Well the title pretty much sums it up. I'm trying to add authentication to my app, but i'm hitting a LOT of errors.
I'm pretty new to nodejs and especially Loopback4 and i get stuck quite a lot.
For testing purposes i tried implementing #loopback/authentication but i'm encountering an error such as The key controller.current.ctor was not bound to any value.
I followed the tutorial to the letter and quadruple checked my code to make sure everything is fine. Where others say it works, for me it doesnt.
Either way, that was just as a test implementation. I'm trying to find a way to implement a better authentication which should look for user roles as well.
Lets say i want to create a blog api with loopback and i needs POSTS to be accessed by this -> Users who are authors. Users who have the role admin, moderator, etc and to restrict access to unauthenticated users.
LB4 documentation is pretty small and since i'm new to this i'm literally stuck. Any help, snippets, etc would be highly appreciated!
P.S: I'm using MySQL as my DB.
Related
After all the research on authentication methods related to nodejs and express js, I am standing in no man's land.
By far the easiest session related tutorial I have come across is this.
https://codeforgeek.com/2014/09/manage-session-using-node-js-express-4/
I am using mean stack and this is what I really want to do. The user when logins will get an authentication token that will be saved on the client side and then before every page reload a call will be made to the server to check if the user is authenticated or not.
Here comes the tricky part.
I am using the server to work for Computer - that is angular based system and cellphone which is based on android - an android application.
In short that means a user may login using his computer and cellphone as well (using the application) at the same time.
How to implement this is still a mystery for me. Please direct me to some tutorials or gits which will explain this things in simplest possible means.
Please don't respond with passport js only because I have failed to find anything meaningful there, or maybe it is possible that I am looking at the wrong place.
I am new to all this that is way this problematic.
Thanks for your help.
The most reliable way to implement the token based authentication is to use oAuth2.0 which also involve use of passport JS
Here , use this example as a reference point for implementing the token based authorization
http://scottksmith.com/blog/2014/07/02/beer-locker-building-a-restful-api-with-node-oauth2-server/
This sample code have fully functional OAuth2 server done with just a little bit of work. it uses OAuth2orize library that makes building server very straightfoward.
As you have mentioned that you are using Angular and NodeJS and want to implement Token Based Authentication.
I would suggest you use Satellizer.
Also you can find NodeJS implementation over here:
NodeJS Example.
My answer is for all the beginners out there. I read something similar in facebook's node js group and I think the problem I am facing is not unique.
The passport js which is very famous just works as a middle ware and if you have to include options like google authentication, facebook authentication etc. this is very useful as most of the work is already done and your middleware work is handled by this module.
But if like me you are searching for something simple and all you want is a proper authentication system with database then this might not be necessary, this = passport js module.
You are surely depending on one more module which is complex as well, if you want to implement token based authentication. In the end if you are handling all the authentication work in the middle by yourself, why should you use a module as well which increases complexity in the end.
I even took suggestion from other node js developers who have worked on this for good amount of time and they think it is okay to head without passport js if you are ready to work with middleware yourself and you don't need fb etc. authentication.
I hope this will help others who are new to all this.
Since the question referred to my article directly. Here is the token based implementation using Node.js as the answer.
https://codeforgeek.com/2016/08/token-based-authentication-using-nodejs-rethinkdb/
Hope it helps.
I am currently using meteor.js for a social networking application that I am building. Currently I am struggling to find the best way to design a newsfeed for my users. Users are able to follow each other and create posts that should theoretically go to their followers. I have come up with two possible concepts that would work theoretically.
I. When a users makes a post the post goes into the global database which every user is subscribed and listening to, and whenever a post is added the user checks to see if the parent if they are following the parent of the post, and if they are they display it onto their newsfeed.
This way seems horribly inefficient, but it is a way.
II. The other way would be for each user to have their own little "hub" or each user would just subscribe to and listen for change in the user's hub.
This way seems better but I would have to do a for-loop on startup and subscribe to each user manually. Which may cause a slight delay on startup.
I am thinking that option two will work best, but I am wondering if anyone has any suggestions on how to accomplish this task. Or if there is a standard way to go about this. Thanks.
Look at the reywood:publish-composite package. I'm doing something similar in my app and am using this package to essentially perform a join. In your case people are following people so when creating a publication that returns the set of users that a person is following you can at the same time return the union of all their posts.
Building scalable feed technology is quite a hard problem to solve. With Meteor it is even harder because MongoDB doesn't lend itself very well for the storage of relational data, since it is a non-relational database, and creating publications that publish 'joined' data isn't straightforward. A lot of articles have been written about the problem of building scalable feed technology, have you seen my article on using Meteor in combination with Stream to build a solution that fits your needs?
Another route would be to use an open-source framework to create the backend for your feed technology. Have a look at Stream-Framework, the repositories README also has a great list of resources on building scalable feed technology.
I would like to know, does anyone here have experienced dealing wth LinkedIn Javascript API's.
I'm a beginner in Javascript API's.Recently I've got a task where I have to create an application which can search the LinkedIn database based on the chosen skills.
For an example,user would want to find people who have a specific skill sets(for example java),they can input the skill set(by text or selection)and the application searches and returns all the people who match the skills set.
I've been reading through the documentation many many times and going through the forums but there dont seem to have complete reference to this.
Some of the answer's i've read is, it seems we can't search skills of the connection as skills are part of the full profile whereas search can only be done for basic profile's.
I've would like to ask,is this application possible to be developed? Is there any example for this application?
Do share your experience,
Thanks a lot in advance,
#Captain Jack,
If you are having some trouble, the first thing that I would request you to check is if your linkedin account through which you are creating your application/ Javascript API, has sufficient priviledges with Linkedin. There are certain levels of authorization that you may require if you would like to acquire more data from linked in.
The skills field is one such out of many that requires this authorization. Quote from linkedin website:
"Member profile fields available to Apply with LinkedIn developers
The following selection of profile fields are only available to applications that have applied and been approved for the Apply with LinkedIn program:
from - https://developer.linkedin.com/docs/fields"
So do you have this approval from Linkedin. If not then I dont think you're gonna be able to get this done.
Hope I have given you some info. Thanks.
I found the example for java, php and python on this link, it's available on this one too.
Try this add skill:(Java) into your api url
https://api.linkedin.com/v1/people-search:
(people:(id,first-name,last-name,headline,picture-url,industry,skill:(Java)),
num-results)?
first-name=parameter&last-name=parameter
Me and my startup app company is working on a turn based multiplayer iPhone application. Let it be said that neither one of us have any database, or server, knowledge whatsoever. Though, we are willing to learn.
The flow of the game will be similar to such games as: WordFeud, WordsWithFriends, Rumble etc.
Let me start of by where a lot of searching on the web has gotten us:
We have decided to use CouchDB as a tool for storing information about users, game sessions and other stuff. CouchDB is an open source noSQL database system. The reason is that we have been taught, that it should support a lot off concurring users. Besides, that it scales - we are hoping to go big, of course.
Our CouchDB, is hosted on IrisCouch. IrisCouch is an "in cloud" hosting service designed for running CouchDb.
So, we've got a CouchDB server up and running, and we know the basics on how to query data from the server.
Our biggest confusion right now, is how we should set up the system to work according to best practices. Right now we are at the point where we are able to receive and submit data to the server.
Our game is supposed to have Facebook integration, so that the users can register via our app or through Facebook. After that they can play with random matched opponents, or play with friends. After a match is started, one player will get a set of question to be asked, after he has answered, the other player should be notified, through push notification, that it's their turn. After a few rounds the game is finished.
At this point, we think this might be the best solution for the flow of the application:
A user connects to another user -> a game session is opened as a
document in a database called "games".
The newly created document contains both player names, question,
answers etc
A field named "whos_turn" decides which of the two players turn it is.
After the game has ended, the session is erased.
Again, and as you may see, we are in the dark as of how to really do it, but this is the general idea.
So, my questions goes as following:
Is it best to query the data directly from the iPhone application, or through a web service?
What is the best way to set up the database, to best manage the flow of the application?
Any information, that could lead us closer will be gladly appreciated :)
In advance, thank you!
Olav Gundersen
EDIT#1 : Our Objective-C programmer managed to connect two iPhone devices using CouchDb. The iPhone application consists of a table view, that has a concurrent connection with the database, so that when someone POST to the database, it shows up on the tableview of all the other connected phones. Behold: a severely ineffective chat system.
If is a multiplayer you would need to have the app to communicate to the remote iriscouch.db but I am concerned by the point where you state that neither you or your friends have any database experience. You are willing to learn so I think the best place to start is:
http://guide.couchdb.org/editions/1/en/index.html
There are several issue you might find with scalability if you plan to erase documents continuously. DB Size can be considerable on couchdb and you will need to compact &cleanup the db regularly. But I don't think is a major issue for now as this is at a start up level.
The question "best way to setup the database and best manage the flow of the application" should be addressed by your team. If you do not have someone with any database experience you should try to find someone willing to help you. It should be someone with extensive experience in databases. You might find some fairly reasonable professionals at http://www.odesk.com
In total honestly I don't think you will be successful if you don't have such a figure - either as a freelancer or contributor - to help you having a solid database logic in the game that will ensure a great user experience.
For example: have you considered the latency-delay issue by using a db based in the USA (Iriscouch) vs. where your users are located?
For this reason you might want to do as much as possible client side (embedded database like sqlite or touchDB that is essentially couchDB for iPhone)
For an iPhone application you might want to try TouchDB that is made exactly for that
https://github.com/couchbaselabs/TouchDB-iOS (caveat: being that you need connectivity to check turns etc this might not be the ideal solution but it could work to store some information locally).
To lay this out you would need someone with experience with couchdb to set up a proper, usable application. There is nothing wrong in being enthusiast about your idea but to make it a success you need a technical mind in the database side. Of course you might be well capable to learn this yourself. After reading the CouchDB book you should be in position to create a basic flow to fit your needs.
Of course other more experienced users might come with a more comprehensive answer or a sample layout but I don't think would be the best approach. Even if someone posts a full layout of the doc structure and how to query it how are you going to service the app if something goes awry e.g. sessions don't get deleted, conflicts etc. ? hence my sincere advice to get some ad-hoc expertise for your case.
This might also result in analyzing suitable alternatives. I don't think you should buy into the idea that CouchDB can scale and hence is the best/only option for you (of course this might well be the case and if you feel that is a good option..go for it). For example twitter, google adwords and many other online apps are using mysql to store their data so for sure CouchDB is not the only database that can scale!
I think this demo app could be a good example to follow: iOS Couchbase Demo
I wrote an application in Javascript that I put on facebook and would now like to integrate user information into the gameplay. I would like it to be similar to the way Words with Friends works, where the users' name and profile picture information are used to display the scores. To work best with the way my application works, being able to set the name and picture as variables seem to me to be the best way of doing this. Ideally I would also like to incorporate a way to select from a menu of the users friends which friend they want to challenge and send a request, and also record the users win/loss statistics. I have searched around and have not been able to find any guides on how to do this. If someone could point me to one or provide me with the code to do this that would be really great. I am somewhat new to programming and entirely new to Facebook applications.
Here is a link to what I have so far: https://apps.facebook.com/dotsandboxesgame.
This is a big topic and requires you to dive in the graph API which I assume you've looked at. In case you haven't here is the link
https://graph.facebook.com/
Basically, you need to ask a facebook user for permission to do certain things. What you want to be able to do with their account will be in line with what your application does. When a user accepts these permissions, you will have an access token that you can then use in a query string to query the graph API for any data available about that person (limited by what permissions you asked for from them).
It's then up to your code to interpret that data (JSON or XML) and then display it, interact with it etc.
Be warned, the Facebook API documentation can be quite vague. It is also hard to find certain topics, and Facebook constantly deprecates things. When they deprecate things they do tend to give a good amount of leniency for developers to update their code however.
Best of luck.