<!--toc--> |
|
## Milestone Marks |
|
Each task is marked with milestones: |
|
- Mb - first beta version milestone. Task should be complete before first Beta release. |
- Mrc - first release candidate. Task should be complete before first release candidate. |
- Ms - first stable release. Task should be complete |
before first stable release (including ABI stable) |
- Mn - next stable release. |
|
|
Rationale: |
|
- Task that require **changes** in public API should |
be completed before RC1 |
- Task that does not require changes in API at all may be done till stable or next release, depending on importance. |
- Task that extend API should be done either for RC1 so users can review changes or in next release so there would be time for beta testing between versions. |
|
## Booster Tasks. |
|
### AIO Tasks |
|
#### Implementing UDP Support for `booster::aio::socket` - Mn. |
|
Booster.Aio socket supports well stream sockets but |
has very poor (if any) support of data-gram sockets. |
|
You can open them, use them but there is no such operations |
like `sendto` or `recvfrom` that are data-gram oriented. |
|
Add their implementation to Booster in analogy to |
implementations of async/sync read/write operations. |
|
#### Rewrite socket to better class design - Mrc. |
|
At this point, socket does everything, accept, connects, |
read, writes, works with pipes and anything else. |
|
Better class hierarchy needed, something like. |
|
- `base_async_io_device` |
|
- `acceptor` |
- `base_socket` |
|
- `stream_socket` |
- `datagram_socket` |
- `pipe` |
|
It is good to fix this before first stable version. |
|
#### Review Of Event Loop - Mrc |
|
Do a code review by somebody who is not Artyom for the |
Booster.Aio Event Loop. |
|
### System - Mrc |
|
Booster.System misses `error_condition` class. |
|
Fix `booster::system` to behave according to C++0x, or |
just copy the code from Boost. |
|
### Filesystem - Mn |
|
Implement Directory Iterator. |
|
### General tasks - Mn. |
|
- Extract/Reimplement `boost::bind` in Booster. |
- Extract/Reimplement `boost::iostreams` in Booster |
and replace `cppcms_boost`'s zlib filter with Booster's one. |
- Extract/Reimplement `boost::unordered` in Booster. |
|
|
## CppCMS Core Tasks. |
|
### Implement Pre-Upload file validation - Mrc. |
|
In CppCMS application is created only once the request |
is fully ready. And after that use can validate |
the uploaded files. |
|
This is quite bad in case of big ones. |
|
Possible solution is store the validation requirements |
in the session and let `cppcms::impl::cgi_api` |
fetch this session data and use rules to validate |
uploaded files. |
|
Problems: |
|
- Session fetch may be not so cheap, it may be done over network or require DB access. |
- Session API allows only synchronous requests. |
- File uploading is done in even loop where all operations |
should be non-blocking. |
|
Possible solutions: |
|
- Store this data in signed cookies. |
- Add asynchronous api to sessions. |
- Send session fetch to thread pool till and get |
session data this way. |
|
### Implement Connection Forwarding over unix-sockets - Mrc or Mn. |
|
CppCMS forwarding framework allows to forward any connection |
to other network node over SCGI API. |
|
Is is very useful to be able to forward connections |
between forked processes of same application. |
|
It can be done in much cheaper between forked processes |
by forwarding a file descriptor over Unix domain socket and |
passing already read information via shared memory. |
|
|
### Reintegrate Distributed session backend - Mrc. |
|
Distributed session backed was temporary-removed |
from the code during refactoring and still hadn't get |
back. |
|
So need to revert/rewrite the code in similar way it |
is done with TCP Cache backend. |
|
### Improve Unit-Test coverage - Ms |
|
- Sesssion API |
- Cache API |
- Templates System |
|
### Provide Additional Signing HMACs - Ms |
|
CppCMS uses md5-hmac for signing cookies. MD5 is known |
to be weak (not in case of HMAC, but lets explain it |
to somebody) |
|
So SHA family of digest should be integrated and |
used for HMAC. |
|
Requires: get proven MIT, BSD, Boost or Public-Domain code |
for SHA-1 (160), SHA-192, SHA-224, SHA-256 , SHA-384, SHA-512 and let user decide what he or she wants for |
signature. |
|
## Documentation tasks |
|
### Booster Reference Documentation - Mrc |
|
Write Missing documentation for Booster classes using |
Doxygen - especially for ones that have no Boost |
equivalents. |
|
### Write Examples - Ms. |
|
- AJAX using JSON-RPC |
- AJAX using Asynchronos JSON-RPC |
- Comet Programming |
- File Uploading + validation |
- Good caching examples. |
|
|
## Non-Critical CppCMS tasks |
|
### Implement Locale sensitive Date-Time Form Widgets - Ms |
|
ICU provides good features for parsing and formatting |
dates and times, implement Date-Time Widget |
for this purpose. |
|
It is not so-straightforward as user should know the |
format he/she enters the data, such information |
is not supplied by any existing widgets. |
|
Think what to do in case of no-icu builds. |
|
### Rewrite Cache's index to use has instead of tree - Mn |
|
Cache backed uses `map` and may use `unordered_map`. |
|
But it is not so simple: |
|
- `unordered_map`, unlike `std::map` may invalidate iterators so direct replacement would not work. |
- timeout index probably should be removed as well as |
it requires O(log n) access. |
|
And will it bring real performance benefit at all? |
|
|
## New CppCMS Features |
|
### Implement Active Cache invalidation - Mn |
|
Distributed Cache system implements L1/L2 cache |
allowing a cache client to check if the data is |
has is still up-to-date without reading it back. |
|
However each access to cache still require TCP-ping-pong. |
|
So instead active cache invalidation may be done: when |
trigger is risen or new data is stored a sort of |
a message that causes all clients to drop invalid |
cache is broad-casted. |
|
Need to be implemented. |
|
### Provide option for additional cryptographic library - Ms. |
|
CppCMS uses gnu-tls's implementation of AES for |
encrypting cookies. |
|
gnu-tls does not work with MSVC compiler, so needed an |
option to use other library for AES encryption. |
|
It should be: |
|
- Licensed under LGPL compatible library (OpenSSL fails) |
- ABI stable |
|
### XSS Filter - Mn |
|
Provide HTML filter that allows filtering HTML tags |
and properties using strict white list. |
|
Make it manually configurable and allow loading |
configuration from JSON. |
|
Needed very fine grained definition of tags and properties |
including checks of correct nesting and specifications |
of regex for each property if needed. |
|
|
### Improve Support of RESTful services - Mn |
|
Provide friendly API for RESTful applications in similar |
way it is done today for JSON-RPC |
|
|
### SQL Library - Mn |
|
Consider writing replacement for `dbixx`: |
|
- Write my own SQL Library (i.e. replace dbi)? |
- Improve libdbi - make sure it works on more platforms. |
- Improve SOCI? |
- Fork SOCI? |
|
|
