I am using active storage in my Rails application. The frontend is on React. I am uploading an image via react uploader and sending that image to the backend API where I am storing it to S3 bucket using active storage.
This is the API that handles the image:
if image.attached?
opts = ImageUploader.resize_to_fill(blob: image.blob, width: 100)
variation = ActiveStorage::Variation.new(combine_options: opts)
variant = ActiveStorage::Variant.new(image.blob, variation)
return rails_representation_url(variant, only_path: true)
end
This returns the path in the following format:
/rails/active_storage/representations/...../file_name.png
This works all fine when I use this path inside the application, but I want to send this image in email, there the image breaks as the src attribute can not read this path. If I append http://localhost:3000 manually in the email through dev tools, I am able to see the image then.
Weirldy, in the email, I also see the path appended with http by itself like below:
http:/rails/active_storage/representations/...../file_name.png
I did a workaround and gave only_path to false. This way I was able to get back the complete URL but in the email I got duplicate http written somehow.
Desired Result:
Either the email also appends the host_url along the protocol or removes the http also so that I am able to pass the complete valid URL.
If there is a way to alter the api and somehow get the s3 endpoint directly that would really really work but I am not sure how to do so. It would return the url like this: //{bucketName}/uploads/file/id/image.jpeg
Any help please!
Related
I am currently working on a application with React as frontend and Nodejs as backend.
I am using multer and minIO to store the files.
Currently:
I have a form where the user fills up some data and also has the option to upload files such as PDF/JPEG etc (multiple input fields for file).
I am using forkmik along with material UI for validation and styling.
So when a user fills up the form (data is a json object), if there is any file upload done it does a POST request to "/upload" uploads the file to the storage engine and then returns a path of where the file is stored.
Then I send one more POST request to "/" to save the user info along with the path that it returned earlier onto MongoDB.
I trying to make it as a single post request to "/" but cannot do so, this is what I have tried,
is to send the user info with content-type "multipart/form-data" along with the files, I am only able to get the "req.files" array properly while the "req.body" of the user information is shown as "[Object: null prototype] { 'values.general_information.first_name': 'Amy',
'values.general_information.last_name': 'John' }" and so on.
I am trying to receive it in a proper json format but cannot do so.
Since the data I was receiving was [Object: null prototype], in the body converted to string using JSON.stringify() and on the backend parsed the incoming data using JSON.parse(), without using react FormData and was able to make it into a single POST request using multipart/form-data as I was uploading files as well.
i am Learning Python and at the moment i am experimenting with the request Module.
What i did so far:
This is the API Documentation for the Endpoint i used:
https://trackapi.nutritionix.com/docs/#/default/post_v2_natural_exercise
And this is the associated Python Code:
EXERCISES_ENDPOINT = "https://trackapi.nutritionix.com/v2/natural/exercise"
header = {
"x-app-id": APP_ID,
"x-app-key": API_KEY
}
body = {
"query": "Ran 2 miles and walked for 3Km."
}
response = requests.post(url=EXERCISES_ENDPOINT, headers=header, json=body)
The corresponding http Request URL should be:
https://trackapi.nutritionix.com/v2/natural/exercise?Ran%202%20miles%20and%20walked%20%20for%203Km.
My Problem is as follows:
In Python the code ist working perfectly fine and my response is as expected
If i use Postman, this works fine too, because in both -Python and Postman - i can specify my Request as a POST Method
But if i use the URL in my MS Edge Browser (and Chrome too) i get an Error: Cannot GET /v2/natural/exercise
The Header information are ok, because i told the Browser them per "ModHeader" Extension.
But why is my Browser doing a GET and not a POST and how can i change this with the developemant tools from MS Edge Browser.
Important for my learning is to know why the Browser do a GET??
Is the Browser only able to do GET in generel and the other Methods (POST, PUT, DELETE) are not possible in this way. But that makes no sense for me :)
Thanks a lot in advance
But why is my Browser doing a GET and not a POST
Presumably because you are trying the address into the address bar of the browser.
That is designed to make a GET request because there is nothing in the UI designed to collect any of the data needed to make another request type.
The usual way to make a POST request would be to provide a user interface for it in the form of an HTML <form>.
I'm creating a dating React web app where users can upload pictures of themselves to their user profile. I want to use Firebase storage. I want to protect the images so that they are only viewable when accessing from my web app by authenticated users - right now I get an image like this:
let storageRef = firebase.storage().ref(`images/${userid}/${userImageName}`);
// Get the download URL
storageRef.getDownloadURL().then(function(url) {
// Insert url into an <img> tag to "download"
})
This is great - but once I put the URL in the src attribute in the image tag anyone who views the source code can copy the URL and send it via email, text message, etc., making it "public". I have tried uploading images in base64 string using the putString() function also only for Firebase storage to yet again create a URL for it like a normal image upload when using the put() function.
So my question is - can I use Firebase Storage to store images and make them "private" so that only authenticated users of my web app are able to view them? Is there a way to get only the image data and use that to generate the images in the frontend/client so that no actual URLs are ever placed in the JS code?
The call to getDownloadURL() is protected by Security Rules, which means that if you write a rule like:
service firebase.storage {
match /b/{bucket}/o {
match /images/{userId}/{userImageName} {
// any authenticated user can read the bytes or get a download URL
allow read: if request.auth != null;
// only the given user can upload their photo
allow write: if request.auth.uid == userId;
}
}
}
They will not allow unauthenticated people to download URLs.
As for the second issue: once someone can see a file, assume that they have already downloaded/screenshotted it and can share it, even if the URL isn't publicly accessible (or even on the page). Viewing something is equivalent to downloading it, so there's really no difference where it's coming from as the end result can be the same.
I have an admin control panel where admin users can set a few options and then click a button to run a report. The report should return a CSV file download prompt to the user.
I am using ui-router and $resource services. The response headers/mime type are set correctly, but the CSV file is returned as text (no file download initiated) by the $resource handler.
I tried creating the download link directly, by forming a querystring from the $scope, but unfortunately my API's authentication scheme uses a custom HTTP header token and it's not possible to send that to the API (which is also on another subdomain) via an anchor tag, such as this one:
Run
Is there a way to initiate a file download prompt using an XHR request (with custom header)?
I'm using a custom header token so downloading the report via a simple link is impossible; the request has to be made via XHR. My two-part solution:
Returned the CSV data from the API directly as text, removing file attachment headers. This is the correct solution, anyway, because it keeps the REST JSON API unconcerned with file downloads, which are a browser concept.
Wrapped the API response data in a Blob, and then used https://github.com/eligrey/FileSaver.js to initiate a file download.
A drawback is this requires IE10+, but that is okay in my case.
Here is a quote from here:
So in short ... you need to look into login
page, see what params it uses e.g
login=xxx, password=yyy, post it to
that page and you will have to manage
the cookies too, that is where library
like twill etc come into picture.
How could I do it using Python and Google App Engine? Can anybody please give me some clue? I have already asked a question about the authenticated request, but here it seems the matter is different as here I am suggested to look into login page and get parameters, and also I have to deal with cookies.
There are two ways
AS I told you use twill or mechanize, as twill is just a simple wrapper over mechanize you may just use mechanize(http://wwwsearch.sourceforge.net/mechanize/), but to use mechanize you may need to do some hacking see import mechanize module to python script for more details
Do it the hard way and learn something while doing that
Lets see how to login to yahoo
a) look into the page (https://login.yahoo.com/config/login_verify2?&.src=ym) and see what does form look like, you can firebug to inspect instead of looking into raw html.
b) form has login and passwd two field, Plus some more hidden fields lets ignore them for now, so till now we have
form action url= "https://login.yahoo.com/config/login?"
form_data = {'login' : 'my_login', 'passwd' : 'my_passwd'}
c) we can post above data to the correct post url, and it may work but usually we will need to go to other pages and if we do not have cookie it will ask again for login. so lets use a cookie jar e.g.
jar = cookielib.CookieJar()
opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(jar))
form_data = urllib.urlencode(form_data)
# data returned from this pages contains redirection
resp = opener.open(url, form_data)
d) now the page from yahoo, redirects to other pages, e.g. if I want to see mail page, i will now go to that and cookies will take care of authentication e.g.
resp = opener.open('http://mail.yahoo.com')
print resp.read()
If you see printout it says , "xxxx| logout , Hmm... your browser is not officially supported." that means it has logged me in :), but as yahoo mail is a ajax page and doesn't support my simple scripting browser, we can get past this tool by spoofing browser type, and can do lots of stuff.
Here is the final code
import urllib, urllib2, cookielib
url = "https://login.yahoo.com/config/login?"
form_data = {'login' : 'your-login', 'passwd' : 'your-pass'}
jar = cookielib.CookieJar()
opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(jar))
form_data = urllib.urlencode(form_data)
# data returned from this pages contains redirection
resp = opener.open(url, form_data)
# yahoo redirects to http://my.yahoo.com, so lets go there insetad
resp = opener.open('http://mail.yahoo.com')
print resp.read()
You should look into mechanzie code or links like this http://www.voidspace.org.uk/cgi-bin/voidspace/downman.py?file=cookielib_example.py to see how they do it.
we can post this data
This is not app engine or python specific. You need to get familiar with how POST and GET work. When you log into a typical web site, your browser is sending a POST to the web server, with a bunch of parameters. You can see what the parameters are called by viewing the source of the web page in question, and looking for the login form. Once you know the names of the parameters, you can include them in your POST to the web site. The web site will then return back a cookie, that would normally be stored in your browser. Since you are trying to simulate a browser, you would need to store this cookie yourself, and send it along when you try to request further pages from that particular site.
I am not sure if I understood your question, but if you want the GET parameters, with webapp, it would be something like this:
login = self.request.get('login')
password = self.request.get('password')
More information on dealing with forms is available here
You should also try the user service if want a quick way to authenticate your users.