Create accurate description of what WALNUT is

2017-07-28 17:16:13 -06:00 · 2017-07-28 17:16:13 -06:00 · 47e73ceee8
parent 2ecfbc1e98
commit 47e73ceee8
1 changed files with 52 additions and 35 deletions
--- a/README.md
+++ b/README.md
@ -1,19 +1,47 @@
 walnut
 ======
-Small, light, and secure iot application framework.
+An opinionated, constrained, secure application framework with a hard shell - like iOS, but for a home server.
 Security Features
 * JSON-only APIs
 * JWT (not cookie*) authentication
 * no server-rendered html
 * disallows urlencoded forms, except for secured webhooks
 * disallows cookies, except for protected static assets
 * api.* subdomain for apis
 * assets.* subdomain for protected assets
 * *must* sit behind a trusted https proxy (such as [Goldilocks](https://git.daplie.com/Daplie/goldilocks.js)
 * HTTPS-only (checks for X-Forwarded-For)
 * AES, RSA, and ECDSA encryption and signing
 * Safe against CSRF, XSS, and SQL injection
 * Safe against Compression attacks
 \*Cookies are used only for GETs and only where using a token would be less secure -
 such as images which would otherwise require the token to be passed into the img src.
 They are also scoped such that CSRF attacks are not possible.
 Application Features
 * JSON-only expressjs APIs
 * Capability-based permissions system for (oauth3-discoverable) packages such as
  * large file access (files@daplie.com)
  * database access (data@daplie.com)
  * scheduling (for background tasks, alerts, alarms, calendars, reminders, etc) (events@daplie.com)
  * payments (credit card) (payments@daplie.com)
  * email (email@daplie.com)
  * SMS (texting) (tel@daplie.com)
  * voice (calls and answering machine) (tel@daplie.com)
  * lamba-style functions (functions@daplie.com)
 * Per-app, per-site, and per-user configurations
 * Multi-Tentated Application Management
 * Built-in OAuth2 & OAuth3 support
 ```bash
 curl https://daplie.me/install-scripts | bash
-daplie-install-cloud
+daplie-install-walnut
 ```
 If the pretty url isn't working, for whatever reason, you also try the direct one
 ```bash
 # curl https://git.daplie.com/Daplie/daplie-snippets/raw/master/install.sh | bash
 # daplie-install-cloud
 ```
 You could also, of course, try installing from the repository directly
@ -25,36 +53,17 @@ git clone git@git.daplie.com:Daplie/walnut.js.git /srv/walnut/core
 pushd /srv/walnut/core
  git checkout v1
 popd
-bash /srv/walnut/core/install.sh
+bash /srv/walnut/core/install-helper.sh
 ```
-Features
+Initial Configuration
------
+-------------
-* Works with Goldilocks for secure, Let's Encrypt maneged, https-only serving
+Once installed and started you can visit <https://localhost.daplie.me:3000>.
-* IOT Application server written in [Node.js](https://nodejs.org)
+```
-* Small memory footprint (for a node app)
+curl http://localhost.daplie.me:3000 -H 'X-Forwarded-Proto: https'
-* Secure
+```
  * Uses JWT, not Cookies\*
  * HTTPS-only (checks for X-Forwarded-For)
  * AES, RSA, and ECDSA encryption and signing
  * Safe against CSRF, XSS, and SQL injection
  * Safe against Compression attacks
 * Multi-Tentated Application Management
 * Built-in OAuth2 & OAuth3 support
 \*Cookies are used only for GETs and only where using a token would be less secure
 such as images which would otherwise require the token to be passed into the img src.
 They are also scoped such that CSRF attacks are not possible.
 In Progress
 -----------
 * HTTPS Key Pinning
 * Heroku (pending completion of PostgreSQL support)
 * [GunDB](https://gundb.io) Support
 * OpenID support
 API
 ---
@ -258,3 +267,11 @@ API
 ```
 req.apiUrlPrefix => https://api.example.com/api/tld.domain.pkg
 ```
 TODO
 ----
 * HTTPS Key Pinning
 * Heroku (pending completion of PostgreSQL support)
 * [GunDB](https://gundb.io) Support
 * OpenID support