[tor-commits] [bridgedb/develop] Specify the moat API.

isis at torproject.org isis at torproject.org
Wed Nov 15 22:24:50 UTC 2017


commit 9d452247e4378a44e46fb31b14acf2238e4d9dd6
Author: Isis Lovecruft <isis at torproject.org>
Date:   Tue Sep 12 21:33:22 2017 +0000

    Specify the moat API.
    
     * FIXES part of https://bugs.torproject.org/22871
---
 README.rst | 173 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 173 insertions(+)

diff --git a/README.rst b/README.rst
index faeae5c..a2d3b27 100644
--- a/README.rst
+++ b/README.rst
@@ -420,6 +420,179 @@ e.g. bridges at ...) and sent from an ``@riseup.net``, ``@gmail.com``, or
 
 You can email our BridgeDB instance `here <mailto:bridges at torproject.org>`__.
 
+
+----------------------------
+Accessing the Moat Interface
+----------------------------
+
+Moat is a bridge distributor for requesting bridges through `Tor Launcher's
+<https://gitweb.torproject.org/tor-launcher.git/>`__ user interface.
+
+The following describes the Moat API, version 0.1.0.
+
+The client and server both MUST conform to `JSON-API <http://jsonapi.org/>`__.
+
+The client SHOULD direct all requests via the Meek reflector at ``MEEK_REFECTOR``.
+..
+   XXX meek reflector URL
+
+Requesting Bridges
+""""""""""""""""""
+
+The client MUST send a ``POST /meek/moat/fetch`` containing the following JSON::
+
+    {
+      'data': {
+        'version': '0.1.0',
+        'type': 'moat client supported transports',
+        'supported': [ 'TRANSPORT', 'TRANSPORT', ... ],
+      }
+    }
+
+where:
+
+* ``TRANSPORT`` is a string identifying a transport, e.g. ``"obfs3"`` or
+  ``"obfs4"``.  Currently supported transport identifiers are:
+  - ``"vanilla"``
+  - ``"fte"``
+  - ``"obfs3"``
+  - ``"obfs4"``
+  - ``"scramblesuit"``
+
+
+Receiving a CAPTCHA challenge
+"""""""""""""""""""""""""""""
+
+The moat server will respond with ``200 OK``.
+
+If there is no overlap with the transports which BridgeDB supports, the moat
+server will respond with the list of transports which is *does* support::
+
+    {
+      'data': {
+        'version': '0.1.0',
+        'type': 'moat server supported transports',
+        'supported': [ 'TRANSPORT', 'TRANSPORT', ... ],
+      }
+    }
+
+If there is an overlap with what BridgeDB supports, the moat server will select
+the "best" transport from the list of supported transports, and respond with the
+following JSON containing a CAPTCHA challenge::
+
+    {
+      'data': {
+        'id': 1,
+        'type': 'moat farfetchd challenge',
+        'version': '0.1.0',
+        'transport': TRANSPORT,
+        'image': CAPTCHA,
+        'challenge': CHALLENGE,
+      }
+    }
+
+where:
+
+* ``TRANSPORT`` is the agreed upon transport which will be distributed,
+* ``CAPTCHA`` is a base64-encoded, jpeg image that is 400 pixels in
+  length and 125 pixels in height,
+* ``CHALLENGE`` is a base64-encoded CAPTCHA challenge which MUST be
+  later passed back to the server along with the proposed solution.
+
+The challenge contains an encrypted-then-HMACed timestamp, and
+solutions submitted more than 30 minutes after requesting the CAPTCHA
+are considered invalid.
+
+
+Responding to a CAPTCHA challenge
+"""""""""""""""""""""""""""""""""
+
+To propose a solution to a CAPTCHA, the client MUST send a request for ``POST
+/meek/moat/check``, where the body of the request contains the following JSON::
+
+    {
+      'data': {
+        'id': 2,
+        'type': 'moat farfetchd solution',
+        'version': '0.1.0',
+        'transport': TRANSPORT,
+        'challenge': CHALLENGE,
+        'solution': SOLUTION,
+        'qrcode': BOOLEAN,
+      }
+    }
+
+
+where:
+
+* ``TRANSPORT`` is the agreed upon transport which will be distributed,
+* ``CHALLENGE`` is a base64-encoded CAPTCHA challenge which MUST be
+  later passed back to the server along with the proposed solution.
+* ``SOLUTION`` is a valid unicode string, up to 20 bytes in length,
+  containing the client's answer (i.e. what characters the CAPTCHA
+  image displayed).  The solution is *not* case-sensitive.
+* ``BOOLEAN`` is ``'true'`` if the client wants a qrcode containing the bridge
+  lines to be generated and returned; ``'false'`` otherwise.
+
+
+Receiving Bridges
+"""""""""""""""""
+
+If the ``CHALLENGE`` has already timed out, or if the ``SOLUTION`` was
+incorrect, the server SHOULD respond with ``419 No You're A Teapot``.
+
+If the ``SOLUTION`` was successful for the supplied ``CHALLENGE``, the
+server responds ``200 OK`` with the following JSON::
+
+    {
+      'data': {
+        'id': 3,
+        'type': 'moat bridges',
+        'version': '0.1.0',
+        'bridges': [ 'BRIDGE_LINE', ... ],
+        'qrcode': QRCODE,
+      }
+    }
+
+where:
+
+* ``BRIDGE_LINE`` is a bridge line suitable for configuration in a torrc,
+* ``QRCODE`` is a base64-encoded jpeg image of a QRCode containing all the
+  ``BRIDGE_LINE``, if one was requested, otherwise this field will be ``NaN``.
+
+..
+    XXX do we care to differentiate the errors for "unable to distribute
+        bridges"? are any of these useful to Tor Launcher?
+
+If the ``SOLUTION`` was successful for the supplied ``CHALLENGE``, but the
+server is unable to distribute the requested Bridges, the server responds ``200
+OK`` with the following JSON::
+
+    {
+      'error': {
+        'id': 1,
+        'code': '404',
+        'status': 'Not Found',
+        'title': 'Could not fetch the type of bridges you requested',
+        'detail': DETAILS,
+      }
+    }
+
+where:
+
+* ``DETAILS`` is some string describing the detailed nature of the issue.
+
+
+Other Responses
+"""""""""""""""
+
+If the client requested some page other than ``/meek/moat/fetch``, or
+``/meek/moat/check``, the server MUST respond with ``501 Not Implemented``.
+
+If the client attempts any other HTTP method, other than ``POST``, the server
+MUST respond ``403 FORBIDDEN``.
+
+
 =================
 Contact & Support
 =================





More information about the tor-commits mailing list