flask-socketio: before_send/after_send - flask-socketio

On flask socket-io, if there are 2 users connected and user1 sends a message to user2, how can I intercept the payload being sent to user2 (on the app context of user2, in order to modify it)? I do not want to modify the payload being sent by user1 (this would be trivial).
Logically, I guess there should be a way to intercept the event on the context of user2 just before the payload is being transmitted on the ws.
Thanks!

A monkey patching of custom_emit_internal did the trick. Hopefully, it will not break at the next update!

I think you are asking for a client-side feature. In the server, the only context that exists when a message is sent is that of the sender. The exchange goes like this:
client | server
---------------------------------------------------------------------------
user1 sends event to server |
payload includes msg for user2 |
|
| server decodes the msg payload in
| user1's context and sends msg to user2
|
user2 receives msg from server |
So as you see, in the server, user2 is not part of this transaction, only user1 matters. The server-side context for user2 may not even reside in the same server process, now that Flask-SocketIO can drive a farm of servers behind a load balancer. Also, the recipient of the event may not be a single user, it may be a group of users in a room, or even all connected users.
I'm not sure I understand the purpose of your request, but if you want to elaborate I may be able to provide advice.

Related

Forge webhook no callback

I can create a webhook for version added, but I get no callback.
If I send my own POST requests to the callbackUrl I can see them in the log.
The folder urn QU_6r8mIR8yIubm1K_fHmA is the Project Files folder of the Project.
If I use a callback to a https://webhook.site/ I do receive the callback - it is just acc.metroselskabet.dk that sees nothing.
It would be nice to know where the callback is supposed to come from. I have a suspicion that some of Amazon's servers may be blacklisted by Cisco.
Any ideas would be welcome.
autoReactivateHook FALSE
callbackUrl https://acc.metroselskabet.dk/webhook/default/call/packed_data.json
callbackWithEventPayloadOnly FALSE
createdBy umwNi161Og8dY7j4SFpw7EUWCOJGzMXp
createdDate 2022-06-10T09:23:39.323+00:00
creatorType Application
event dm.version.added
hookId dc9998e5-5ce6-40d3-b5c9-e2ea09ed56e0
lastUpdatedDate 2022-06-10T09:23:39.323+00:00
scope folderurn:adsk.wipemea:fs.folder:co.QU_6r8mIR8yIubm1K_fHmA
status active
system data
tenant urn:adsk.wipemea:fs.folder:co.QU_6r8mIR8yIubm1K_fHmA
urn urn:adsk.webhooksemea:events.hook:dc9998e5-5ce6-40d3-b5c9-e2ea09ed56e0
It looks like this is a problem with my Apache SSL. The requests reach the server but the connection dies on SSL Library Error: error:14094416. So nothing to do with Forge, but maybe something with the Amazon web servers.

Is there a mistake in the token validation documentation? Or am I getting this wrong?

In this section of the sign-in guide,
https://developers.google.com/identity/sign-in/android/backend-auth#using-a-google-api-client-library,
There is this code snippet
# Specify the CLIENT_ID of the app that accesses the backend:
id_token.verify_oauth2_token(token, requests.Request(),CLIENT_ID)
This correctly validates the token when I pass my server's client ID, but fails when I pass the android app's client it.
However, the comment suggests that it should be the android app's client ID that should get passed here! And that also makes more sense from a security perspective.
Further down, I can find the following Python code sample
# Or, if multiple clients access the backend server:
# idinfo = id_token.verify_oauth2_token(token, requests.Request())
# if idinfo['aud'] not in [CLIENT_ID_1, CLIENT_ID_2, CLIENT_ID_3]:
# raise ValueError('Could not verify audience.')
I have played around a bit and it seems to me that idinfo["aud"] key carries the client ID of the server, where as idinfo["azp"] carries the client ID of the client.
If I understand it right, in this line we are supposed to verify the client id of the android app client!
So it should read:
if idinfo['azp'] not in [CLIENT_ID_1, CLIENT_ID_2, CLIENT_ID_3]:
raise ValueError('Could not verify audience.')
I feel like I must be getting something wrong here, but what is it?

The bot does not wait sending messages even when given a condition

I am making a project on mobile-learning.
I am making a telegram bot that first sends a video to the user and if he is ready then sends the quiz.The bot does not wait for the ready condition and sends all messages at one go.I am using mysql database to fetches the video and quiz.
my code in handle(msg) that has problem is :
command=msg["text"].strip().lower()
bot.sendMessage(chat_id,"Say hi to see your options")
if content_type=='text' and chat_id in list1 and command=="hi":
video_link=get_fast_video_link(chat_id)
bot.sendVideo(chat_id,video=open(str(video_link),'rb'));print("video sent")
video_id=get_fast_video_id(chat_id)
list4=start_quiz(video_id)
id_q=list4[0]
question=list4[1]
answer=list4[2]
bot.sendMessage(chat_id,"Are you ready")
if command== "ready":
bot.sendMessage(chat_id,"Here is your question")
bot.sendMessage(chat_id,str(question))
if command==str(answer):
bot.sendMessage(chat_id,"You Are CORRECT")
bot.sendMessage(chat_id,"Let's move to the next video")
Instead of waiting for reply from user the bot sends all messages at one go.
I am new at making bots,and have basic knowledge,how can i make this project

FCM notification reply to server

There is a push notification service that sends a message from a web server to an app device. The app has onMessageReceived() method implemented. However, not all the messages are being delivered and I have read somewhere that the delivery_receipt_request field, when set to true then (FCM), replies to the server mentioning the message being either delivered or not. I want to know that how can I catch that reply from the app if the message is delivered to my sender's side code.
Option 1: Via XMPP
You need to run an XMPP client on your backend. This client should connect to FCM with your project parameters. You will then be able to process message delivery stanzas sent to you by FCM. Here are the baby steps:
Follow the steps in https://www.npmjs.com/package/node-xcs to setup the XMPP client, exporting environmental variables with your FCM project parameters.
You can send messages through there.
Listen for message delivery stanzas:
client.on('stanza', function(stanza) {
//HERE IS WHERE YOU PROCESS THE STANZA
console.log('Please process me. I AM, the stanza: ', stanza.toString())
})
The stanza you will get for message delivery will look like this:
<message id="">
<gcm xmlns="google:mobile:data">
{
"category":"com.example.yourapp", // to know which app sent it
"data":
{
“message_status":"MESSAGE_SENT_TO_DEVICE",
“original_message_id”:”m-1366082849205”
“device_registration_id”: “REGISTRATION_ID”
},
"message_id":"dr2:m-1366082849205",
"message_type":"receipt",
"from":"gcm.googleapis.com"
}
</gcm>
</message>
Currently only CCS (XMPP) supports upstream messaging. Knock yourself out.
Option 2: Via HTTP
Now, if you decide to use the FCM HTTP protocol instead to send the messages, then you will have to interpret the response that you get back when you make the HTTP call. You can tell whether the message was delivered or not by looking at the HTTP response header and the error in the body of the response. The structure of the response is described here: https://firebase.google.com/docs/cloud-messaging/http-server-ref#interpret-downstream
Again, knock yourself out.

Using a hash as part of id

I am building a REST service as part of my rails app, and I'm wondering if it is bad to expose the ID with a unique hash or timestamp appended to it for each resource.
What I want to achieve is that the client will then know if it has the same resource as the server, and if not, then update it.
An example:
the event resource would look like this in JSON
event: {
id: 123-kjkjlhhkh,
name: event-name,
date: somedate,
users: [456-sadasdasdas, 242-asfat4fdhs]
}
the client would have an event table and a user table, that would look something like this:
Events id | id-hash | name | date
--------------------------------------------------
123 | kjkjlhhkh | event-name | somedate
Users id | id-hash | username
--------------------------------------------
456 | sadasdasdas | oldusername
242 | kkskksksk | someusername
This means that we see on the client side that the user 242 has a new hash appended to the id, which means that the user resource has changed on the server and we can go grab it.
So the question is, is it better(more RESTful) to send the whole user resource (for all the users) together with the event, or to just send the ID:s with appended hashes and get the whole resources from the server in a separate call if they are different than the local ones?
I wouldn't mangle the IDs.
Technically, resources are identified by their URL. So if you have a different URL, you have a different resource. Also, having arbitrary IDs attached makes discovering and using your URLS really hard.
What you should do instead is to use ETags instead. These are typically used for caching of resources. An etag should identify a resource version so that a client use a request header like this:
If-None-Match: "686897696a7c876b7e"
to only get the newest resource if the server version doesn't match the provided ETag. In your case, you could just use your ID hash as an Etag. That way, you use standard HTTP mechanisms and don't have to reinvent the wheel.

Resources