I am developing a mobile app on Android.
I download a lot of information from the backend via REST API.
For example for obtain the information about a contract I use the api the following request:
GET /contracts/01212314.json
It return a json with many fields
{
"conto_contrattuale": "01212314",
"intestatario": "Dennis D'Amico",
"utilizzo": "COTTURA + PROD. ACQUA 7 GG",
"codice_settore_merceologico": "E1",
"settore_merceologico": "ELETTRICITA",
"codice_societa_vendita": "Z016",
"societa_vendita": "Estra Energie S.r.l.",
"fornitura_indirizzo": "Via Palermo",
"fornitura_civico": "20",
"fornitura_precisazione": "Rosso",
"fornitura_cap": "59100",
"fornitura_comune": "Prato"
"rid": false,
"fatt_elettronica": true,
"fatt_email": "andrea.bettarini#devise.it",
"fatture_scadute": 1,
}
But I am only interested to the field : "fornitura_indirizzo"
I can't modify the backend and the API.
So I think to create a new middle backend that fetch the info from the actual backend and exposes a call only for the field "fornitura_indirizzo".
How can I do?
Is it possible on google cloud platform? and is it free?
Thank you for your consideration.
You can put a file on your server that fetches the data en then recreates a partial array and echo that in json.
Example:
$contract = Json_decode("/contracts/xxxx.json", true);
$needed_info = $contract["fornitura_indirizzo"];
Echo json_encode($needed_info);
I can't access to the server and modify. I can only send request.
I apologise if I misunderstand your goals here, but why bother with creating this new back end for your app. You could simply call the existing back end and ignore the unneeded information. Either way, that existing back end has to send all that info somewhere for every request your mobile app performs. You're also adding more latency to the request since it has to go through your back end first.
I can see this being worth it though if your goal is to minimize the data downloaded by the mobile app when it does a request.
Related
I am new to web development. I had a web project with EJS templating. It redirects directly from the server. Using res.redirect() . I want to create a server for web and mobile both.
Question is... When i use res.json() it sends JSON data to client side. Can work for both.
It is possible to use res.redirect() for both. Web and mobile.
Pros and cons of res.rediret and res.json
Please explain. I appreciate your suggestions in adv. Thanks.
It is possible to use res.redirect() for both. Web and mobile.
If you mean can you use res.redirect() as an alternative to res.json() then the answer is NO. res.redirect() is not an alternative to res.json. res.redirect() only sends a code and a URL back to the client, there is no data in the response. You will still need to use res.json or res.send to get the data you need. Every time you use res.redirect() you are sending a response to the client telling them to make a brand new request to another location. You're not sending any real data. The android app will not get any content till you use res.json or res.send. Redirects just tell the client go get the data from somewhere else.
Below are example responses to an android app when the server uses res.json and res.redirect
res.redirect("/user")
//Response to Android app
302 /user
The response above means what you want is located at "/user" so the mobile app will need to make a request to
res.json(user)
//Response to Android app
{
name: "Arpit Yadav",
phone: 555-555
}
res.redirect sends status code 302 (if not specified), and location (route) to browser, after which browser redirects the request to the specified location, whereas res.json sets Content-Type: application/json and sends data to the browser.
Redirection is generally meant for browser only, but, you can use it for mobile. In that case, you have to handle the logic to re-request with updated location received from server that is not recommended.
In nutshell, both have different purpose. res.redirect to move clients to different route and res.json to actually sends the data.
I need to develop an API for web as well as mobile with NodeJS as backend. Since, both have common endpoints --> I was wondering how to handle error cases like for e.g. --> if there is an error and user is on web I can do res.redirect and the user will be redirected whereas if the request was from mobile then I will have to set an 'action' variable which will guide the mobile app to take the next action for e.g. ask the user to login again.
app.get('/users/musicList', function(req, res){
// check with db.
// lets say there is some error --> the API token is not valid so user needs to
// login
if (req was from web) {
res.redirect('/signin');
} else {
var result = {action : 'SIGNIN'};
res.status(200).json(result);
}
});
Is this the correct way to go ? It makes code look a bit messy. Any suggestions.
An Easy way to do this is to have two different endpoints for mobile and web. (Wait I have two more solution).But this would result in code duplication.
web: domain/route
mobile: domain/api/route
Another way is to have only api/route which uses only json. And to handle the error and routing in front end. This works if you are using front-end frameworks like angular and using AJAX requests.
Third one is to check for the client need and acting as in your question. Check this link for how to determine what client needs.
NodeJS : Validating request type (checking for JSON or HTML)
I'm working on an android apps. I am using ionic framework. In some pages I need to get data from a web server and the result is an object json.
My problem is if some one arrives to GET the pages where I get the json data, one can fetch all my database data by changing the http request.
Is there any way that can improve security of my apps?
You should make some kind of authentication mechanism, for example, a token in the header, that way you know wether the user has access to that resource or not.
So when you make your request you can generate a configuration for that particular request.
Example:
var url = "http://yourserver.com/api/your/path";
var config = {
"headers": {
"Authorization": "Bearer someBearerFromTheServer"
}
};
$http.get(url, config);
The backend implementation for this to work depends on the language you use. Here google is your best friend.
A more advanced way to do this, is to use interceptors in the $http service and attach the token to the header in every request, but be careful, you should secure this so you won't send your credentials to every request you make (sometimes your app might need to request data from another server).
You can read more about $http services and its configurations in the $http service documentation.
Regards
I am currently working on implementing a mobile app for our site that uses Ruby on Rails and Devise. The idea here is, at first, create a mobile login form that on successful login opens a web frame that is authenticated and allows the normal use of the (mobile optimised) site. Theoretically that should be possible.
I am having trouble with the following issues:
How do you get the pure session key for the user session via a json request? What methods can be used to manually generate it from devise, something that the sign_in(:user, user) method does?
Is it even possible to take that key and put it into the browser cookie the way it normally happens in devise, but on the mobile side?
I know that this is not the standard method of making mobile applications for the site, but I believe it should be possible.
You might want to consider using Devise Token Auth and treating your mobile application like just another webapp that requests permission from your main site. DTA is particularly nice since it takes care of managing the session tokens (renewing/expiring) and passing them onto the app requiring access. The issue is overriding your session controllers so that it automatically logs in after you already log in on the mobile app (or just rewriting your log in so it occurs in conjunction with the Rails site, rather than before). Considering you're already using Devise, this may also be more refactoring than you'd like.
If you want to put your authentication form on the mobile UI and pass the credentials over to the web frame, you need a way to pass data from the mobile app to the web frame.
How you accomplish this depends on what platform you're building on. I'm not really a mobile developer so I don't know for certain how difficult / easy these options are:
When opening the web frame, instantiate it with session data
Find a way to call methods on the client from the web frame. Something like getSessionData.
You could generate a fingerprint for the web frame, have the mobile UI send this data to the server, and then have the web frame authenticate with the server by sending the fingerprint.
Again, I'm not entirely sure how possible all these options are.
You should use token authorization and Android deep linking. It will allow you to login in the web browser and send a token to your app via deep linking.
OK, so I decided to make a webframe solution as follows, basically you post the login and password to a certain sign_in method specially designed to generate one-time sign in tokens for the application. You need two methods in the system to do that:
routes.rb
devise_scope :user do
get "sign_in_with_token/:token" => "sessions#sign_in_with_token"
post "get_login_token" => "sessions#get_login_token"
end
sessions_controller.rb (don't forget to add the method that increases the failed_sign_in_count on wrong password, otherwise that can allow brute force attacks)
def get_login_token
user = User.find_by_email(sign_in_params["login"])
password = sign_in_params["password"]
if user and user.valid_password?(password)
token = SecureRandom.hex(16)
user.update_attribute(:authentication_token, token)
render json: {token: token}, status: 200
else
render json: {error: "error"}, status: 403
end
end
and the method to sign in with that token
def sign_in_with_token
#user = User.where(authentication_token: params[:token], email: Base64.decode64(params[:email])).first
if #user
#user.update_attribute(:authentication_token, nil)
sign_in(#user, bypass: true)
end
redirect_to '/' # or user_root_url
end
That way the mobile app will work like this:
use the generic web frame to send ajax requests to the server and get that token for the user email if password is correct.
make a /sign_in_with_token/#{token from ajax}?email=#{base46 encoded email} link inside the app.
open that link inside the web frame and use the app as though you were logged in normally. Now the app can save email and password locally and use that logic to get the token again for another session. Later logging in will also be able to set the app id so that push notifications can be sent.
Appreciate any feedback or criticism on this solution.
I am wondering what is required to setup a server so that you can store data on it, and then have an application send requests to it to store and receive data. More specifically, I am working on an Android application where a user will generate data and then that should be stored on a server so other users can access it. But I do not know how setting up a server to be capable of this works. I have worked on Android applications in the past that sends requests (put, post, get, etc) to a server, but that back end was already set up for me. Any info or resources about setting this up would be great.
There are many, many different ways to accomplish this.
Since you're already working with a Google technology, Android - you could start by creating a Google App Engine project. Following the tutorials you can get started setting up a simple back end solution that will store data for you and you can make requests to it for that data.
Another advantage to this for you is that you don't have to learn how to install software on a server and all the dependencies that arise from that, etc. Simply set up a new account and push-button deploy through Eclipse or command line.
And since you've used Java in Android, you can use JAva for Google App Engine (GAE) too!
Getting started: http://code.google.com/appengine/docs/java/gettingstarted/introduction.html
You can try ready to use BAAS/PAAS services to store your data, e.g. QuickBlox for Android http://quickblox.com/developers/Android, where you can manipulate with your data with few strings
QBLocation location = new QBLocation();
location.setLatitude(35.0);
location.setLongitude(53.0);
location.setStatus("I'm at this place");
String someImportantString = "Dr. Henry Walton Indiana Jones";
QBLocations.createLocation(location, new QBCallbackImpl() {
#Override
public void onComplete(Result result, Object context) {
// retrieve context object inside callback
String passedContextObject = (String) context;
System.out.println(passedContextObject);
// do stuff with result
}
}, someImportantString);
All logic of data exchange with server is encapsulated in framework.