What would be the best way to post data to Meteor's MongoDB collection ?
I tried initially using the Postman chrome extension, command-line tool like curl but did not find any luck.
The curl command that I use is :
curl -i -X POST -H "Content-Type: application/json" -d '{"hacker":"fromcurl","score":100}' http://localhost:3000/players
OUTPUT:
HTTP/1.1 200 OK
vary: Accept-Encoding
content-type: text/html; charset=utf-8
date: Tue, 17 May 2016 00:37:44 GMT
connection: keep-alive
transfer-encoding: chunked
<!DOCTYPE html>
<html>
PS : players is the collection/table name
Take a look at DDP, Meteor uses this protocol to communicate between client and server. DDP is simple and based on JSON. Meteor’s DDP currently based on WebSockets and SockJS. That's very helpful. I have a case that Websocket cannot work in local LAN network but the connection fall back to SockJS, then everything work fine, that's great!
An example implement DDP communication between Meteor and Python.
Simply create a Meteor method:
Meteor.methods({
clientProcessData: function (data) {
console.log(data);
// Meteor post data to MongoDB code here
},
Follow the instructions from https://github.com/hharnisc/python-meteor to install python-meteor client and connect to Meteor server.
You can call Meteor method from Python by:
client.call('clientProcessData', ["This is a test"], callback_function)
Not sure are there any other DDP clients of other programming language, but in my case, python works great!
// Update: There are many of them, but I'm so new here that afraid of posting external link, so please do a simple "DDP client" search on google.
Related
I have been reading multiple articles on how to sniff and subsequently use the data obtained to interact with closed source apis recently.
I am concentrated on the tinder api since it seemed to me ample research had been done already on it, hence it would be easy to learn from.
http://ttcubicle.blogspot.com/2015/03/reverse-engineering-tinders-api.html
http://ec2-52-42-144-243.us-west-2.compute.amazonaws.com/tinder/
Althrough I managed to sniff the authentification between the tinder app on my phone and the server through fiddler, I am not able to actually simulate that login using curl on the command line
----- Below is the request send from my phone to the server --- for obvious reasons I changed my actual data ----
POST https://api.gotinder.com/auth HTTP/1.1
platform: android
User-Agent: Tinder Android Version 6.5.1
os-version: 23
Facebook-ID: 10151935000326599
Accept-Language: en
app-version: 1955
Content-Type: application/json; charset=utf-8
Content-Length: 257
Host: api.gotinder.com
Connection: Keep-Alive
Accept-Encoding: gzip
X-Auth-Token: ccXX9a-4a99c-4e32-8154-9b21asf5eec
{"facebook_token":"EAfasfasfasfN6solZAh8M3kwxsP1JzF6OBDocdNUEyxd8tsVCN6kWZA6fArZB0T5dZArmdVvKAXUuQZCOtoVZBPasfzUMz9RfFoSpEifEVm7bAIspEerbLKRgW3DCpHHuxVyZApr1koAHhIjCGtxUZAAZAtDvTTbayrkF","facebook_id":"111111119","locale":"en"}
My knowledge regarding POST / Headers and all of these things is still a bit shacky (thats why I am trying to re-enact) but from what I understand that next step should be to send a POST request with curl that sends the X-Auth-Token in the header and facebook_token and so on in the data part.
something like this:
curl -H "Content-Type: application/json" -H "X-Auth-Token: cc5555a-499c-4e32-8154-9b25555ec" -d '{"facebook_token":"EAAGasdpsBAEzbJDJdcHXLjKpDjN6solZAh8M3kwxsP1JzF6OBDocdNUEyxd8tsVCN6kWZA6fArZB0T5dZArmdVvKAXUuQZCOtoVZBPZBMTUJzUMz9RfFoSpEifEVm7bAIspEerbLKRgW3DCpHHuxVyZApr1koAHhIjCGtxUZAAZA555TTbayrkF","facebook_id":"101519555326599","locale":"en"}' https://api.gotinder.com/auth
However, no matter how I change the parameters around, I always get Errorcodes 500 or 401 thrown back at me. The maximum I can get is the server telling me that it excpects a facebook_token (which is obviously send in the data section)
Does anyone has experience with this sort of problem ?
Thank you
I just discovered phyton and... holyshit i am in love!
payloadauth = {"facebook_token":"EAA xxxxxx
header1 = { 'platform': 'android','User-Agent': 'Tinder, 'X-Auth-Token':'cblabla
with requests.Session() as c:
response = c.post('https://api.gotinder.com/auth',data=payloadauth)
response = c.get('https://api.gotinder.com/recs/core?locale=en', headers=header1)
print(response.json())
four lines of code...
I setuped single node Hadoop cluster to perform some experiments with HDFS. Via web access all looks good, I created a dedicated folder and copied file from local system to it using command line. It all appeared in web UI. After it I to get access to it via WebHDFS.
For example:
curl -i "http://127.0.0.1:50075/webhdfs/v1/?op=LISTSTATUS"
But after that I get:
HTTP/1.1 400 Bad Request
Content-Type: application/json; charset=utf-8
Content-Length: 154
Connection: close
{
"RemoteException":
{
"exception":"IllegalArgumentException",
"javaClassName":"java.lang.IllegalArgumentException",
"message":"Invalid operation LISTSTATUS"
}
}
The same error I receive on any another command.
I have no idea what went wrong here. Can it be caused for example by missing some components or anything else during setup?
For HDP you can use following URL (with default port):
http://x.x.x.x:50070/webhdfs/v1/?op=LISTSTATUS
For MapR cluster (with default port):
http://x.x.x.x:14000/webhdfs/v1/user?op=LISTSTATUS&user.name=YOUR_USER
I am building a Flask-based REST API and using Flask-JWT to handle JWT auth. I also want to use the built in roles management with Flask-Security. However, Flask-Security's #roles_required() decorator assumes I am showing a Flask view when it fails.
Here is my token endpoint (which is working as I want):
$ http POST localhost:5000/auth/token username='test' password='test'
HTTP/1.0 200 OK
Content-Length: 192
Content-Type: application/json
Date: Sun, 08 Nov 2015 17:45:46 GMT
Server: Werkzeug/0.10.4 Python/3.5.0
{
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE0NDcwMDQ3NDYsIm5iZiI6MTQ0NzAwNDc0NiwiZXhwIjoxNDQ3MDA1MDQ2LCJpZGVudGl0eSI6MX0.RFIeaLuvJNM9fDjFYFQ7sh_WaDVU-_aM7e46tVJzlBQ"
}
Here is a successful response to a resource that does not have any role requirement (using only #jwt_required) This is also working as I want:
$http GET localhost:5000/protected Authorization:'JWT eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE0NDcwMDQ3NDYsIm5iZiI6MTQ0NzAwNDc0NiwiZXhwIjoxNDQ3MDA1MDQ2LCJpZGVudGl0eSI6MX0.RFIeaLuvJNM9fDjFYFQ7sh_WaDVU-_aM7e46tVJzlBQ'
HTTP/1.0 200 OK
Content-Length: 25
Content-Type: text/html; charset=utf-8
Date: Sun, 08 Nov 2015 17:46:24 GMT
Server: Werkzeug/0.10.4 Python/3.5.0
<models.User[email=test]>
When I do the same for a resource that has roles required (such as admin in this example), it seems to assume I have a page to display such as /login which I do not since it is a headless REST API:
$ http GET localhost:5000/admin Authorization:'JWT eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE0NDcwMDQ3NDYsIm5iZiI6MTQ0NzAwNDc0NiwiZXhwIjoxNDQ3MDA1MDQ2LCJpZGVudGl0eSI6MX0.RFIeaLuvJNM9fDjFYFQ7sh_WaDVU-_aM7e46tVJzlBQ'
HTTP/1.0 302 FOUND
Content-Length: 209
Content-Type: text/html; charset=utf-8
Date: Sun, 08 Nov 2015 17:46:43 GMT
Location: http://localhost:5000/
Server: Werkzeug/0.10.4 Python/3.5.0
Set-Cookie: session=eyJfZmxhc2hlcyI6W3siIHQiOlsiZXJyb3IiLCJZb3UgZG8gbm90IGhhdmUgcGVybWlzc2lvbiB0byB2aWV3IHRoaXMgcmVzb3VyY2UuIl19XX0.CSEcAw.pjwXLeSWUsORXR-OU5AfFvq6ESg; HttpOnly; Path=/
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>Redirecting...</title>
<h1>Redirecting...</h1>
<p>You should be redirected automatically to target URL: /. If not click the link.
I know Flask-Security uses Flask-Principal behind the scene for its roles management (#roles_required, etc.) and it ties into the RoleMixin and UserMixin for the datastore which is very nice. However, if there is no way to get Flask-Security to just allow the resource through without using my JWT header, then maybe the best bet is to build my own decorators which uses Flask-Principal to manage the roles.
Does anyone have any experience with this? The idea is that the entire front end can and will be built in whatever language we need and that means it may not be Flask's templates/views which is what Flask-Security appears to be doing.
Thank you for any insight anyone can provide!
Instead of a redirect, you would want to respond with an HTTP status code 403.
Your best bet is indeed to create your own decorator to manage the roles, and move away from using Flask-Security entirely.
The author of Flask-Security has mentioned that there are better ways to secure APIs, and it makes even more sense as the library is not maintained.
Flask-JWT or Flask-JWT-Extended are perfect candidates for this task. The former would require a bit more boilerplate to get things going. There is a stale PR suggesting an API to support roles, that you could use to create your own decorator if you decide to go with Flask-JWT.
The Flask-JWT-Extended docs suggest a simpler solution that might fit your case. You should follow the custom decorators section of the documentation for the full example, but here's the decorator in the nutshell:
from functools import wraps
from flask import jsonify
from flask_jwt_extended import (
verify_jwt_in_request, get_jwt_claims
)
def admin_required(fn):
#wraps(fn)
def wrapper(*args, **kwargs):
verify_jwt_in_request()
claims = get_jwt_claims()
if claims['roles'] != 'admin':
return jsonify(msg='Admins only!'), 403
else:
return fn(*args, **kwargs)
return wrapper
This code looks for a roles claim in the JWT, and returns a 403 response if it is not admin.
I am using Grails 2.3.8 on a Mac.
I hope to use Grails to quickly develop a RESTful API. I started with the basic documentation for Web Services, found here for my version:
http://grails.org/doc/2.3.8/guide/webServices.html#domainResources
This seems to suggest that I can create a simple Domain Class in Grails, then annotate with the #Resource from grails.rest, as follows (straight from the docs above):
import grails.rest.*
#Resource(uri='/books', formats=['json', 'xml'])
class Book {
String title
static constraints = {
title blank:false
}
}
When I place this file into the grails-app/domain directory and run the app, the docs suggest I should be able to use cURL to add "Book" objects via HTTP:
curl -i -X POST -H "Content-Type: application/json" -d '{"title":"Along Came A Spider"}' localhost:8080/myapp/books
But this gives me HTTP 422, with the following message:
HTTP/1.1 422 Unprocessable Entity
Server: Apache-Coyote/1.1
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Date: Tue, 05 Aug 2014 01:46:05 GMT
{"errors":[{"object":"Book","field":"title","rejected-value":null,"message":"Property [title] of class [class Book] cannot be null"}]}
Can anyone advise as to what I am missing here? I expected this to be pretty straightforward.
As #raffian mentioned above in comment, this was due to a bug in Grails 2.3.8:
https://jira.grails.org/browse/GRAILS-11399
Upgrading resolved the issue.
Trying to mirror a local intranet site and have found previous questions using 'wget'. It works great with sites that are anonymous, but I have not been able to use it against a site that is expecting username\password (IIS with Integrated Windows Authentication).
Here is what I pass in:
wget -c --http-user='domain\user' --http-password=pwd http://local/site -dv
Here is the debug output (note I replaced some with dummy values obviously):
Setting --verbose (verbose) to 1
DEBUG output created by Wget 1.11.4 on Windows-MSVC.
--2009-07-14 09:39:04-- http://local/site
Host `local' has not issued a general basic challenge.
Resolving local... seconds 0.00, x.x.x.x
Caching local => x.x.x.x
Connecting to local|x.x.x.x|:80... seconds 0.00, connected.
Created socket 1896.
Releasing 0x003e32b0 (new refcount 1).
---request begin---
GET /site/ HTTP/1.0
User-Agent: Wget/1.11.4
Accept: */*
Host: local
Connection: Keep-Alive
---request end---
HTTP request sent, awaiting response...
---response begin---
HTTP/1.1 401 Access Denied
Server: Microsoft-IIS/5.1
Date: Tue, 14 Jul 2009 13:39:04 GMT
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
Content-Length: 4431
Content-Type: text/html
---response end---
401 Access Denied
Closed fd 1896
Unknown authentication scheme.
Authorization failed.
NTLM authentication is broken in wget 1.11, use 1.10 instead.
Curl is actually probably a better tool for fetching content from NTLM-authenticated web servers. You can get an equivalent function to your proposed wget command line by using:
curl --anyauth --user username:password http://someserver/site
I've seen references to being able to use the NTLM Authorization Proxy Server to get around these types of problems.
use --auth-no-challenge option (wget 1.11+) (it's now considered unsafe)
I found solution.
It is work-around for Basic auth IIS7.
When auth is successeful it send next http header:
'Authorization: < type > < credentials >'.
So we able to do authorization in browser and
copy this header params from browser (firebug addon) or generate:
$ echo -en 'username:password' | base64
dXNlcm5hbWU6cGFzc3dvcmQK
$ echo 'dXNlcm5hbWU6cGFzc3dvcmQK' | base64 -d
username:password
example:
$ wget --header="Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQK" http://example.com/