a web page:

<a href="sparkleshare://path/to/the/invite.xml">Click here to add this project to SparkleShare</a>

SparkleShare will replace the sparkleshare:// with https:// and uses the resulting url to fetch the invite.

Invites file names must end with .xml. Here's what an invite file looks like:

<?xml version="1.0" encoding="UTF-8"?>
<sparkleshare>
  <invite>
    <address>ssh://[email protected]/</address>
    <remote_path>/hbons/Stuff</remote_path>
    <fingerprint>16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48</fingerprint>
    <accept_url>https://www.sparkleshare.org/accept.php</accept_url> // Optional
    <announcements_url>tcp://notifications.sparkleshare.org:1986</announcements_url> // Optional
  </invite>
</sparkleshare>

address The value normally typed into the Address field of the Add Remote Project dialog, with optional protocol and username.

remote_path The value normally typed into the Remote Path field of the Add Remote Project dialog.

fingerprint The host's fingerprint. Here's how you get it:

ssh-keygen -lf /etc/ssh/ssh_host_rsa_key.pub | cut --bytes=6-52

accept_url is the url SparkleShare sends the client's public key to using HTTP POST (in the variable name called public_key). You want to make sure this url is only valid for a short period of time and uses HTTP Secure. It's your host's task to make sure access is granted to this key. After this the host should return the HTTP OK (200) status, so SparkleShare can continue to fetching the repository.

It is also possible to use the sparkleshare-unsafe:// protocol handler. This will force SparkleShare to fetch the invite file over unencrypted HTTP and should therefore only be used for development/testing purposes, as this will reveal the whole URL to someone between you and the server.