1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
|
To Do List for neon -*- text -*-
===================
Please submit feature requests to <mailto:neon@webdav.org>
For one-point-oh
----------------
23. Mechanism for aborting a request mid-response; e.g., when a GET
fails due to out of disk space, abort the download.
31. Make it threadsafe:
socket.c: getservbyname -> getservbyname_r.
38. Replace all use of split_string/pair_string with ne_token.
40. XML body acceptance callback should check Content-Type. Should
also pass encoding to expat if one is given (how about libxml?).
Recent mod_dav's return XML bodies in 424 responses which need
displaying properly.
44. Finer-grained connection status feedback, i.e., "Sent Request",
"Got response status-line"... "Reading response body"
58. 2616 is quite strict about when to retry non-idempotent requests
and when not to. neon may not be compliant here.
61. Make everything namespace-safe:
remove split_string/pair_string.
62. Select which auth mechanisms are allowed, e.g. JUST SAY NO to
basic might very well be useful to some apps.
63. Unconditionally turn off Nagle algorithm.
Longer term
-----------
1. Support for HTTP-extended authoring methods ala WebRFM etc; using
New-URI header etc. Also support the BROWSE and INDEX methods. The
protocol is documented at:
http://www.ics.uci.edu/pub/ietf/webdav/ns_dav.html
DON'T do this inside ne_basic.c, do it separately in
ne_author.c or something.
2. Add proper domain support to authentication code. (requires full
URI parsing support). Need to tell the auth layer the server
details.
4. Better cnonce generation for authentication: use /dev/{u}random or
whatever like mod_auth_digest.
6. PUT with ranges... ne_put_range
9. DeltaV support (http://www.webdav.org/deltav/). See also the
subversion project (http://subversion.tigris.org/) who might build
a versioning system over DAV.
10. ACL support (http://www.webdav.org/acl/)
11. DASL support (http://www.webdav.org/dasl/). Xythos have server
support for this (www.sharemation.com). The UI is probably the
hardest problem here.
=> Jim Whitehead's UCI postgrad team is working on this and
has written a DASL implementation.
14. Improved request-header manipulation... some kind of indexed table
(a la Apache, libghttp, so we're sure we don't add the same header
to the request twice. Better control over adding Cache-Control
headers would be good too.
17. Should we really be i18n'izing the low-level error messages in
ne_request.c, ne_207.c ? It seems nice and clever to, so the user
REALLY know what is going wrong with the server (probably), but it
is maybe a bit frightening.
20. Add decent and proper URI parser + handling. Or stop pretending we
are doing "URI" parsing, and just handle HTTP URL's.
21. Storing multiple authentication "sessions" within an actual
auth_session, so I can log into e.g. /foo/ and /bar/ (which are
not in the same authentication domain) and switch between them
without having to re-enter passwords all the time.
28. Support response caching?
35. Allow i18n'ization if building a shared library, iff gettext
support is on the system (and hence add -lintl or whatever to
NEON_LIBS). If system has no gettext support, then it's probably
impossible to support i18n in the library (although *applications*
can support it by bundling gettext themselves). Take a look at how
other libraries handle this.
46. Asynchronous request-dispatching? Makes integration into GUI loop
easy... any other reasons? Must leave existing request_dispatch
interface intact.
47. Indexed table-based response-header access? Might simplify things
like response body acceptance callbacks (i.e., can get access to
Content-Type header for XML).
48. Possibly, store the time of last interaction over the TCP socket,
call it 't'. If the next request is made after t+20, presume the
persistent connection is dead, so re-connect automatically. If we
don't do this, then we have two wasted write() calls making the
request, then failing, then re-connecting. It's really only worth
doing this if this actually saves any packets on the wire, which
it probably doesn't. strace / tcpdump might help here.
50. opendir/readdir/closedir-esque interface for PROPFIND depth 1,
a la EZDAV. (cadaver has it already)
53. "ne_session" concept is hazy. Abstract out a "connection" concept
too, and allow >1 connection per-session in multi-threaded use,
somehow.
57. Add function to map of status-code values to i18n-ized reason
phrase.
|