I need to get some spam messages from a set of gmail inboxes and post them to a server.
My initial idea was to write a chrome extension, which when installed would be activated every time the user visited its inbox, but I couldn't do it that way, since there is no access to spam messages (just unread ones through a XML file).
Then I discovered google APP script and succesfully wrote the script I needed.. but the problem is, how can I use that script for other accounts? At the moment a user needs a lot of configuration to make it work (script has to be shared, user has to install google app script, set a trigger for the function).
IS there a user friendly way to make this work? Even in other ways? I have no access to inbox passwords though.
Thanks in advace.
You should design a User Interface, deploy your app as a webApp with parameter 'run as user executing the app' and add the trigger creation in the script itself.
All this should not be too hard...
Feel free to ask for assistance if you meet some issue.
In this case don't forget to post your code if you want useful tips.
Related
I am trying to figure out if it is possible to click on a button on the Amazon website from outside of the website.
For Example: At the bottom of every product review is a "Helpful" button. If a review was helpful, the reader/shopper can click this button to let the reviewer (and Amazon) know that the review was helpful. (It's basically a "Like" button).
What I'm trying to accomplish:
I want to post my reviews on my own website/blog and still obtain "Likes" without asking readers to click a link to a product page, then search for my review, then click the button.
You probably won't be able to do what you have in mind.
JavaScript can generally access information on another domain except if specifically configured in the origin website through CORS. Unless you own amazon.com, you won't be able to configure amazon's CORS headers to make them accessible to some JS running on your website.
You can however, from your website front-end, make a request to your website back-end that would be able to access amazon's data just like your browser does. Using a browser emulator like Puppeteer, you'll be able to launch an amazon page and programmatically retrieve infos, click on things and do other stuff.
However, the page that Puppeteer will be able to spin up will include credentials (cookies, localstorage content, auth token, etc) provided by your server, so Puppeteer will not see the same amazon.com your user sees on his browser, unless your user agrees to give you its amazon credentials, and at this point I'm pretty sure no user would do that, and that would not be authorized by amazon's terms of services.
TL;DR even if what you have in mind is not impossible, it would weeks for your and your team to code a system that would potentially allow you to do that, and that's provided the law is on your side, which is probably not the case.
Since posting on the Disqus disqus forum seems to be a waste of time, maybe someone here can help.
I'm trying to use the OAuth2 flow to connect a Disqus user to my app's account system so I can monitor their activity (posts/comments/etc). I'm using Meteor for my app. I'm calling the OAuth2 authorize endpoint from my server code and passing the resulting HTML back to the client for rendering. This all works fine. But I'm seeing 2 problems on the client side. First, the HTML code returned from Disqus seems to be designed in a full page and the username/password fields extend across the entire window. I was expecting a dialog/modal popup like the one that Disqus provides when logging into a forum. I tried wrapping the HTML inside of a Boostrap3 modal window which mostly works except the username and password fields extend off the right side of the dialog box.
Ignoring the ugly UI the second problem is that when the user clicks on the submit link Disqus puts up and error page titled 'CSRF verification failed (403) - DISQUS'. I'm guessing this may be because the OAuth2 call was made from the server and the submit is coming from the client. If I copy the OAUTH2 url directly into the browser everything works fine. But I don't want to expose my API key and resulting code on the client side since that seems like a security risk.
All I really want to do is verify that the user is trying to connect their own account to my app (and not some other user). I'm not posting with their account so I don't need an access token (I'm calling user/details which just takes the API-key). So I've thought about creating a forum for my app and using the login endpoint to verify the username/password combo. But that dialog doesn't explain the scopes I'm asking for.
I've also considered building my own dialog box to prompt for the username/password, sending those back to the server and have the server "fake" the submit back to Disqus. But that is not a maintainable solution since Disqus might change the expected fields at any time. And it is ugly as sin.
Anyone have any suggestions? I didn't post any code since I don't believe it is a coding problem (and the code is a bit convoluted). But if anyone thinks it will help you help me, I'll be happy to post it. And, yes, I'm aware that not posting the code violates StackOverflow conventions. But I'm taking a chance that the powers that be will allow this post since Disqus support is non-existant and I don't know where else to reach out.
The basic problem was that I was using 'request' with forwarding enabled so that instead of getting the Disqus URL I was getting the Disqus authentication text. You need to render the authentication URL in a window, not the contents. That fixes the CSRF problem.
The next problem is that the URL returned by getAuthorizationUrl is bad. It is of the form 'nullhttps:...'. No idea where the 'null' is coming from, but stripping it off fixes that problem.
To make things easier for anyone looking to do this, there is a shiny new version of the Disqus NPM that includes OAuth authentication methods at https://www.npmjs.com/package/disqus.
I am on project in which user will give there site info. I will give him a widget code which he has to paste on his site.
On normal third party widget, if a user won't paste the code than it is his loss but in my project , if the code is not pasted , user won't affected rather its my loss. So I want a mechanism in which i could check if the code is pasted or not.
After a long search, I got clear view of what i want.
A mechanism/function which will check whether request from all the website(stored in my database) coming or not? If not receiving from any site , it will do some action.
A way so that that function always run in my server.
I too searched a lot and i find that my second question can be done with CRON job on the linux server but its the only way or any more secure way is there?[I only get to know about but don't know to apply that.]
We could take a example of Google Analytics. After adding a basic info, google gives us a code which he said to paste in our site. So how google checks whether the user has pasted the code or not? Is there any most secured way of doing this?
[FOR EASE] The flow of the project is --
USER SIGNUP ----> GIVE INFORMATION ABOUT THEIR SITE ---> GET THE CODE (javascript widget code) TO BE PASTED ---> GET INFORMATION FOR MY SITE FOR SOME ACTION
but if code is not pasted within specific time, user will get error in its dashboard.
For all this as a backend language, i am using PHP. Is there any other language is required or any other language which can make the task easy?
Any help is welcomed.
It is not your responsibility as a developer to ensure that the user has inserted the code on their site. It is your responsibility to ensure that your application displays an appropriate error message in the event that they nave not done so.
That's about all google does. If they don't detect any incoming data they check the site you have entered to see if the snippet is there if not they show an error.
You haven't mentioned what your wigget does but if its not sending data to you. You could check once a day to see if it exists or not.
All I want to do (for now) is have the end user authorize, via Oauth, permission to view email address, and have the script put that email address into my spreadsheet.
In testing, this works great. Buttons are clicked, tokens are exchanged, magic is made, all as expected when using my account, but when I publish and test with another account I get:
The state token is invalid or has expired. Please try again.
When I change...
"Execute the app as: Me"
to...
"Execute the app as: User accessing the web app"
...the second test account works, but I get no results on my end (obviously).
This makes me think that I've hit some limitation with the data exchanging across accounts, but this just doesn't seem right. This seems like a pretty normal thing to attempt. Maybe I'm wrong.
I'm happy to edit this question and share any code needed, but I'm pretty much using code straight off of googlesamples/apps-script-oauth2
I guess I'm mostly asking if I can do what I'm trying to.
Here's the web-app.
Please help
I know this has been asked a bunch of times, but I have only seen serverside solutions.
I'm running an iframe app that is embedded into a page as a tab. I want be test to see if the page is liked or not without prompting the user for anything.
Is there a way to do this with just JavaScript? The platoform we are building on is ASPX and I dont really have the option of going serverside.
Its not available because you need to inspect the http post parameter called signed_request and this isn't available on the client side. If the user has authenticated with your app and given you permissions to read their likes/interests, then you could then check with javascript api but I'm guessing you wouldn't want to make them approve your app just for this.