I need to play encrypted files with videojs, backend developer changed the logic and sends decrypt key beside the file in api and that is not present in playlist, so I neeed to process this key and pass it to player to use this key instead of reading that from a URI, do you know how I can do this?
player automatically will perform a xhr request to this uri which is not ok and I need to override this part to read key from my custom function instad of performing this request.
I think you should change the URI to your Restfull API, it responds to your key.
If you use S3 to host, you can change to S3 URL file key
for example:
#API
URI="https://dicom-interactive.com/fetch-video-key"
#S3
https://your-bucket.s3.ap-southeast-1.amazonaws.com/video/file.key
Related
I am bit new to HTTP/2. I have learned that using HTTP/2 we can send multiple requests to the server without waiting for previous responses. Well I want to send an image file to the server which is large (more then 500 MB). There are following ways as listed here
Base64 encode the file, at the expense of increasing the data size by around 33%.
Send the file first in a multipart/form-data POST, and return an ID to the client. The client then sends the metadata with the ID, and
the server re-associates the file and the metadata.
Send the metadata first, and return an ID to the client. The client then sends the file with the ID, and the server re-associates
the file and the metadata.
I donont want to use first solution because it will increase the file size by 33%. I want to use 3rd solution.
As I am using HTTP/2 so my questions are
Can I send metadata and image simultaneously without waiting for ID from the server ?
If yes, then how can I implement ? Like do I have to do multithreading at server end for a client or how can I associate metadata and image with each other ?
If no then should I go for conventional style of HTTP/1.1 ?
I am using Restful and JSON for communication. More specifically I am using C# command-line client to send image and Asp.Net as server.
You can use multipart/related type to make a request with related mime-types. i.e in your case you can send an image along with a JSON body data.
You can refer Google drive file upload api which has a very similar implementation.
I want to do the following using NGINX Module :
Nginx receives a request, checks if it has the key to decode the request in the cache(custom)
if YES, then decode request, obtain an ID from it and check if there is a value against this ID in a key-value store (asynchronously) and return it in the response
if NO, then get the new key from the key-value store (asynchronously) and then store this key in the cache and use it to decode the request. Obtain the ID and check if there is a value against this ID in the key-value store(asynchronously) and send it in the response.
I was able to figure out how to do step 1, i wrote an upstream module by referring openresty's nginx module from github. For achieving step 2 functionality, i tried creating a new upstream request in the process_header() function of the first upstream call (i.e getting the key from the store), but this didn't work. How to achieve this ?
Thanks in advance.
I see 2 approaches:
You may do it all in Lua using lua-nginx-module and lua-resty-redis library. Here you may find some info Configure-nginx-to-get-url-from-redis-with-key-and-proxy-the-url-to-other-server
Write nginx C module, use redis2-nginx-module as upstream module, send subrequest. Take a look at my answer to Subrequests are not sent or the request hangs It shows how to send subrequests.
I have a endpoint called get user data which accepts a token
I need to read this token in my apigee and send it to tokenVarificationExtUrl
which gets back to me with
a) valid 200
b) userid attached with that token
now what i have to do is i need to read the response header and then conditionally check it for 200 success and then extract the userid from the response.
Once its extracted i need to attach it with another request; which i need to send to getUserData external url
which will get back to me with required user details.
I am successful of extracting data and doing conditional check. I am seeking help for
how do i send another request to getUserData external url.
You need to use a few policies in your proxy.
For example
For checking a header and throwing an error, you may want to use rasie fault policy conditionally
For making an API call to external end-point you can use service callout policy or a standard target
For exrtacting response data from json or xml payload you can use json path of xpath policies
and so on.
I suppose you may want to take a look at a few sample proxies with these functions to be able to design your own.
Check this link out. http://apigee.com/docs/content/using-sample-api-proxies
I want to redirect my users browser using HTTP code 303 to a GET URL that I secure using HMAC. Because the request will come from the users browser, I will not have fore-knowledge of the request headers. So I am generating the HMAC hash using the values of the HTTP method and URL only. For example, the URL I want the browser to do to might be:
GET /download
?name=report.pdf
&include=http://url1
&include=http://url2
This create report.pdf for me, containing the contents of all the urls specified using the include query param.
My HMAC code will change this URL to be
GET /download
?name=report.pdf
&include=http://url1
&include=http://url2
&hmac-algorithm=simple-hmac
&hmac-signature=idhihhoaiDOICNK
I can issue HTTP 303 to the user using this URL, and the user will get their report.pdf.
As I am not including the request headers in the signature, I am wondering two things:
1) Can a would-be attacker take advantage of the fact that I am not signing the request headers?
2) Is there a better way to achieve what I am trying to do?
When I realised that what I am talking about here is a signed URL, I checked the Amazon Docs and found "REST Authentication Example 3: Query String Authentication Example" in this document: http://s3.amazonaws.com/doc/s3-developer-guide/RESTAuthentication.html.
This example is about a signed URL for use through a browser. About signing the headers, the document says:
You know that when the browser makes the GET request, it won't provide a Content-Md5 or a Content-Type header, nor will it set any x-amz- headers, so those parts are all kept empty.
In other words, Amazon leave the headers out of the signature.
Amazon make no mention of potential security holes, so until I hear otherwise (or get hacked :) ), I will assume my approach above is fine.
A server side service is populating the database. I send a http request from my application with some metadata information from the document and I want the server side service to generate a unique uuid for this document and populate the db with the doc uuid and metadata and send back the uuid to me. Should the client be executing a PUT request in this case or a POST. I only want one record of the document metadata and uuid generated for it.
PUT is generally used to overwrite and replace or create a resource.
I think that is what you should be using here. For example:
PUT /document/ HTTP/1.1
Host: example.com
And have it return a UUID and metadata for the document.
And quoting from another SO question:
I think one cannot stress enough the fact that PUT is idempotent: if
the network is botched and the client is not sure whether his request
made it through, it can just send it a second (or 100th) time, and it
is guaranteed by the HTTP spec that this has exactly the same effect
as sending once.