I am learning meteor and did the to-do project in meteor's tutorial. I was wondering how to hide some data from the client since files outside the server folder can be seen from the client.
Let's say a user does register to the app and want to call an external api to fetch some data and i use a secret to do so, and I dont want to expose this secret. Then I want to add this data that i got to the user collection.
Actually I use Meteor methods (ran by client and server).
Thank you.
You can do this in a Meteor Method. Put the code for this method in /server and it won't be shared with the client. You call the method from the client using Meteor.call()
Also note that it's good practice to put secrets in a settings file and to manage this file outside of your version control system. See Making Use of Settings.json
Related
I would like to use Amplify instead of amazon-cognito-identity-js in my lambda functions (to sync the cognito users with their profiles i store into another database).
On the client side everything works fine, but i am not able to use it on the server side.
I don't find any resources on the internet, and i am fighting since 2 hours trying to make it works, i start wondering if we are supposed to do that.
Does someone know how to configure Amplify by requiring only #aws-amplify/auth?
Auth.configure is not a function
Amplify Auth is actually designed to work with the browser. So it's not suitable for your lambda.
If you're using node then you will need to refer to the AWS SDK for JS instead.
I'm slightly confused about the availability of a collections, and exactly what happens when I use them in different places. I have a collection at /imports/api/clubs When I use it in my Meteor.methods it works fine. If I then import it into say a template file /imports/ui/pages/new_club.js and insert something into it, will it update the local cache only? Is the local collection reactive, i.e. will my helpers re-run?
A Meteor collection contains 0-N documents. A collection can be managed or unmanaged.
A managed collection:
is persisted via MongoDB on a server. It will survive either the client or the server stopping.
Exists only on the server unless it is published to the client via either the autopublish package or via one or more publications
the server automatically has read-write access to all documents in the collection
publications can be used to restrict the subset of the documents (both which documents and which keys) are available to any particular client.
changes to a collection on the server are automatically and asynchronously propagated to the affected client(s) via Meteor's DDP protocol which normally runs over WebSocket.
if changes are made to a collection from the client, the client's view is immediately updated (called an "optimistic update", part of Meteor's "latency compensation") and then the server attempts to make the same change. The server version ultimately "wins" in that changes from the server are asynchronously re-propagated back to the affected client(s).
An unmanaged collection:
exists only on the client
can be written to and read from only from the client
is not shared between clients
On the server side Meteor has access to the full MongoDB API. On the client side, Meteor has implemented "minimongo" which presents a restricted API. Minimongo is notably missing mongodb's aggregation framework as well as geo-queries.
Finally, to answer your specific question: yes, collections are reactive to changes made anywhere, either on the client you're on, by the server, or initiated on someone else's client
I am testing out this android chat application using Bluemix https://github.com/IBM-Bluemix/chatbot-watson-android
At some point in the conversation I will need to call a REST API/webservice to retrieve info about data that has been gathered and send it back to the user as a chat.
I don't want to do it from within the android application as the application wont work when I deploy it to another platform (e.g. slack).
Is there a way to call REST APIs from within watson?
I don't think the conversation service can do it directly, but can it link to another Bluemix service and use the result of that?
If you are already using some form of middleware this can be achieved by setting an action tag in the .JSON editor of the node that should fire the action. This then gets picked up by your middleware listener.
Alternatively try the new cloud actions feature that has just been released here https://console.bluemix.net/docs/services/conversation/dialog-actions.html#dialog-actions which is really simple and easy
I would create a server to intermediate the communication between your app (android) and the conversation service. This server could call/retrieve the required data before sending the conversation response to your app.
As you're using Bluemix, you could use Node-Red to easily do this.
Here is an example of an app that I made exactly this.
If you are starting with Watson and Bluemix, I strongly advice trying to use the Node-red starting pack. It's really easy to integrate Watson services and call REST API/web-services, even integrate with a database.
Here is a starting point to this:
https://nodered.org/docs/platforms/bluemix
Happy coding!
How would you use Firebase's simple login to allow users to upload music files.
As I understand it, it doesn't make sense to even think about storing audio files in Firebase's database which is why I would like to be able to store them on an external PHP server.
So, the question revolves on whether I can use Firebase's simple login system to allow users to authenticate to an external server.
I have seen Using NodeJs with Firebase - Security ... which gives some great insight, but then how would you enable the large file upload to the external server?
The technique from the answer you linked will work for your situation too, you just need to translate it into PHP and the Firebase REST APIs. Additionally, since the REST API isn't real-time you must add some kind of task queue that it can poll.
Your program would flow something like this:
User logs in to Firebase with Simple Login
User write to only a place that they can (based on security rules). The user also writes an entry into a task queue.
Your PHP server connects with a token that allows reads of all of the user's secret places.
Your PHP server polls the firebase every once in awhile to look for new tasks. If there's a new task, it validates the user and allows that user to post data to it.
All that being said, this is going to be pretty complicated. PHP's execution model does not lend itself well to real-time systems, and
I strongly recommend you consider some other options:
You're using a cloud platform, Firebase, for your realtime stuff, so consider a cloud service for your binaries too, like filepicker.io
If you really want to host the files yourself, use something that's more real-time like node.js. It'll save you the effort of constructing that task queue.
I have a meteor application (with meteor Accounts), and am building a mobile application. How do I authenticate users from the mobile app. I have a python webservice that can send data to mobile clients. But I have no clue how to authenticate from the external app.
I did look at DDP client, but there is no 'authenticate method'. Is there any way to do this with a pure python solution? I have access to the 'users' collection -> srp verifier and salt.
Note: Python srp didn't work. The salt and verifier generated by python srp are supposedly bytes. However I can't even decode them using bytes.decode(encoding)
It sounds like you want to use the out-of-box account management baked into Meteor, then surface a mechanism that your PHP code can call to show different information based on who is authenticated.
If that's correct, I think your best bet is:
Build a PHP DDP Client. Meteor isn't really built to expose webservices in a traditional sense, but rather surface what they call a DDP protocol for external sources to plug into the server-side publications. That said, I have not yet found a PHP DDP client, but here is one in node, and one in .NET. You'll want to build a PHP DDP client and then write a Meteor.method in the Meteor server code that you can remotely call from your DDP client to check for a user's authentication.
BUT, if all you're doing is surfacing marketing information in your PHP site, perhaps it makes more sense to either (1) keep the entire app in PHP and use a native PHP account management system, or (2) save yourself the trouble of the DDP overhead and write the exposed marketing page directly in the Meteor app? If you need to keep it from a different server, consider a simple iframe?
I just developed a DDP client for PHP, which might be what you need. Check it out here :
https://github.com/zyzo/meteor-ddp-php