You don't need frames to view this website. Flash communication server. Flash mx xml socket server.
Home
Main Menu
Home
- - - - - - -
What is Palabre ?
Features
News
FAQ
Forum
DEMO
- - - - - - -
Downloads !
Browse SVN
- - - - - - -
Search
Contact Us
- - - - - - -
Sourceforge Project Page
Python
Links







Actionscript for Multiplayer games

 
Download Palabre Flash Xml Socket Server DOWNLOAD Download Palabre Flash Xml Socket Server FORUM Download Palabre Flash Xml Socket Server FAQ Download Palabre Flash Xml Socket Server WHAT IS IT
 



Using Palabre ? Coming here for Support ? Please consider making an (even small) donation :)
Palabre Forum  


::post new topic::
Collected Documentation - 2008/03/12 23:37 It's tough to uncover all the functionality of Palabre, since Célio spends more time coding than documenting (not a bad thing!).

However, it is driving me crazy...};^)

So, I pulled together everything I could find that seemed relevant from:

The Forums
The FAQ
The News Posts

and I bundled it all up here:

http://www.chromecow.com/flash-and-actionscript/collected-documentation-palabre-06b/

If anyone has found an undocumented feature (you too, Célio!) post it here and I'll update the docs for as long as I'm working with sockets...};^)
  reply | quote
Re:Collected Documentation - 2008/03/13 11:08 Hey, congratulations !
And thanks a lot for your work !

I thought of creating a wiki for some times ... but this seems very nice.
I won't have any time for the next two weeks, but as soon as I come bak I'll try to release a stable version of palabre 0.6 and then get some doc and plugins :)

keep up the good work !
Célio Conort
Lonesome Palabre developper
  reply | quote
Re:Collected Documentation - 2008/03/13 16:52 I look forward to more of your work, admin! Hurry back!
  reply | quote
Re:Collected Documentation - 2008/03/13 16:55 I apologize for the double posting, but I also wanted to say that the gathering of all of that useful data is really nice, chromecow! Thanks!
  reply | quote
Re:Collected Documentation - 2008/03/29 00:59 Glad it's helping.

Just updated:

Includes 4 flow diagrams of what Palabre is actually doing (please call out errors, or things you'd like to see added, it's a work in progress).

The original Visio file is also posted, if anyone wants to fool around with it.

Here are two things that have stumped me, flow-wise:

  • How are broadcast messages originated? They are not handled by parseData.

  • The doAction method seems to be acting on actions that are registered from some unknown place, like 'onClientJoinRoom'


I also expanded the Modules section to add Célio's very useful post about accessing server variable from modules.
  reply | quote
Re:Collected Documentation - 2008/03/31 10:18 Hi,
Thx a lot for the diagrams !

for the questions :


* How are broadcast messages originated? They are not handled by parseData.

They are handled by clientHandleMessage()
But i've seen a problem, I haven't modified them since I changed the behavior of the nodes (any node can be sent as soon as they have a toroom or toclient attribute) so for now only <m> and <msg> nodes supports broadcasting.
I'll change it for 0.6 stable


The doAction method seems to be acting on actions that are registered from some unknown place, like 'onClientJoinRoom'

The doAction method is called everytime an "action" is performed, and there are calls to this function from everywhere in the code :)
ex :
Code:

  self.doAction('onStartup') self.doAction('onShutdown') self.doAction('onRemoveClient',nickName) self.doAction('onClientQuit',nickName) self.server.doAction('onClientInit',self) self.server.doAction('onClientJoinRoom',self,room) self.server.doAction('onClientLeaveRoom',self,room) self.server.doAction('onClientConnect',self)


....
(some of thoose calls may not be in the released beta, but can be seen on the SVN http://svnweb.tuxfamily.org/listing.php?repname=palabre/palabre&path=%2Fpalabre%2F&rev=0&sc=0 )

But I think I should add some calls like : clientCanJoinRoom , ... and usse the returns of this methods.
This will make plugins like password protected rooms easier.

I'll turn it in my head (does this mean anything in english ?) and add thoose few calls and soon release 0.6 stable :)

Thanks a lot for your help and feedback !
Célio Conort
Lonesome Palabre developper
  reply | quote
Re:Collected Documentation - 2008/04/01 10:19 Hey chromeshow thanks a lot for this work..
I'll take a look in diagrams.
  reply | quote
Re:Collected Documentation - 2008/04/01 10:50 admin wrote:
Hi,

But I think I should add some calls like : clientCanJoinRoom , ... and usse the returns of this methods.
This will make plugins like password protected rooms easier.

I'll turn it in my head (does this mean anything in english ?) and add thoose few calls and soon release 0.6 stable :)

Thanks a lot for your help and feedback !


Admin, j'aurais une suggestion.
Tu pourrais regarder comment fonctionne le framework django de ce coté la.

http://www.djangoproject.com/documentation/middleware/

Chercher trois fonctions dans les plug-in comme
beforeAction(args)|beforeNode(args)
doAction(args)|doNode(args)
afterAction(args)|afterNode(args)
Les exécuter si elles existent.

Ou simplement deux, un pré-traitement (tout les plug-in enregistrés pour cette action) puis le traitement de l'action.

De cette manière tu permet aux plug-in d'intervenir avant une action spécifique comme vérifier le mdp pour une chambre et la soit ne rien faire si le mot de pass est correcte, soit envoyez un message d'erreur au client et renvoyer false ce qui interromprait le processus.

Je ne sais pas si c'est possible dans ton architecture actuelle.
Mais cela offrirait un système très dynamique dans ses possibilités de modifications.

Sinon dans la même optique permettre aux plug-in de s'enregistrer pour parser tout les messages sortants ( je ne sais pas si c'est possible )
de cette manière un plug-in de censure serait possible, ou un plug-in de mise en forme.

Cyprien
  reply | quote
Re:Collected Documentation - 2008/04/01 17:44 Please excuse the machine translation of you post, but I'm working with some of these issues currently.

I haven't found a solution for the AfterAction, but before action is pretty simple to work around.

For instance, I want to do some formating and searching of text strings before a message is sent on it way to the intended user.

So I am creating a MessageBeforeAction module, and registering it to look for the node <msgBA> instead of the standard <msg>.

The client is configured only to send these <msgBA> nodes. My module looks at them, preforms the appropriate actions, and then sends them on as standard messages.

That's the theory, anyway.

The one thing that would be super-useful is the After Action idea.

For instance, I am maintaining a list of available rooms. Currently, every client has to send a request to the server every 2 seconds to ask for an updated room list, and most of the time, they get back the list they already have.

It would be great to have an after action hook on room creation, so that when a room is created, the server could push the room to the clients, instead of the constant polling.


Admin, I have a suggestion.
You could watch how the framework of this django the side.

Http://www.djangoproject.com/documentation/middleware/

Searching three functions in the plug-in as
BeforeAction (args) | beforeNode (args)
DoAction (args) | doNode (args)
AfterAction (args) | afterNode (args)
The execution if they exist.

Or just two, a pre-treatment (all plug-in made for this action), then the processing of the action.

In this way allows you to plug-in to intervene before a specific action as mdp check for a room and either do nothing if the password is correct, or send an error message to the client and the return false which interrupt the process.

I do not know if this is possible in your current architecture.
But it would provide a very dynamic system in its ability to change.

Otherwise in the same vein allow the plug-in to register for parsing all outgoing mail (I do not know if that is possible)
In this way a plug-in "would be possible, or a plug-in formatting.

Cyprien
  reply | quote
Re:Collected Documentation - 2008/04/04 00:39 Yep it's fine.

But i think the problem is that you don't know if the client will really do the nodeBA, for the room protected example.

So, if I do a "bad" client for your application, that will not send nodeBA but only node, it will work and go past your verification/etc... of nodeBA.

I will think about a solution, will post tomorrow.
I must look at palabre's code, I've some idea.
  reply | quote
Re:Collected Documentation - 2008/04/04 10:19 Hi,

Yes at first I wanted to do something like before/after/do ...
But i thought it might slow down the whole server execution.

Anyway I can add many calls before/after/... very easily, it's just a server.doAction('beforeBla')
bla()
server.doAction('afterBla')
(if you see places where thoose calls are missing just let me know)

The only problem is "what do I expect as return" ?
true/false ? an edited node ? what if multiple plugins defines the same calls and are returning different results ?

Maybe I should add calls like :

if server.doAction('canDo_BlaBla',params):
params = server.doAction('before_BlaBla',params)
BlaBla(params)
server.doAction('after_BlaBla',params)

Checking if we can, before do action, sending params and getting them possibly edited, and after action call ...

sounds better ?
Célio Conort
Lonesome Palabre developper
  reply | quote
Re:Collected Documentation - 2008/04/04 13:23 Hi,

I think about that this night, and there's my solution.
(mabye bad :p)

In client/room/server
__init__()
register function that you wanna open to plug-in use.

next create a function
def __call__(self, name, params): (not sur of python syntaxe for this one)
that will test if function called is registered as usable for plug-in
if no -> call this function
if yes ->
foreach plug-in registered for this function
-> params = plug-in.beforeAction(name, params)
--> if params== false : return params (will stop this call)

call this function with new params.

foreach plug-in registered for this function
-> params = plug-in.afterAction(name, params)
--> if paramss = false : return params

And for nodes :
when you know the node name and call function for : do something like this
foreach plug-in registered for this node
-> node = plug-in.beforeNode(node)
--> if node == false -> return false (will stop the process)

standard use of this node

foreach plug-in registered for this node
-> node = plug-in.AfterNode(node)
-- > if node == false return false (break...)

Plug-in must extend a class named BaseModule or BasePlugin like this :
def baseModule
def beforeAction(name, params)
return params
def afterAction(name, params)
return params
def beforeNode(node)
return node
def afterNode(node)
return node

like that, plug-in may rewrite some or all of this function, and that will work.

A system like that will offer a lot of possibilities
for example for a game with player movement :

the client send <dep x=1 y=3 />
the plug-in checkDep will use beforeNode
and check if movement is regular, if player can go there, etc..
and adds a little information to the node like
<dep client=Cyprien x=1 y=3 fromx=0 fromy=2 blablabla />
next another plug-in will if this client is "a potential hacker..." log this information with beforeNode

next the normal process with this node will do nothing it's not a regular node.
But next the broadcast plug-in will brodcast this node to all player in sight of fromx and fromy...

it's an example, not the best, we can do all this mess on only one plugin.

But you can add a spell checker, a "censure maker" (don't know in english), and some format plug-in with beforeNode, some checkplugin in beforeAction and beforeNode, some logger, or broadcaster in afterAction and afterNode, etc...
That allow a lot of thing.

And i don't think it will slow a lot the server, because each call will just go into __call__ like a normal call and next, you will not have a lot of plugin registered, maybe like 4-5 for one node will be huge i think.


What do you think about that ?

And sorry for my poor english, i hope you will understand my words.
  reply | quote
Re:Collected Documentation - 2008/04/06 01:25 I like it. I had a hacky work around for the bad client, but it was ugly and difficult to implement, so I would love to see a system like this.

I also concur, the load on the server with this approach should be as low as the current version until people start adding their own actions.
  reply | quote
Re:Collected Documentation - 2008/04/08 20:02 While we're talking about security, there is a big hole there that needs to be filled for anything more than a hobby site, and that's the ability to create a SSL connection between the client and the server.

Otherwise, we're pretty much sending our passwords in plain text.

For the moment, I can live with this, but soon I'm going to have to tackle some of these security issues.

Has anyone thought about what it would take to make an SSL layer?

-Sean.
  reply | quote
Re:Collected Documentation - 2008/04/08 20:12 A couple of resources for SSL:

Mailing List Thread about SSL in Python

www.openssl.org

And this looks promising:

M2Crypto
  reply | quote
Re:Collected Documentation - 2008/04/08 22:46 Hi,
Yes the passwords are sent in plain text (such as your FTP, POP Email, ... passwords :p )

I thought about an SSL connection but I don't know how to handle it on the client side (flash socket) ?

Any leads ?
Célio Conort
Lonesome Palabre developper
  reply | quote
Re:Collected Documentation - 2008/04/09 02:20 I'll look around and see what I can find.
  reply | quote
Re:Collected Documentation - 2008/04/10 00:18 Found something that looks very promising, AS3 only:

Active link containing JavaScript has been removed automatically
  reply | quote
Re:Collected Documentation - 2008/04/10 00:21 D'oh!

Nuked my link. Let me try again without the explicit link:

http://crypto.hurlant.com/

http://crypto.hurlant.com/demo/
  reply | quote
Re:Collected Documentation - 2008/04/10 15:22 Hello,

Crypt the entire conversation is (i think) not really usefull.
But for identification i think you can do something like that.
(If flash allow that)

load_var(httpS://www.example.com/login, user, pass)

and this securised page wills end you something like
UNIQUE_IDENT_ID
you will send this ident to palabre for identification like
connect login="toto" pass="unique-ident-id"

palabre will check in ident_table if
login=xx and unique_ident_id=yy

and then (why not) delete this record from database.
Like that, if someone listen your palabre conversation, he can't log-in with your unique-ident-id because it can be used only one time.

You will have secure authentification, and next a plain conversation, without using ressource for crypting/decrypt, etc...

If flash can't load https page with load_var you can put your application into a https page, that will show after a traditionnal login page (php/python (django)/etc...) with flash_application and a variable that containt login, room_to_connect (why not) and unique_ident_id


I was doing things like that for my project.
Authentification in php, and next an ID that link to this authentification in database.
  reply | quote
Re:Collected Documentation - 2009/06/16 02:44 chromecow wrote:
Found something that looks very promising, AS3 only:

Active link containing JavaScript has been removed automatically
  reply | quote
Re:Collected Documentation - 2009/06/16 08:05 most of the previous message was truncated, her it goes :

As3 Crypto is a cryptography library written in Actionscript 3 that provides several common algorithms. This version also introduces a TLS engine (TLS is commonly known as SSL.)

* Protocols: TLS 1.0 support (partial)
* Certificates: X.509 Certificate parsing and validation, built-in Root CAs.
* Public Key Encryption: RSA (encrypt/decrypt, sign/verify)
* Secret Key Encryption: AES, DES, 3DES, BlowFish, XTEA, RC4
* Confidentiality Modes: ECB, CBC, CFB, CFB8, OFB, CTR
* Hashing Algorithms: MD2, MD5, SHA-1, SHA-224, SHA-256
* Paddings available: PKCS#5, PKCS#1 type 1 and 2
* Other Useful Stuff: HMAC, Random, TLS-PRF, some ASN-1/DER parsing

The library is offered under the BSD license, and include several derivative work from Java, C and javascript sources. Check the LICENSE.txt file for a list of contributors.

http://code.google.com/p/as3crypto/
  reply | quote
Re:Collected Documentation - 2010/05/15 02:11 hi,
the page mentioned in the first post is not available, it reports "failed to establish connection with the database" error ..
thanks
  reply | quote
Re:Collected Documentation - 2010/05/24 12:10 I know this is a bit dead... But you don't need SSL.

You have a DB of md5 hashes of passwords. (Plus a salt?)

Client knows the salt.

You send client random key(So someopne can't sniff and reuse old hash)
and the client performs an md5 on the password concatenated with the salt, gettign whtat you have in the DB. Then the client performs an md5 of the previous md5 concatenated with the random key. The server does the same, but with DB one.
  reply | quote
Re:Collected Documentation - 2015/08/29 21:58 gar wrote:
chromecow wrote:
Found something that looks very promising, AS3 only:

Active link containing JavaScript has been removed automatically
  reply | quote
::post new topic::