how to connect with azure service bus topic with javascript - javascript

I am creating a mobile application with cordova(phone gap). I would like my app to talk with an azure service bus to post messages to a topic and read messages from a subscription.
I have found all kinds of details on how to do this with c#, java, python, node.js. However I haven't found any details on how to do this with pure javascript.
Is this possible? or must I use Azure mobile services and configure it to communicate with the service bus?

CORS - Cross-Origin Resource Sharing is now supported in windows azure for storage ,table and queues. So you access the REST api of these from javascript. Topics and Subscriptions are not mentioned here though. http://msdn.microsoft.com/en-us/library/windowsazure/dn535601.aspx
Also if you have not already check out Azure notification hubs which may help in your requirement. But mostly for notifications to cross platform devices.

You can use REST API to enqueue messages to a topic: http://msdn.microsoft.com/en-us/library/windowsazure/hh780786.aspx

Microsoft provides Service Bus REST API
https://msdn.microsoft.com/en-us/library/azure/hh780717.aspx
Microsoft provides two ways to authenticate
1. Azure Active Directory (Cordova project sample that uses AD)
2. Using certificates
If you want to do it using certificates, you need to generate the .cer and .pem files and upload the .cer file to your Azure portal -> Settings -> Management Certificate
You can then trigger a http request by passing your .pem file to authenticate your application

Related

Open API specification for Azure functions using JavaScript (Node js)

I want to add Open API specification to create swagger document for endpoints of Azure function app that is developed using JavaScript (Node js).
I understand this can be done in Dotnet Azure function app using the package Microsoft.Azure.WebJobs.Extensions.OpenApi.
Is there any such package available for Javascript Azure function? Or Suggest any other alternative to create documentation for Node azure functions?
We have two options available for integrating Open API specifications with JavaScript Azure Function which are MSAL and ADAL.
The Microsoft Authentication Library (MSAL) enables developers to acquire tokens from the Microsoft identity platform in order to authenticate users and access secured web APIs.
Using MSAL, a token can be acquired from a number of application types like web applications, web APIs, single-page apps (JavaScript), mobile and native applications. Check this Microsoft Authentication Library for JavaScript for more information.
Similarly, the Azure Active Directory Authentication Library (ADAL) for Node.js enables Node.js applications to authenticate to Azure AD in order to access AAD protected web resources. But since ADAL is being deprecated, it's recommend that you use the Microsoft Authentication Library (MSAL).
For more information check this Azure AD Library for JavaScript.

Does FCM (web) use WebSocket for the recipient of messages?

i just wonder how the "FCM" realy works on the web.
does it use websocket ,or it's a built in feature whit in
browsers (chrome,firefox ,...)
FCM (Firebase Cloud Messaging) uses HTTP and XMPP Server Protocol serving JSON and Plain Text both.
FCM Server Protocols
Currently FCM provides these raw server protocols:
FCM HTTP v1 API
Legacy HTTP protocol
Legacy XMPP Protocol
Your app server can use these protocols separately or in tandem. Because it is the most up-to-date and most flexible for sending messages to multiple platforms, the FCM HTTP v1 API is recommended wherever feasible. If your requirements include upstream messaging from devices to the server, you'll need to implement the XMPP protocol.
Please visit About Firebase Cloud Messaging Server | Firebase for more details,https://firebase.google.com/docs/cloud-messaging/server#choose. Hope it helps.
How exactly are web push notifications delivered to a user's device?
There are three actors involved with delivering a web push notification, along with a fourth, optional, component for advanced functionality.
Web Push Notification Service: Each browser, including Chrome, Safari and Firefox have their own notification delivery service. Chrome uses Google Cloud Messaging (and now Firebase Cloud Messaging ), Safari uses Apple Push Notification Service (APNS) and Firefox uses MDN servers.
Service Worker Registration: Developer must register the service worker on the browser. This is only for Chrome and Firefox. Safari while has added support for service-workers, Safari notifications are delivered using a different mechanism.
User’s Subscription ID: Subscriber ID is generated when a user opts in to receive notifications from a specific website.
Additionally an SDK (OS client library Software Development Kit) can be added to a web app for extended segmentation and analytics capabilities.

How to I secure API explore cloud endpoints by steps?

The API is a backend to a Web app and mobile app. I don't need user authentication. I simply need a way to secure access to this API.
I just need to ensure only web app and mobile app can talk to this backend and no one else.
If you are indeed using Google Cloud Endpoints, what you want is easy to do.
You need to log into the developer console and go under API Manager -> Credentials. There you can generate access keys for each of your clients. Then you add those tokens to your endpoints using the provided annotations. You cloud endpoints will only serve requests that come from one of the clients you have specified.

Create Node.js Website on remote server

I'm new to Node.js and I've been going through some tutorials. I've been able to make a simple web page in Node.js and run it as its own server from the command line on my desk top. However, I would like to create it to use it as a website that others can access, as well. Therefore I was wondering how can I host a web site built with Node.js on a remote server?
Option 1:
If you have public IP then you can host the website on your server
Option 2:
Find a service provider who can host your Node.js application. e.g heroku
I would recommend you check out Heroku. They offer a very simple hosting service at a variety of pricing tiers (including free) with a wide variety of add-ons. Deployment is as simple as pushing to a remote GitHub repository.

How to protect a private REST API in an AJAX app

I know that there are many similar questions posted, but none of them refers to an HTML/javascript app where the user can access the code.
I have a private REST API written in nodejs. It is private because its only purpose is to server my HTML5 clients apps (Chrome app and Adobe Air app). So an API key is not a good solution since any user can see the javascript code.
I want to avoid bots creating accounts on my server and consuming my resources.
Is there any way to acomplish this?
An API key is a decent solution especially if you require constraints on the API key's request origin; consider that you should only accept an API key if the originating web request comes from an authorized source, such as your private domain. If a web request comes from an unauthorized domain, you could simply deny processing the request.
You can improve the security of this mechanism by utilizing a specialized encoding scheme, such as a hash-based message authentication code (HMAC). The following resource explains this mechanism clearly:
http://cloud.dzone.com/news/using-api-keys-effectively
What you want to do is employ mutually-authenticated SSL, so that your server will only accept incoming connections from your app and your app will only communicate with your server.
Here's the high-level approach. Create a self-signed server SSL certificate and deploy on your web server. If you're using Android, you can use the keytool included with the Android SDK for this purpose; if you're using another app platform, similar tools exist for them as well. Then create a self-signed client and deploy that within your application in a custom keystore included in your application as a resource (keytool will generate this as well). Configure the server to require client-side SSL authentication and to only accept the client certificate you generated. Configure the client to use that client-side certificate to identify itself and only accept the one server-side certificate you installed on your server for that part of it.
If someone/something other than your app attempts to connect to your server, the SSL connection will not be created, as the server will reject incoming SSL connections that do not present the client certificate that you have included in your app.
A step-by-step for this is a much longer answer than is warranted here. I would suggest doing this in stages as there are resources on the web about how to deal with self-signed SSL certificate in Android (I'm not as familiar with how to do this on other mobile platforms), both server and client side. There is also a complete walk-through in my book, Application Security for the Android Platform, published by O'Reilly.

Categories

Resources