I have to implement end-to-end encryption with firebase push notifications on React and React Native Apps.
What I have in mind
Encrypt messages from the backend and sent them to firebase
On the front end, we will decrypt the message with the shared private key that we got on login from the backend or a predefined key on the app itself
My Question is.
Since push notifications run in the background.
How do we get a private key for decryption when a notification cames
How do we decrypt the message using library (crypto-js) on push notification
I know this is not a way to do this. Please suggest a better option.
This is for HIPPA compliance
Related
I want to implement a connected OAuth app in Salesforce which should trigger push events in case some entities changed, for example an opportunity was closed.
Zapier implemented something similar
https://zapier.com/apps/salesforce/integrations/webhook
Could not find something I need which is a simple way to subscribe to entity changes using the OAuth client's token and passing a webhook endpoint. I read about apex callouts, streaming API and outbound messages.
Yeah, we solved this exact problem at Fusebit and I can help you understand the process as well.
Typically speaking here's what you need to do:
Create triggers on the Salesforce Objects you want to get updates for
Upload Apex class that will send an outgoing message to a pre-determined URL
Enable Remote Site Setting for the Domain you want to send the message to
Add in Secret Verification (or other auth method) to prevent spamming of your external URL
If you're leveraging javascript, then you can use the jsforce sdk & salesforce tooling API to push the code into the salesforce instance AFTER the Auth flow has occurred AND on Salesforce Instances that have API access enabled (typically - this is enterprise and above OR professional with API enabled).
This will be helpful for you to look through: https://jamesward.com/2014/06/30/create-webhooks-on-salesforce-com/
FYI - Zapier's webhooks implementation is actually polling every 15 minutes, instead of real-time incoming events.
In which programming language?
For consuming outbound messages you just need to be able to accept an XML message and send back "Ack" message to acknowledge receiving, otherwise SF will keep trying to resend it for 24h.
For consuming platform events / streaming API / Change Data Capture (CDC) you'll need to raise the event in SF (Platform Event you could raise from code, flow, process builder, CDC would happen automatically, you just tell it which objects it should track).
And then in client app you'd need to login to SF (SOAP or REST API), subscribe to channel (any library that supports cometd should be fine). Have you seen "EMP Connector", mentioned for example in https://trailhead.salesforce.com/en/content/learn/modules/change-data-capture/subscribe-to-events?trail_id=architect-solutions-with-the-right-api ?
Picking right messaging way is an art, there's free course that can help: https://trailhead.salesforce.com/en/content/learn/trails/architect-solutions-with-the-right-api
And pretty awesome PDF if you want to study for certification: https://resources.docs.salesforce.com/sfdc/pdf/integration_patterns_and_practices.pdf
I guess that the Title is quite explicit, but I will try to further explain my requirements so maybe anybody can help.
As explained Im building a site that uses DRF as backend and React in the client side, and i would like to have some real time functionalities, so I´ve been researching on the issue which took me to Channels as the way to manage asyncronous actions and websockets. The question is that the more I read the more I get confused... by the Channels documentation one might say that it has capabilities to work whether sincronous as asyncronous server..but then i do not want to miss my DRF classes that simplify my life so much... and the there is this other question coming to my mind regarding if then, i must also use socket.io in the front to connect with channels on the back.... so as you see... im quite confused...anybody could help?
I'm not sure about the client-side and socketio. but yes you can use Django channels and react to communicate on a WebSocket. you also be able to send a message on channels outside of consumers(API view). but it's kind of risky to retrieve data from WebSocket outside of the consumer. everything in consumers(channels) execute asynchronously so accessing received a message on WebSocket by API is not guaranteed.
1 - set up a Django-channels consumer and on connect add the channel to a group
2 - connect to the channel by react and communicate with the server and keep the channel open.
3- make APIs for events and send the event from API to the channel group.
This apps closed but services are running. How can i do this on react-native?
I would like to make services that listen my app notification.
You can use react-native-firebase package for this specific purpose.
Way 1 - Data only notification
Check out the data only notification section documentation here. Please note that this would work only on android.
Way 2 - Notification + Data
Send a notification and when user presses it, update the data of the application. This should work both for android and iOS. You can send key/value pairs in your notification and send a type as one of the key/value pairs. Now, when you handle the notification based on this type you can can API's and update data as required. You can read more about it here
I am kind of new to React, so this might be just lack of experience, but I don't seem to find any answer to my question:
I have a react app, where I need to subscribe to a push notification channel. Messages are delivered through PubNub, and in order to connect I need to supply a subscribe and a publish key to the message server. Now, I know it is not a good practice to store secrets in a react app, and they should be handled through backend services, but do I really need to create a service just to subscribe to the channel and forward the messages to my frontend app? Is this not an overkill?
The messages I am receiving are just time ticks (I need a trusted source of time), but I still don't want my API keys to leak out...
Is there any reasonably ok way for me to avoid standing up an intermediate service?
It is perfectly normal to have your PubNub publish and subscribe keys in client side code. If it is necessary to restrict who has the power to publish and subscribe (read/write) using those keys, the developer can enable PubNub Access Manager (PAM) in the admin panel. There are PAM guides to get you started on controlling access.
Another point to consider is that your JavaScript PubNub connection can also be used as a trusted source of time. The JS SDK time call will get a 17 place precision unix timestamp from a PubNub node:
const pubnub = new PubNub({
publishKey: 'your_free_pubnub_publish_key',
subscribeKey: 'your_free_pubnub_subscribe_key'
});
let pojoDateObject;
pubnub.time().then((timetokenObject) => {
pojoDateObject = new Date(+String(timetokenObject.timetoken).substring(0,13));
});
It's a quick/simple question I cannot find the answer to. How to I hide my secret Stripe API key in an ionic project?
Like others here have said. You Don't.
If you want to process payments in an ionic app you need your private key on a server and can use the public key in the app.
You will likely need to send the user info to a server that you make where the server will actually make the reqest to stripe to process the payment.
One recomendation would be to create a parse.com account and have Parse Cloud Code process the stripe payment. This is what it would look like.
Parse Cloud Code
var Stripe = require('stripe');
Stripe.initialize('sk_test_xxx');
Parse.Cloud.define("purchaseItem", function(request, response) {...
ionic
Parse.Cloud.run ("purchaseItem" ....
You can do this by hiding the API key in native java code. Because it will be compiled to binary data. Then create a javascript interface to call that native function to get the secret key through cordova plugin feature.
For creating plugin: This article may help you.