I have been asked to write a mobile android app to interface with a website. When pulling content from the site, I don't think scraping the site would be very efficient. I would like to interface with the database. Think of the scenario as facebook mobile app interfacing with the facebook databases that fuel facebook.com (so there's a mobile app, a web app, and a database in this equation). Would I just create a db account for the mobile app and then every phone using that app would use the same database account (This sounds like a terrible idea imo)? The user will be asked to authenticate in the app before they can start getting information from the it.
In general you don't want to be accessing the database directly via the phone (if that is even possible). The more standard way with mobile clients is to build a set of RESTful APIs that you can invoke via normal HTTP GETs and POSTs. These will present the data in a more lightweight (JSON, XML) way to the app, so that the "decoding" effort is reduced. Authentication is done via standard HTTP AUTH. That's the short version.
Related
Please forgive my (perhaps naive) question, I am still a beginner!
I have a website on asp.net core that is essentially a CRUD website. There are some Razor pages and some controllers. When the user is logged in, they can create and update the data they own (through javascript and said controllers).
Login is organised via Cognito's built-in UI. I redirect the user to it with the [Authorize] attribute on certain controller actions. The token (I think this is what it's called?) coming from Cognito is automatically stored in the browser cookie and is passed between the browser and the backend (controllers and Razor pages). In the backend controllers and Razor pages, I have very convenient methods like User.IsAuthenticated(), and can get claims and fetch cognito:username and similar fields.
The website is working well enough.
I am now working on native mobile apps (Android and iOS), and I am wondering how to deal with authorisation in them as well. I want the user to have the same experience in the mobile app as on the website: they would log into the mobile app and see and edit the data they created earlier on the website, and vice versa. I'm not sure how to implement this correctly. I see several options:
Option 1. Use the AWS amplify framework in the apps. I am sure it will work nicely; but how will I then pass the token to my backend controllers? Asp.net core needs it to build this User object, I understand. I think asp.net core stores it in the cookie appropriately named .AspNetCore.Cookies, but I'm not sure as to its format and whether it'll stay stable in the next releases?..
I'm currently reading about JWT bearer tokens, maybe that's the thing that should be used instead of .AspNetCore.Cookies?..
Option 2. I could "pretend" that the mobile app is the same as the browser and send exactly the same requests as my web frontend does. I suppose this sounds very complex - I'd need to store cookies, follow redirects (to the cognito built-in ui, for example) - I don't know if there is a built-in mechanism? However, in this case the app doesn't have anything to do with cognito, talks only with my backend, and is just following redirects. AppAuth states that Authorizing the user occurs via the user's web browser, so perhaps it can be used here?
Perhaps there are other options that I overlooked; I'm almost sure there is a simple solution I just can't see at the moment. Sorry it's all over the place, this is a very new topic for me. Thank you in advance!
1) I have a web application. This web app is for a user to buy a point.
2) I have an android application for parking payment. Payment is based on point that user buy from the admin. Since I made two things which are web app for admin and android app for user, so I will have two database for each one right?
3) So, how can I transfer the point that user buy from the admin to an android application? Is this thing has to do with JSON fetch or pass data?
4) Basically I want the user to get the point from the web application? Your answer will be really helpful to me, thank you :)
The issue is design issue. Your mobile app and the web app don’t have to be two separate.
You can have one application with one database that both web and mobile point to.
If you’re using Android look into ionic framework that can help you code one codebase targeting both web and mobile.
See
https://ionicframework.com
https://scotch.io/tutorials/create-your-first-mobile-app-with-angularjs-and-ionic
You will have to build a single server for both your admin and your app. Both will have a single database that is controlled by your server. Your app will request the same server to redeem points and your admin will request the server to add points. You can use retrofit library in android for making api calls to your server
The web application and the android application must connect to the same database on the server. In the android application, to you get the data via json, you must use asynctask to download the server information or use libraries like Retrofit or volley that facilitate the handling of json.
I want to ask about the security of web application.
I'm developing on web site for an inventory management system by web service.
And wrapping as android application with the webview.
But my client ask the website can be opened in android application only.
I think it is possible with agent header when web server response to request.
But it just a makeshift.
So is there any way to check the website is opened in browser not authorized application?
I used spring boot for web server.
This is not possible. Once you expose an endpoint publicly, you can always try to connect to it with whatever software supporting the protocol (or an analyzer which will reverse-engineer the protocol).
This said, you can make it difficult by obfuscation.
One solution is to use information provided by the client (browser in your case). This is usually the agent header (as you mention) but can also be some fingerprinting. You could for instance detect the size of the screen and make some decisions from there on.
Another solution is to use some secrets (better call them "secrets") to show the backend application (or API) that some specific code is calling. I can imagine that you could bundle the HTML/JS/CSS code in your application, together with a key so only the application owners will be able to send a recognizable traffic (recognized by the backednd).
All of this is more or less difficult to crack but with some layers you will get rid of at least some population which would like to access the site via other means than an app.
I need to create a Rails app which in the future will need to share the same database with a native app.
As I am still quite inexperienced I would like to understand which way is the best to have the 2 app share the same database, in this case I will use postgresql.
I'm thinking of using postgrest for it but I'm unsure if there are any better/ faster ways.
which way is the best to have the 2 app share the same database
The best way is to not share database at all. Mobile app does NOT talk to database directly. Instead, it should talk to an api server, which will provide needed data and perform appropriate checks (user credentials, etc.)
The API server may be implemented as part of the same rails app or a separate app.
Another way might be to expose a read replica for your database to the mobile which can access the data directly through it via the API calls.
There are lots of options, depending on what you are trying to achieve with the web app. You can look into BAAS's such as Firebase or similar products. However, if you are already using rails, you try the new Rails 5 API mode, where all your controllers and models are preformatted to serve JSON making it slightly easier to get your API up and running for your native app.
An API (to clarify your understanding based on your comments), is a layer that will deal with creating, updating, editing, and deleting things in your database. You will have to define it using your own code (or rails generators if your app is very simple). This layer is so you can insert business logic before the database operation is performed based on the request sent from your app.
I am developing social networking app on android.Rough idea of my app is that when user launches an app it will get all users of this app in near by location.So for storage purpose of users data I want to use web server. I don't have an idea what is best way to start with.Should i use Amazon web services ? (S3,Ec2) I was surfing internet got these buzz words.
Please guide me what is best approach for database storage ? Should i write my own server api ? or What ?
These are some general things you will have to do:
Buy some server space where you can host your server (this is the amazon ec2, etc). If you need a fancy domain name, buy that too, and map it to IP address of the server that you brought (optional).
Setup a db of some kind on this server to store your data (msql)
Write wrapper web services (php, jsp, etc) which will expose apis to access your data remotely. For security reasons, you should also have some authentication using some token passing mechanism.
Access the data on your server remotely using the APIs you created in the web service.
I personally favor using a MySQL database with PHP to interface between the app and the backend! Your app can send requests to PHP and then your PHP webservice would write/read to the database and then return JSON to your app.
I would say this is a very subjective question though as there as so many ways that you can write a web service.