Kaa endpoint identification - kaa

Right now Im stuck with a problem. How to distinguish data received from various endpoints? I know each end point has an endpoint hash logged into the header part of the record.
But, how do I expose this to an external API which needs to query data received from a specific endpoint? Do I have to generate a unique identifier at the endpoint and use it in the log along with other fields, or
Does Kaa provide any endpoint identification that be exposed out of Kaa?
Any help is greately appreciated.

Related

How to create multiple devices automatically in Thingsboard and post telemetry data using HTTP Api

I'm using ThingsBoard to publish some data and I want to create multiple devices automatically using thingsBoard Rest client API and send JSON data (stored in a JSON file) to each one of them, I’m also writing a JAVA program to so but I was using only one device to send the data by copying the Access Token of the device so it can receive the data, however I don’t know how to do that if I have many devices to get the Access token automatically from each device.
I’ve been trying for a while to look for a simple method to do so but I’m a bit lost here.
Does anyone have an idea how can I do that.
Have a look at the ThingsBoard administration API described in this swagger https://cloud.thingsboard.io/swagger-ui.html
A few end-points will help you achieve what you need:
for devices already created manually, you can retrieve their credentials using
GET /api/device/{deviceId}/credentials
for devices without credentials, you can create some using
POST /api/device/credentials
Since you're working in the context of a Java application, I assume you already have a REST client with authentication to perform these calls.
What you can do is use GET /api/tenant/assets?type=telemetry&pageSize=10000&page=0
This will get all the devices of type telemetry, and then you can fetch the part where the token is. That request will return a list.

I want to know how the botbuilder listen,and where it listen?

We have created Robot on hipchat and yammer with hubot, and they worked very well.
Recently, our team want to create a bot using hubot on Microsoft Teams, but met some problems.
I read the guide document and find that we should first allow external apps in Microsoft Teams .We should ask our Microsoft Admin team to help to open this on. Now, we are review this with our security team about this.
There is something I want to get from you:
1.I find if I want to active the hubot, I should first set an endpoint, what is this used for? Why should we set this?
When we enterprise hubot with hipchat and yammer, we just need an account, set the user name and password, tell hubot the group
Name we want hubot join, and it worked like a normal user.
2.I found “#robot.router.post #endpoint, #connector.listen()” in the code,
So, how the botbuilder listen,and where it listen?
3.Are messages all transport by http? Is it safe enough?
I just went through setting up our Hubot in teams as we will be moving from Hipchat and thought I could answer some of these questions.
The endpoint is used to send messages to your bot since it does not join as a user like Hipchat. When run with the botframework adapter /api/messages is used for communicating with your bot by Microsoft.
I'm not certain where in the code it listens but you have to # mention the bot in order for the app in teams to send the message to the bot's endpoint
The endpoint has to be HTTPS, meaning you have to proxy Hubot. The endpoint also has to be publicly available, or at least available to the Microsoft IP range. However, I found there is authentication that happens:
while anyone can technically post to your api/messages endpoint, the message coming in has a JWT token signed by AAD to verify that it came from a proper source. The botbuilder SDK (package that this adapter relies on) does this check for every message. Every response is also authorized with a JWT token that your bot retrieves from AAD for us to verify as well.
Reference:
https://github.com/Microsoft/BotFramework-Hubot/issues/25#issuecomment-402223551

Understanding How to Store Web Push Endpoints

I'm trying to get started implementing Web Push in one of my apps. In the examples I have found, the client's endpoint URL is generally stored in memory with a comment saying something like:
In production you would store this in your database...
Since only registered users of my app can/will get push notifications, my plan was to store the endpoint URL in the user's meta data in my database. So far, so good.
The problem comes when I want to allow the same user to receive notifications on multiple devices. In theory, I will just add a new endpoint to the database for each device the user subscribes with. However, in testing I have noticed that endpoints change with each subscription/unsubscription on the same device. So, if a user subscribes/unsubscribes several times in a row on the same device, I wind up with several endpoints saved for that user (all but one of which are bad).
From what I have read, there is no reliable way to be notified when a user unsubscribes or an endpoint is otherwise invalidated. So, how can I tell if I should remove an old endpoint before adding a new one?
What's to stop a user from effectively mounting a denial of service attack by filling my db with endpoints through repeated subscription/unsubscription?
That's more meant as a joke (I can obvioulsy limit the total endpoints for a given user), but the problem I see is that when it comes time to send a notification, I will blast notification services with hundreds of notifications for invalid endpoints.
I want the subscribe logic on my server to be:
Check if we already have an endpoint saved for this user/device combo
If not add it, if yes, update it
The problem is that I can't figure out how to reliably do #1.
I will just add a new endpoint to the database for each device the user subscribes with
The best approach is to have a table like this:
endpoint | user_id
add an unique constraint (or a primary key) on the endpoint: you don't want to associate the same browser to multiple users, because it's a mess (if an endpoint is already present but it has a different user_id, just update the user_id associated to it)
user_id is a foreign key that points to your users table
if a user subscribes/unsubscribes several times in a row on the same device, I wind up with several endpoints saved for that user (all but one of which are bad).
Yes, unfortunately the push API has a wild unsubscription mechanism and you have to deal with it.
The endpoints can expire or can be invalid (or even malicious, like android.chromlum.info). You need to detect failures (using the HTTP status code, timeouts, etc.) when you try to send the push message from your application server. Then, for some kind of failures (permanent failures, like expiration) you need to delete the endpoint.
What's to stop a user from effectively mounting a denial of service attack by filling my db with endpoints through repeated subscription/unsubscription?
As I described above, you need to properly delete the invalid endpoints, once you realize that they are expired or invalid. Basically they will produce at most one invalid request. Moreover, if you have high throughput, it takes only a few seconds for your server to make requests for thousands of endpoints.
My suggestions are based on a lot of experiments and thinking done when I was developing Pushpad.
Another way is to have a keep alive field on you server and have your service worker update it whenever it receives a push notification. Then regularly purge endpoints which haven't been responded to recently.

Firebase REST streaming for multiple users

I have a server that needs to receive real time updates from Firebase, for multiple users, where each user grants Oauth access to his Firebase data to my app.
My server is implemented using Firebase REST Streaming, based on Server Sent Events.
I need to know if there is a way to multiplex Firebase data pertaining to multiple users on a single stream.
I would like to be able to set up the stream with Oauth tokens pertaining to multiple users, and to subsequently receive real time updates pertaining to the multiple users on the same stream.
Otherwise, it seems that I need to maintain a separate stream per Oauth token, which seems to be non-scalable.
I think Twitter have a Site Streams feature like what I am looking for in their API, implemented via an envelope that indicates the user the message is targetted to.
Does Firebase support anything similar?
A single Firebase REST call will only monitor a single node. E.g.
curl 'https://samplechat.firebaseio-demo.com/users/jack/name.json'
You can control what data is returned from under that node with the orderBy, startAt,endAtandlimitTo...` parameters. E.g.
curl 'https://samplechat.firebaseio-demo.com/users/.json?orderBy="name"&startAt="Jack"'
There is no way to have a single REST request return data from different nodes/nodesets. So unless you find a way to gather all data you want to return under single node, where it can be returned by a single set of query parameters (orderBy, etc), you will have to execute multiple REST requests to get your data.
Note that the SDKs that Firebase provides internally use a web-socket protocol, so are not impacted by this limitation. If an SDK is available for your server-side language (e.g. node.js, Java), you could solve it by using that one.

How to tell different clients with SignalR server push?

I just finished one SignalR sample, the well-known Chat sample.
This sample just broadcast a chat message from one client to all the clients. What if we want to send message to only a specific client?
(I guess there should be some ID to identify each client. These IDs should be stored on server when clients subscribe to the server. And server can choose which ID to push message to. )
You have different way to map your user with a connection. You can compare the different ways in this tutorial depending on your requirements.
Another solution is to define 1 group per userId and notify the group when you want to notify a user (link). Be careful, groups are not secured.
Like Daniel describes you can use a group or use the hubcontext to get the context for a specific connection using the connection Id.
var client = context.Clients.Client(connectionId);
There are also several libraries that abstract SignalR, some of these comes with their own way of calling specific users.
I have made a library like this which is based on the Event aggregation pattern. It comes with a API to let you create code that determines which clients should receive a specific event
https://github.com/AndersMalmgren/SignalR.EventAggregatorProxy/wiki/Implement-constraint-handlers
Here is also a blog post I made showing how you can achieve declarative role authorization with my library, maybe it can give you some ideas.
http://andersmalmgren.com/2014/06/12/client-server-event-aggregation-with-role-authorization/

Resources