I have a client application in flash and a server application in C++ on linux. They communicate through a TCP socket and the server handles all of the game logic and communication between clients.
I'm now in the process of deploying my application onto a website. Embedding the swf is easy and working fine.
I want to be able to save statistical information about users and would like to use the Facebook login to uniquely identify users and store information about them in the mysql database.
I am now in a situation in which the javascript part of my server application (index.html using apache) needs to send the facebook information to the C++ part of my server (which contains all of the game logic and database management) so that I will know a users unique ID for the database.
Is it possible to send this information from Javascript to the C++ application?
You can make your C server act as a webserver, accepting connections following the HTTP protocol, and then you can send data with Ajax. Just remember to make your server send the Access-Control-Allow-Origin: yourdomain.com response header, replacing yourdomain.com with the domain you host the HTML+JS page on; this is to allow cross site requests, because the C server will be listening on another port than the webserver, and maybe another address too.
Related
We have two applications, one called flexOS locally on "the server", and one called flexVisu remote on "the client". The first one is doing the job, collection data and such things.
Historically those two applications are able to communicate via TCP/IP sockets and a proprietary binary protocol.
Now we want to replace the client application flexVisu with a web page hosted on the IIS locally on the server. Every web browser on every device should be able to display these web page(s).
Firstly we experimented with an additional application (flexVisuWebServer) on the IIS side that basically hosted a web socket server and translated the json data from the client into binary data for the server and vice versa.
But this always requires a http connection and a wss connection to be open at the same time.
I don't know why, but I don't like the idea of using javascript on the client to handle all the data processing to display the server data.
I think that it would be much easier if I wrote an asp.Net c# application that handles the connection to "the server" via our proprietary TCP/IP protocol. That way no conversion of data between binary and json format must be done, and the web page itself can be also written in C#.
This approach much more resembles the current approach with flexVisu connecting directly to flexOS, the binary data is directly used to fill in Windows Forms controls.
What am I missing here?
Would the asp.Net application be able to connect to a tcp socket and use our own protocol?
[Edit: 2021-02-09 at 16:18 localtime]:
I managed to use our proprietary TCP/IP protocol to connect from the web server to the flexOS in the page_load of the asp.net web page.
So basically it should not be a problem to use the underlying library to read data directly from the flexOS.
OT: Should i post subsequent ASP.Net questions here too, or open some more questions?
We decided to follow this concept:
the webpage is using a websocket connection to our application flexVisuWebServer and this application uses our propietary TCP/IP protocoll to talk with flexOS.
I currently own a website, which will be used for global access and a database. I am also building devices that run a local node.js server, that forms a connection to this website.
So I guess this would be a reverse websocket? I don't own the webserver, it's hosted, so I'd assume I would use php.
I'm needing a 2 way connection that can push or request updates from both ends... Maybe websockets isn't the answer in this case?
What I want to achieve:
I have a linux server connected to network which runs a database. The database is not reachable from network. There is a software which acts as a middle layer between the server and client(s). The clients would access the database through this layer. This is required because:
There will be multiple users with different permissions.
I want a common API because the client software will be implemented to mobile platform, mostly for Android and as a webpage(this is where I want to use JavaScript) as well.
I don't want to expose the database directly to clients because I would be forced to store the database's login credentials in client's device.
The client software will be used only for data exchange and displaying the result to user. Any processing would be done in server.
The part which is not clear is the webpage. I could use PHP, but I want to make it like the Google Hangouts app in Gmail or the Facebook Messenger. The content which is fetched from database is displayed without reloading the page. Since I have't done anything like this in JavaScript, I don't know where to start, which libraries I should use.
Note that the communication between the client and the server would be done over secure sockets. The middle layer would be implemented in C++ using OpenSSL.
I would suggest to connect to the server using C++ with the system() command.
I have the following architecture for my app:
jQueryMobile web app --> Gets JSON from ---> REST API created in C#
I have placed the REST API Code in a virtual directory in IIS 6.
The Mobile site code is running in the root of the website... so the rough file structure is like this:
inetpub/
/index.html
myjavascript.js
/restapi/
web.config
Global.asax
bin/(bunch of Dlls...)
The Server is behind a network with the following sort of IP translation (not the real IPs...)
For example:
Web Server external IP: 121.131.141.50 (with URL http://mysite.com/)
Internal IP: 10.210.2.5
Subnet: 255.255.255.0
I have tried restricting access to the restapi folder by IP as I would like for it only to be accessible from the web server. I have tried the IIS approach and set Directory Security settings, and have also tried the approach of using a ServiceAuthorizationManager class to check Request IP in the Http Request.
Both approaches gave me the same result: There was no problem restricting and testing the actual service call through Fiddler to prove that a 401 would be thrown from any IP other than the web server IP: 10.210.2.5. I was also able to execute it from the webserver (which is the desired setup).
However, once the Mobile site javascript calls it, I get the 401 unauthorized. As the Javascript code is client side, the restapi assumes that the call is coming from the Client's IP address, which of course, is blocked.
Is there a neat way to check that the call comes from the IP where JavaScript is sitting?
Or Is there a better way to go about the whole thing?! :-/ Is there a way to make the web app specifically permitted to access the restapi virtual directory ?
Back to basics, your setup looks like this:
client <----> web server
HTTP
The web server hosts files which can be requested from outside by clients over the HTTP protocol. The web server is also where you filter incoming requests:
client <----> | web server
HTTP |
IP filter
If you say you want the REST service to be only accessible "on the same server", that means this:
client <----> web server
HTTP ^ |
| |
+----+
REST
But if the server is only talking to itself, you don't really need a full-blown REST interface to begin with. I guess what you actually mean is that the client, which downloads HTML and Javascript form the server, may request additional data from the server via REST.
client <----> web server
HTTP
<-------
HTML, JS files
-------->
AJAX
But as you see, the way it works is that the client downloads Javascript files from the server and executes that Javascript locally which then sends AJAX requests back to the server. The requests will always come from the client. They have to. It does not matter where the Javascript code that is making those requests originally came from. It could be a script from your server or it could be hand-typed by the user. An AJAX request is an HTTP request is an HTTP request like any other. Either you make your REST service accessible from outside or not, you cannot filter by the code that generated the request.
If you want to make the API non-public, require authentication so only registered users can access it. That doesn't make the API itself any less publicly accessible though.
I am currently building a web application, that has fully separated a "frontend" server with Lighttpd only serving the index.html and javascript etc.
Backbone.js etc. keep my frontend in connection with my webservice "backend" written in Node.js
The backend is completely stateless, doing authentication each request through http basic and runs SSL (https).
How do I make sure that only the connections happening on my "backend" server are comming from the Lighttpd "frontend" server and not some random hacker?
Thanks for help.
If you know the front-end server is going to be on a specific IP address or range or IP addresses, you might want to restrict traffic on the back-end server to only be from that address.
You may use ssl between the 2 servers and use a certificate to ensure identification. That's really secure if you protect your certificate well.