Web File Editor (wfed.me)
The protocol is very simple. On a web page, supply a link for downloading a document. The link will be of the form:
The browser will hand control to the Web File Editor application. The Web File Editor application will send the HTTP request to your server. The download script needs to deliver the file in the HTTP reply body, with some additional information in the headers, including an upload URL (for uploading a modified file) and a release URL (so your server knows the user is done editing).
Your download, upload, and release URLs probably need to include a user’s session and an internal file ID. So a real live wfed link might look more like:
The Web File Editor application does not know anything about the internal workings of your server, such as what session IDs mean, where files are stored, what your read locking policies are, etc. It just knows how to make HTTP requests from your server requests that you specify.
If your web server uses session IDs to track logged in users, either in the URLs of pages accessed or via a cookie, the session ID will not be available for the Web File Editor application to send to your server unless you make in available in the URLs it provides.
In constructing the URLs for downloading, uploading, and releasing content, you should provide the minimum information necessary out of concern for security. These URLs might be intercepted by a savvy user, or by firewalls, proxies, and other software between your user and your server. We think that most implementations can be done effectively by passing just a session ID and a file ID in the download, upload, and release URLs.
Files will not necessarily get released by users. Users might forget, lose Internet connection, experience a computer crash, etc. So your server needs to release read and write locks if they are still open after they have expired.
To get started, you should download our SDK from the link above. If you install the included &ldqo;wfed” in the root directory of your web server you will be able to test the Web File Editor application and protocol locally before implementing the protocol on your website.
If you start the Web File Editor application while holding down the “Shift” key on your keyboard, the “File” menu will contain a command to show a “Transcript” window. This window will show all communications between Web File Editor and the server along with other diagnostic information that should help you verify that things are working correctly and track down any trouble.
Place a wfed URL on a web page to give the user the ability to download and possibly
edit a file on your server. As noted above, the download link will look like:
The HTTP portion of the URL needs to point to a script on your server that validates the session id, and delivers the file associated with the file ID. Our sample PHP code shows how to parse the session ID and file ID out of such a URL.
The “wfed:” prefix tells the web browser to hand the URL off to the Web File Editor application, which will communicate with your server via HTTP using that portion of the URL.
Your download script is, conceptually, surprisingly simple. Here is what it needs to do:
The upload script is even simpler than the download script. Here is what it needs to do:
The release script should also be pretty simple. Its purpose is to release any read or write locks you placed on the file, so that other users can download and edit it. Here is what this script needs to do:
The Web File Editor application supports HTTPS. Just use HTTPS URLs instead of HTTP URLs for your download, upload, and release URLs. Note that while the Web File Editor application encrypts data over HTTPS, it does not validate the server certificate.
Keep in mind that there is a lot that go wrong between your server and the user’s computer, as well as on the user’s computer. It is possible that a file not be released correctly. If your server leases a file to user for 15 minutes, it should be prepared to automatically release the file sometime later, perhaps 20 minutes, if the file is not released by the user.