I'm trying to build a Facebook Messenger bot with Meteor. Setup includes looking for the Verify Token and respond with the challenge sent in the verification GET request. In Facebook's (non-Meteor) sample app, the following code is used:
app.get('/webhook', function(req, res) {
if (req.query['hub.mode'] === 'subscribe' &&
req.query['hub.verify_token'] === VALIDATION_TOKEN) {
console.log("Validating webhook");
res.status(200).send(req.query['hub.challenge']);
} else {
console.error("Failed validation. Make sure the validation tokens match.");
res.sendStatus(403);
}
});
When I try to achieve the same functionality using the following (Meteor) code, I receive the error below.
var bodyParser = Meteor.npmRequire( 'body-parser');
// Add two middleware calls. The first attempting to parse the request body as
// JSON data and the second as URL encoded data.
Picker.middleware( bodyParser.json() );
Picker.middleware( bodyParser.urlencoded( { extended: false } ) );
// ------------------------------------------------------------
// HANDLE THE INITIAL HANDSHAKE WITH FACEBOOK VIA A GET REQUEST
// ------------------------------------------------------------
var getRoutes = Picker.filter(function(req, res) {
// you can write any logic you want.
// but this callback does not run inside a fiber
// at the end, you must return either true or false
return req.method == "GET";
});
getRoutes.route('/webhook', function(params, req, res, next) {
if (params.query['hub.verify_token'] === '78750') {
console.log(params.query['hub.verify_token']);
// res.end();
res.end(params.query['hub.challenge']);
}
}); // end getRoutes
Error:
The URL couldn't be validated. Response does not match challenge, expected value = '1127215706', received='<!DOCTYPE html> <htm...
Perhaps this issue is due to it being run on the client rather than the server? If so, where should I put this code in order for it to be run on the server?
In addition, my browser console has the following error 12 times:
Mixed Content: The page at 'https://pfbe.meteorapp.com/' was loaded over HTTPS, but requested an insecure font 'http://themes.googleusercontent.com/static/fonts/inconsolata/v5/BjAYBlHtW3CJxDcjzrnZCIbN6UDyHWBl620a-IRfuBk.woff'. This request has been blocked; the content must be served over HTTPS.
What can I do to fix this problem?
Use Restivus
-You need to respond in the body with challenge and return it as a parsedInt
Related
I'm learning express.js and I'm stuck on one little problem.
How can I save sessions in the browser so I don't have to log in every time. I use cookie-session. I send the login data downloaded from the form for validation using the POST method to endpoint ./login. After successfully passing the validation, it saves sessions in this way: req.session.admin = 1;, and then using redirect, it redirects to the admin endpoint. After redirecting to ./admin, I try to read if there is a previously saved req.session.admin session. The above action returns me undefined, and the req.session itself returns an empty object {}. I tried console.log on the ./login endpoint and yes, everything is OK i.e. it returns 1 and on the ./admin endpoint it is undfined.
My question to you is: Has anything changed recently in the implementation of cookie-session (although I don't think so, because I do it according to the documentation available on npm), or do I need to install some package besides cookie-session?
Save the session
.post('/login', (req, res) => {
const { body } = req;
if (password === body.password && login === body.login) {
req.session.admin = 1;
res.redirect('/admin');
} else {
res.redirect('/login');
}
});
This is where my problem arises, because the session is not saved and each time the validation fails, I return to login
.all('*', (req, res, next) => {
if (!req.session.admin) {
res.redirect('/login');
return;
}
next();
})
Firstly, req.session.admin = 1 does not save session, but it assigns value to separate request. Each request is independent.
You have to return some information to client (e.g token) for further using. Token should be sent in each request in appropriate header and express should verify it.
What's more you should not send credentials in plain text.
What I recommend is to familiarise yourself with JWT concept https://jwt.io/introduction
I have the following Node.JS (ran with Express) code :
let app = express();
app.use(cors());
app.get('/callback', function (req, res) {
// your application requests refresh and access tokens
// after checking the state parameter
var code = req.query.code || null;
var authOptions = {
url: 'https://accounts.spotify.com/api/token',
form: {
code: code,
redirect_uri: redirectUri,
grant_type: 'authorization_code'
},
headers: {
'Authorization': 'Basic ' + (new Buffer(clientId + ':' + clientSecret).toString('base64'))
},
json: true
};
request.post(authOptions, function (error, response, body) {
if (!error && response.statusCode === 200) {
var access_token = body.access_token,
refresh_token = body.refresh_token;
fs.writeFile('test.txt', 'HELLO', function (err) {
if (err) return console.log(err);
console.log('Hello World > helloworld.txt');
});
}
}
)
});
console.log('Listening on 8888');
app.listen(8888);
The route is used as a callback for a request to the Spotify Web API, thus I can get an access token.
Spotify then redirects to the callback function above, you can see it in the URI by looking at "redirect_uri".
If you need more information about the Spotify Authorization Flow, see here.
Here's the URI I'm using to authenticate my app to Spotify.
https://accounts.spotify.com/authorize?client_id=CLIENT_ID&response_type=code&redirect_uri=http://localhost:8888/callback&scope=user-read-private%20user-read-email%20playlist-modify-public&state=PexBrjEzISHepTp7&show_dialog=false
CLIENT_ID is replaced by my real CLIENT_ID in the request I make
My problem is located to the file writing part :
fs.writeFile('test.txt', 'HELLO', function (err) {
if (err) return console.log(err);
console.log('Hello World > helloworld.txt');
});
When the callback route is called by Spotify, I have the string "HELLO" wrote in my text file, so the file writing is functional.
But even if it has finished writing the string, the Chrome page is still running and "pending" on the server. It runs for a few minutes and then crash by saying that the page didn't sent any data. Why ?
I've looked at this page talking about the methods of writing to text files, using writeFile and writeFileAsync, but using both of them didn't solved my problem.
EDIT: I don't really want to stop the Express process! I just want to be able to process another request :)
Any idea ? Thanks in advance :)
You aren't returning anything from your route, try adding res.send({})
In your get route you are not sending response, you must send response irrespective of writing a file was successful or not.
Add below code post writing to file (as well as in if error case)
res.send({YOUR_CHOICE_RESPONSE_DATA})
I am trying to implement this library here, which generates QR codes and all other kinds of codes.
The problem I have is making a request where I have access to both req and res object, since I will need to pass these to the library. In the documentation, they are recommending
http.createServer(function(req, res) {
// If the url does not begin /?bcid= then 404. Otherwise, we end up
// returning 400 on requests like favicon.ico.
if (req.url.indexOf('/?bcid=') != 0) {
res.writeHead(404, { 'Content-Type':'text/plain' });
res.end('BWIPJS: Unknown request format.', 'utf8');
} else {
bwipjs.request(req, res); // Executes asynchronously
}
}).listen(3030);
The problem is I already have a server created, and I simply want to call the library in a get request, without creating another server. I have tried
http.get('http://localhost:3030/?bcid=azteccode&text=thisisthetext&format=full&scale=2', (req, res) => {
bwipjs.request(req, res); // Executes asynchronously
}
)
which obviously didn't work as the callback only takes response as an argument.
I would like to use bare node in the implementation as this is the way my server is implemented, and I don't want to add a library (like Express) just for this scenario.
You are heavily misunderstanding the role of http.get
http.get is used to do HTTP GET call to that certain url. It's basically what axios or request or ajax or xhr or postman or browser does.
The url param of http.get is not route. It's literally is the url you want to hit.
If you want to handle specific route you have to do it in the http.createServer() handler itself.
Like,
http.createServer(function(req, res) {
if (req.url.indexOf('/?bcid=') != 0) {
//do something
} else if (req.method == "get" && req.url.indexOf('/?bcid=') != 0){
bwipjs.request(req, res); // Executes asynchronously
} else {
//do something else
}
}).listen(3030);
Check out the req or http.IncomingMessage for available properties that you can use.
I am trying to implement a Post-Redirect-Get design pattern into my code, which uses Express. What I have is:
var sessionVariable;
app.post('/user', function(req, res) {
sessionVariable = req.session;
// Sets a session variable to a token
sessionVariable.token = req.body.token;
// Redirect to /user
return res.redirect('/user')
});
app.get('/user', function(req, res) {
sessionVariable = req.session;
if(sessionVariable.token){
res.send('Logged in');
} else {
res.send('Not logged in');
}
});
What I expect to happen is when the user submits a POST request to /user, it will define sessionVarlable.token, then redirect to /user again where it checks if a token exists.
What ends up happening is I will submit the POST request, and through console loggging I can see that app.post fires, but it does not re-direct. Instead, it seems to get stuck on the page where the POST request was omitted.
What is the reason for this?
Edit: Any res will not fire under app.post, e.g. res.send('test') doesn't work.
I have posted this answer elsewhere: Understanding the "post/redirect/get" pattern
but here is the code that works for me:
app.post('/data', function(req, res) {
data = req.body;
res.redirect('/db.html');
});
Based on the info from the comments, you're making an AJAX request. Instead of making the client redirect from server-side, just do it client-side. Here's an example using Axios on the browser (you can do essentially the same thing with AJAX, just messier):
axios.post('/user', { token: 'tokenhere'}).then(function(response) {
// Status 200 means OK
if (response.status === 200) {
window.location.href = 'user'
}
})
I do have a running node.js script located in a server.
What i want is that it doesn't get directly accessed from browser and also i want that only certain domains/IP-s can call it!
Is it possible?!
Not sure how to distinguishing between accessing something from a browser as opposed to other software, but restricting access to some domains/IPs should be doable. The following (non production) code to restrict access to the localhost loop back might serve as a starting point:
function securityCheck( req, response, next)
{ var callerIP = req.connection.remoteAddress;
(callerIP == "::ffff:127.0.0.1" || callerIP == "::1") ? next() : reply404( response);
}
function reply404( response)
{ response.writeHead(404, {"Content-Type": "text/html"});
response.statusMessage = "Not Found";
console.log("reply404: statusCode: " + response.StatusCode);
response.end('<span style="font-weight: bold; font-size:200%;">ERROR 404 – Not Found<\/span>');
}
var app = express();
app.use(securityCheck); // restrict access
... // continue with app routing
See also more detailed SO answers to Express.js: how to get remote client address and How do I get the domain originating the request in express.js?