Track background location in webapp (service worker) - javascript

I'm wondering if it is possible to track location while a Webapp is backgrounded?
I've heard this functionality is in the pipeline for service workers, though I can't find any literature on exactly how to do it.
It would be fine to just save the location on the phone until the phone is unlocked and then send location data over a network when the user re-opens the browser/tab.
If it isn't possible with purely Web technologies, what would be the best way to do this. Could one build a native app to handle tracking capability and still have a Web interface as the main UI?
A bit of context
I'm developing an app for a charity that allows users to track themselves when out and about etc.. The users are likely to lock their phones when on patrol so I need to account for this. I've built the majority of the app as a Webapp and it would be an big (and boring) task to rewrite it as a native android and apple app!

No, it is not possible for privacy reasons. You also cannot do any sort of accurate scheduling via the Service Workers when the app is in the background, eg. use setTimeout or so (throttled by the browser).
You've probably read about the background sync API which allows you to ask the Service Worker to submit some data when a connection is available. With this API you can implement retry for form POSTs and stuff like that but not have the location tracked. Find out more here: https://davidwalsh.name/background-sync

Related

How to send messages using WhatsApp API properly?

I would like to implement notifications through WhatsApp API into my app. I've done lots of research but I couldn't find anything official.
Officially WhatsApp API Bussiness exists, but it is a beta version and only for companies that send massive volume of messages (1 million+). There is also Twilio, it requires a business approval and I got denied because (again) my volume requirement isn't into the millions of messages per month.
Unofficial libraries exist that potentially could get the job done. I looked into it and the one that I was contemplating seemed to be unreliable. But is this really the only way?
Since the start of pandemic I've been receiving all sorts of ads with apps that offer WhatsApp notification for orders and customer services... how are they doing it? I know they are small businesses, so there must be a way.
My app was built using JavaScript/React, any information is appreciated.
I think what you need is this-
These provide APIs that you can use in your App.
Moreover WhatsApp will terminate your account if you use tools other than officials ones.
I haven't tried this, but have used this for other web related tasks. Since WebWhatsApp runs in the browser on a PC, a VERY hacky way of doing this might (using a normal account) be as follows:
Web WhatsApp on the browser.
Selenium plug-in for the browser.
Java/C# or other programming language with Selenium libraries.
Then:
Record a macro in Selenium of your typical WhatsApp message (Search for contact, select contact, type message, send).
Manipulate the macro in C#/Java.
For anyone with time it's worth a try.

peer to peer (p2p) connection between smart tv and smartphone

So, I program for a couple of years now and I only programmed websites. However, I wanted to make a Web App for my LG TV and already downloaded the SDK, ide, emulator, etc.. And it was pretty easy to get a basic App that works fine. I also used PhoneGap (used to make mobile apps with HTML, CSS, js, node js) to do the same App for my android phone.
So my problem is that I need a way to get p2p (peer to peer) connections between my tv and my smartphone. I want to do a simple game, where the tv is used as a monitor and the phone as a controller. However, I don't want to use a web server. You should be able to play it, without an internet connection, but with a wifi network.
I already looked for WebRTC, but I didn't understand how it works, to be honest. I also read something about socket io. From what I have understood is, that the tv needs to run an HTTP-server and then the phone needs to connect to it? But then, the smartphone somehow needs to know the IP of the HTTP-server. Otherwise, you would have to type the IP every time you want to play.
I don't need a finished code, just a point where I can start and an explanation.
Thanks!
Turns out, there is something called ConnectSDK which solves my problem (It works not only with LG TV's but also with 7 different platforms). The SDK is made by LG, however it took me 8 months to find it.
Why? Because LG is not telling you about this SDK on their own page for TV developers... Even though creating a websocket server on the phone and make the TV join this server by manually typing the ip works, however ConnectSDK provides a much better user experience.
It feels like they don't want that people programm good apps for their TV's.
LG communication skills: 1/10
Given the specifics of the project (small lan), to bypass the necessity of inputing an ip adress, i usually do :
1- Retrieve the phone ip address and subnet with phonegap js api;
2- Scan the subnet range for http server with a predefined route to identify the smart tv app(at most 255*255 adress to scan for big lan; with js its easy to parallelise hundreds/thousands of simultaneous requests);
----> this route should output something readable identifying the appliance, in case of multiple results.
3- Display the list of results on the phone; retrieve user input; then connect.
You need to use websockets (hence, why not socketio implementation) to be able to do real time interaction with small delay given the parameters of your project.
Enjoy !

Secure way to store sensitive API details of users (localStorage or database?)

I am playing around with the idea of creating a website for cryptocurrencies, where a user can sign up on my website, enter his API details for one of the exchange markets that I will support, which allows him to trade on that exchange, but using my “more user friendly” web interface.
My main goal is to create a more user friendly interface than what most exchange websites offer. I am not hooking directly into any cryptocurrencies or wallets, all I do is use the API of existing exchange markets, relay the information to my website, where I have a more user friendly interface.
Since this is a very sensitive subject in regards to security, I am trying to figure out, what the best way would be to store the API details of the users.
In general I don’t like the idea of storing the API details on my database server, nor on my server in general. The thought of having my website hacked and all the API details being exposed is terrifying. Of course each exchange website that supports APIs has their own security built in, such as API sessions with 2FA, IP restrictions, weekly generations of new API secret keys, daily trading limits via API, and not allowing withdrawals of wallets via API. But damage can still be done if those API details get stolen.
I would prefer if there would be a way where I would not need to store the API details on my server at all, but rather have the user save them locally on his PC. That way he is in charge of keeping the API details secure.
This thought brought me then to the idea of creating a desktop app using electron (https://electron.atom.io/). That way I can still create the website the way I want, but it’s wrapped into electron, so it always run locally. Before I pursue this idea, I would like to keep investigating my previous idea of a regular website, as I prefer to have my website cloud based, SaaS, to prevent piracy.
So I wonder, storing API details of a user, without saving them on the server, what other options would I have?
Cookies? Probably not secure.
What about localStorage? https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API
Are there other options or am I too paranoid about this? Is it generally accepted to store sensitive API details on a database server along with the rest of the users details?
I think saving data in to users computers is wrong way, because when you will save user's personal data in to your server, you will be able to control security of your server, when it will be saved on user compputer the security of your server will be depended from users. Today we know many methods how to deceve users and I think, that the programmers must take care of his users. when you will save data in server db you can switch many methods, like email verification or verification by phone you can send message with some verification code, switch ssl service, also you can avoid on sql injection using a modern framework like Laravel or Yii 2, in any case if you will save user data in you server the security of your application will be depended of you.
if you will save user data in local computer, today hackers uses many methods to steal users cookies or methods to get a controll on pc, for example you can read this post
https://krebsonsecurity.com/2011/09/right-to-left-override-aids-email-attacks/
today hackers using this method, creates an exe file which extension on first look is docx or other some extension for example pdf and so on ...
but in real it is an exe file and it is runnable, user can download it, and run... I think you understood what can do hacker with users computers by this way, today so many viruses which even very professional users cant recognize.

Windows store app with Javascript or traditional web application?? For a rich interface desktop app

i know there are some articles about the differences, pros and cons between developing a web app and a winRT app, but i would like to ask you for your proffesional point of view about my personal situation, because after reading some of those papers, i´m still full of doubts.
I´m searching for the tools to develop a desktop app with these requirements:
Must be a "touch-first" application.
Its UI must have a rich and user friendly design (smartphone-like).
Its main job is to control some multimedia devices mainly through http or telnet (sockets or RS-232) propietary APIs, like video matrix, audio matrix, videoconference codecs, videostream codecs, IP cameras, etc.
It was already developped in another programming language (Netlinx),
and it had around 20 different modules to control different devices
or to give different user functionalities. So maybe it could result
in a "code hell" if developing in Javascript/WinRT??
With that in mind, i´m not sure if to focus to a web app (with .NET MVC pattern, for example), so we have an HTML/CSS modern UI and at the server side, control all the communication protocols with the external devices. I think that most of the touch gestures events could be handled in web and we´d have a clean application with the UI and bussiness separated... But this is not realy necesary because we are talking about a desktop app.
And at the other hand we have a Windows 8 App approach, with the benefits of a pure "touch-first" app. But what makes me feel unconfortable with it is the fear of that it can turn in a "code hell", like i said before, because Javascript is not the most organized of the languages (inspite the efforts of WinJS).
So, i would love to hear from people who has some Windows 8 HTML/Javascript experience if this kind of application is affordable with that technology or if it would be better to go for a server-client model.
Thanks for your advices!
EDIT:
Some more info:
It is a Windows desktop app, we don´t need to deploy it in any other platform, including Windows Phone.
Netlinx is a propietary programming language of AMX. It is a modular low level language.
A realy simplified example of how we manage the communication protocols is as follow:
User pushes a button.
/****** User UI *****/
//Receives button event
BUTTON_EVENT[UIdevice, buttonId]
{
push:
{
send_command deviceController, "START_VIDEOCONFERENCE"
}
}
//The UI receives orders from the controller
DATA_EVENT[UIdevice]
{
string:
{
...
if(data.text == "VIDEOCONFERENCE_STARTED")
//Set the button state to ON
on[UIdevice, buttonId]
}
}
/**** Videoconference controller ****/
//The controller receives orders from the UI
DATA_EVENT[deviceController]
{
command:
{
...
if(data.text == "START_VIDEOCONFERENCE")
send_string serialPort, "something_in_videoconference_protocol_to_start"
...
}
}
//The controller receives responses and asynchronous messages from the real device
DATA_EVENT[serialPort]
{
string:
{
...
if(data.text == "VIDEOCONFERENCE_STARTED")
//tell UIDevice to refresh button status
send_string UIdevice, "VIDEOCONFERENCE_STARTED"
}
}
So, the application has two main parts:
The UI that handles all the touch panel events. Which also has to manage the received messages from the controller.
And the controller, which has to start and keep the communication with the real device through serial port, telnet sockets or whatever, and send/receive the commands to/from the device; commands thrown from the UI events. So, the controller has a background task to keep the conection with the device alive and to listen to its asynchronous messages, and foreground tasks to listen the UI orders to send the corresponding commands to the device.
Sorry for the loooooooooooong question, but i´m just trying to explain it the best i can. If there is something that needs more explanation, just tell me.
Thanks again for your help!!
A web app is going to allow you to more closely mirror the current system architecture. In most control systems (AMX, Crestron et al), the central controller handles all the core logic and device communication then the detached UI merely provides user input events as well as displaying feedback. This is extremely similar to what you will achieve with the web app server/client separation and should be relatively trivial to implement.
That being said, opting for a native app will enable the server side to be dropped, bringing down the overall system complexity. Depending on the device comms being used this may require some additional hardware (RS-232 to ethernet gateways etc) to ensure communication can be maintained with all devices. The dominant drawback to this approach is that your entire system will become ephemeral. That is, you no longer have a persistent component (the server side) which is tracking all of the device states and is available to respond to device generated input. This may not have a massive impact for your use case, however a lot of these systems will be composed primarily of linked device behaviours (i.e. incoming videoconference call triggers display activation, signal routing, user alerts, or motion sensing from the IP cameras triggers changes to the lighting system etc). Additionally, when you are dealing with the user, you will need to first collect system state in order to show appropriate UI via polling devices which will impact latency of the UI. Depending on your device API's, some of this information may only revealed via asynchronous events during device operation. Assuming the host devices are maintaining connectivity to the various system components (not disconnecting from the network or being turned off) some of the above will be able to handled by background tasks in RT however there's limits on these in regards to allowable CPU usage, event scheduling and network usage. These are also split into two classes depending on if the app has been placed on the users lock screen. Further details on this can be found on MSDN.

Offline Web Apps and database sync

I need to ask for some advice regarding offline web applications and database sync.
Offline Scenario
We have a web site (HTML5) that needs to operate in an offline mode for extended periods of time with complex data, the product owner does not want the data put into local storage.
We have two options as I see it;
Use javascript to detect if we are offlline and if so point the urls to a local web server that replicates the stack at the data center and writes to an offline db
◦Biggest stumbling block is how, on the first load if you are offline do you get the location (URL) of the local web server? i.e. user goes to www.xyz.com, but you are offline so
Question 1: how to redirect him to localhost.xyz.com via javascript for that first call
Point all calls at the client , offline or not to a wcf service that checks offline status at the NIC and redirects every web and service call to the correct place
◦seems like a big job,
Question 2: is there any product/ opensource project you guys know off that does this?
Sync Scenario
•They want to use MS sync framework
◦But they have many clients syncing to different database, so you either need 1 sync service per client or some way to identify who the client syncing is and point them to the correct place
◦Need to minimize locking during sync as other clients are using the same tables during sync
Question 3: can the sync framework be extended to even do this
Question 4: What other options exist for database sync on MS platform?
Thanks
If the user puts the URL into their browser, they are going to go that URL. There is no javascript at that point. You would only have Javascript once a page is loaded. You will have to search for a better solution.
Here is an idea: Users ALWAYS go to the local website, and if the remote site is up, then you redirect them.
In terms of MS sync I do not know what it is, so I cannot help you there.
Re What other options exist for database sync on MS platform: there is also SQL Azure Data Sync, a windows azure web service. It is actually built upon the Microsoft Sync Framework you refer to.
There is an example in the book "Programming Microsoft SQL Server 2012" by Leonard Lobel & Andrew Brust (MS Press) - chapter 13 covers building occasionally connected systems that incorporate SQL Azure Data Sync, Windows Azure and the Windows Phone 7 development platform. In the sample solution, on the back end, an on-premise SQL Server database is kept synchronized with a public facing SQL Azure database in the cloud using SQL Azure Data Sync. The cloud database is exposed using WCF Data Services (also hosted in the cloud by deploying to Windows Azure) and consumed via OData by a mobile client application running on a Windows Phone 7 device. The sample solution detailed in the chapter demonstrates how these technologies work to keep data in sync across on-premise SQL Server, SQL Azure databases in the cloud, and local storage on Windows Phone 7 devices.
Sync Framework do not lock tables when synching.
depending on what client database you want to use on the client, you can either use Sync Framework itself which works with MS databases (SQL CE, SQL Express,LocalDB,SQL Server, SQL Azure) or you can use the Sync Framework Toolkit
whichever platform you choose, i would suggest simply writing to the local store and synching it rather than dynamically choosing which store to use when.
for example, if you went offline and you wrote to the local store. then your network monitor detects you are back online and redirects you to the online service, what would you do with the data you stored locally? or you transacted online and you suddenly went offline, how recent/updated is the local store for you to actually starting working agaisnt it?
You could use Service-Workers to make the website work while users are offline. see: Making PWAs work offline with Service workers. This allows your website to work for the users if they are offline (they need to have internet at least once every 24 hours).
Service-Workers also allows you to detect when your user is offline or online, and you can for example use the IndexedDB to store your offline changes and then synchronize them when the user is online again.
I don't know about MS Sync.

Categories

Resources