share a variable between computers using dropbox - javascript

I am making a website where users make posts all the posts are stored in a variable i save these variables in local storage and i host the site through dropbox public folder.
Sadly you can only see your posts because there in local storage.
Is there a way i could store that variable in a json file so other users can access it?
E.g.
var dump = "User post 1"
user 2 can see user 1's post and when they submit a post
var dump = "User post 1, User post 2"
I already have it working with multiple posts but i want to be able to share them on multiple computers
maybe the vars value could be stored in a .json or .txt and when a user posts it adds to that file in dropbox?

JavaScript in the browser does not have the ability to write files, making this idea unfortunately an impossible one. Further complicating things, Dropbox (last I checked) only "serves" static pages, meaning you can't use JavaScript to do an HTTP POST to a Dropbox-hosted file.
Alas, I think the answer is, "No, it can't be done like this".

Related

Saving filename in DB after uploading to GCP Storage or using bucket.getFiles()

I've been searching in StackOverflow, but it seems that this question has not been asked yet. It's an architecture question about files being uploaded to GCP Storage.
TL;DR : Is there any issue using bucket.getFiles() directly (from a server), rather than storing each filename in my db, and then asking for them one by one and returning the array to the client ?
The situation:
I’m working on a feature that will allow the user to upload image attachements linked to a delivery note. This delivery note can have multiple attachements.
I use a simple upload button on my client (mobile device), and upload the content in GCP in a path/to/id-deliveryNote folder such as: path/to/id-deliveryNote/filename.jpg path/to/id-deliveryNote/filename2.jpg etc…
Somewhere else in the app the user should be able to click and download on each of those attachements.
The solution
After the upload being done in GCP, I asked myself how to read those files and give the user a download link to the file. That’s when I found the: bucket.getFiles() function.
Since my path to files are all below the same id-deliveryNote/ prefix, I leverage the usage of bucket.getFiles(prefix) and after the promise resolve can safely return to my user the list of links available.
The issue
I do not store the filenames in my deliveryNote table in my DB. Which can sound a bit problematic, relying on GCP to know the attachements of one deliveryNote. The way I see it is that, in my way I do not need to replicate the information in our DB (and possibly handling failure at two spots), and if I need those files I will at the ask GCP to give me their links. The opposed way of thinking is that, storing the names you will be able to list the attachements for the clients, and then generating the download link, when the user click a specific attachement.
My question is: Is there any issue using bucket.getFiles() directly (from a server), rather than storing each filename in my db, and then asking for them one by one and returning the array to the client ?
Some point that could influence the chosen method:
GCP costs per call difference ?
Invalid application data structure ?
Other things ?
There is no issue with using this method to return the link for the files to download. In the API documentation for this method - accessible here - they even show an example of returning files using prefixes as well. You just need to look out that Cloud Storage actually doesn't use real folders and only names that look like they are in folders - more details in this case here - so you don't mix up concepts when working with names and prefixes.
For the pricing point, you can get the whole pricing for Google Cloud Storage in this documentation, including how much each operation will cost - for example, it will cost you $ 0.02 per 50000 operations for object gets, retrieving bucket and object metadata - storing data, etc. After you check that, you can compare with your database costs as well, to check it if this point will impact you.
To summarize, there is no problem for you to follow this. The advantage of storing the names on Database, it's actually that even though you could have failure in two spots, it's more probable for you to face issues in only one place and this way the replication would be a great thing to have. So, you just need to decide which one fits you best.

A simple data storage schema to restrict public access

I have been working on a library which enable a website to add a comment section to their website.
The idea was to keep it as lightweight as possible thus I preferred to use JSON for basic data storage like comment's message, website and username. All of these data is public and can be access directly via JSON. I don't mind this since comments are going to get display publicly anyway.
However, the problem arises when I want a user to be notified when someone replies to their comment. Email is there in input field but I don't want it to be stored in the public JSON file. Is there any other server side data storage schema where I can store the email privately and at the same time use those emails from server side scripts to send email?
MySQL and others will make the library clunky, so that's out of the list.
Or even beside these conditions is there any other possible way to do this?
What you need is APIs and not a data source. A data source is a truth where all data lives. Like in your example, if you have email in your data, it will always be there. Unless you keep email field separately.
The way is to create api that will output required data from JSON files (or database). You can choose to hide the data that you don't want to show.
This way, you only expose the api, instead of the file name directly, which has risks of being modified or altered or hacked very easily.
Other way without using API is to have multiple JSON files.
One file will have basic data, and other will have confidential data, along with a foreign key like unique key that'd map the confidential or other data with the main record.
Example:
Comments.json:
{
"comments": [{userId: 1, ...},{...}]
}
CommentDetails.json
{...}
Users:
[
1: {"username": "", "email": "asdas#asdas.com",...}
]
You can use a database like MongoDB, that stores JSON documents, to keep the data of users and comments.
Then, the users collection will not be sent completely to the user, filterint the emails and other sensitive data.
Create a second JSON file, or CSV file for that matter, which is kept private, that maps users to their emailIDs.
Interesting project you are attempting, btw. Good luck!! :)
Why not just use a .htaccess in a directory where the data is stored and use something like "Deny from All"?
Your scripts could access then, but no user's browser.
Assuming there will be a mail server involved, can you host a web service with two endpoints?
Endpoints:
sends emails; takes an sender guid instead of an email address
stores an email; takes an email address and returns a sender guid
This web service could then be used by your library from any www accessible server. At the web service host the emails could be stored in the format of your choice. You will also want to secure you web service to prevent others from triggering mail notifications.

How to store a json Object serverside and respond with it

I am trying to make a webpage and server where a user can enter in recipes and have them sent to (using JSON) the server and have the server store them in a file so that if the server is closed and reopened the user can request for something they've entered previously and can get it. I know how to send the JSON object both to the server and how to send the JSON object back to the client. I should note this can't use jquery.
What I need help with is how to store it in a file server side and get the contents from it later using a node.js server. They should all be stored in the same directory and I need to know how to get a list of the recipes in that directory. I've tried looking around but I can't seem to find the answer :(.
Example:
user makes a recipies
{ name:"cheese n waffles"
time:90,
ingredients:"cheese, eggs and waffles",
equipment:stove
};
Browser sends the JSON object to the server.
Client asks for a list of the recipes stored.
user asks for the recipe for spaghetti.
what I need help with:
server gets a list of the recipes it has stored
server takes the JSON object and stores it in /serverRootDir/recepiesStorage
server accesses /serverRootDir/recepiesStorage and gets the spaghetti recipe
You should be using a JSON based database such as MondoDB
It takes some learming however implementing with a text file will eventually become much more work and will function poorly
(Posted on behalf of the OP).
I have solved the problem. I will be using:
To read a file (access a recipe): fs.readFileSync() or fs.readFile().
To save a file (update a recipe): fs.writeFileSync() or fs.writeFile().
To get an array of files in a directory (retrieve the list of recipes): fs.readdirSync() or fs.readdir().

Restrict access to private images

As a photographer, I have my own website with a portfolio and such. I also have a log-in system for users, where I give them access to their own private images (it displays all images placed inside a specific folder - I do this manually for each user).
When a user logs in and sees his private images, he'll notice the URL says the following (when he downloads it/clicks it/etc):
www.mywebsite.com/FOLDER_NAME/IMG_123.jpg
By simply doing a bit of guessing, he'll be able to find other users private images. Of course this is defeats the purpose of having private images on my website, so I have to find a way around that.
At the moment, the user can only see his private images if his user_email (unique) matches userRow:
if ($userRow['user_email'] == "email#hotmail.com")
I'm not so sure what to search for. Restrict access to images wasn't a successful search query for me.
What can I do? I guess an option would be to call the folders something random, such as:
"Charles661846Xkdfdsnf34590u". That will be hard to guess, but I'm not so sure about security (as in if there are other ways to get access to the root?).
I have taken a look at Deny direct access to all .php files except index.php but that is not what I want exactly.
What can I do in this case?
I've programmed my site in php,html and a bit javascript.
If you need to restrict access to files only to a logged-in user, you should move all files from the web-root and put them in a place where you cannot access them directly through the web-server.
Then you serve the files after the user is authenticated through php. See for example the first example on the readfile() page of the php manual.
So when a user logs in, you store for example the user ID in a session variable and on top of the file-serving script you check if the id is correct / allowed access to that specific file.
Further to what Jeroen has said, you're on the right track in identifying that the folder name could be the weak point, and that it should be difficult/impossible to guess. There is no need to name folders after users; you can create a random 8, 12 or 16-char alphanumerical string and store that in the userRow as, perhaps, $userRow['folder_name'].
You can also put all user folders under a structure like http://example.com/storage/A97LD34B2 and ensure that the storage folder has an .htaccess file with:
Options All -Indexes
That's all you need in that text-only file. This, of course, assumes you have an Apache web server (by far the most common, especially for shared hosting accounts.) This file would prevent Mr Snoopy from navigating to http://example.com/storage and seeing a list of files.
Here are two S.O. questions that outline how to construct a password-protected members-only system:
Login into a website and get html from a page
PHP - Secure member-only pages with a login system
Note that each folder would contain an index.php file that would serve up files as jeroen described.

Does everyone shares the same javascript file?

So I'm using Javascript and ajax to connect to a database through an php file, but something came in mind.
If a User log in, the user data will be stored in my Javascript file tittle UserProces.js as:
Var Username = "James"
Var Age ="25";
(Data obtain from a query through a php: RetrieveUserData.php)
If 1 minute after James loged in, another user name Amy log in will the values of name and age of amy will effect the values of James? Since there is only one UserProces.js.
Of course NO! Each user is getting his local copy of javascript file.
The server sends each client that requests the page a copy of the javascript file it has stored. That copy is then in their browser and running there. Any changes to variables are done in that copy in their browser. They have to way (well, unless you set up something special) to change the original file on the server. Think of it like this:
I'm a teacher with a test document on my computer (this is the javascript file on the server). For each student who comes into the class and asks to take the test (a client requesting the page) I'm going to print off a copy in my printer and give them. They will then write their name on the test and fill in answers (assign values to variables). A student doing this doesn't effect anyone else in the class because they aren't changing the original document, they are just editing their copy.
Not a perfect analogy, obviously, but pretty darn close.
Also, addressing a comment made earlier, you probably aren't accessing the service "through a php file". You are using a php file to generate a copy of the web page for the user to view. Again, printing off a copy for the user, but in this case the php file gives a special set of instructions for exactly what should be "printed off".
Each user will load the same script file but all variables, objects and everything else gets stored by each browser, and even your browser doesnt share that info, which prevents one website to have access to variables on another website.
So, final answer is no. They will not share any info. Just load the same "base".

Categories

Resources