I am developing a payment gateway (with 2 factor authorization, 2FA) with node/express for server side and angular js for client side.
The communication from client --> server can be done via a POST request but I want the communication from server --> client to happen via socket.io.
Now for new user who initiates a payment, a POST request will be sent from the client to server, data will be processed and a response will be sent back. For a very very specific reason, the response cannot be sent as part of the res in the received POST request.
app.post('/receive', function(req,res){
data = req.body
res.send('success')
// do something with the data
// Details regarding 2FA will be sent later via socket.io
}
After some processing, data will be sent to the client regarding 2 factor authorization.
io.on('2fa', {name:name, oneTimePassword:qwerty //and additional details})
I can listen to the channel 2fa from the client side, but every message emited on this will go to all the clients. I need a way to send a message to specific clients only who initiate that particular payment process.
Each transaction will be encrypted using ECDH. A UUID will be available for the transaction, initiating customer as well as the order number for which the payment is being done.
Appreciate any guidance for the above.
Socket.io has rooms. If you want, let's say, only the buyer and the seller to hear about the authentication result, put them into a room and emit your messages to the room itself. The client side won't change. You just socket.emit from the client to the server and the server will put the client into a room with all other appropriate parties and all the subsequent communication will only be emitted to the room instead of the channel 2fa.
This is from an html5 multiplayer game I developed, when the client joins a game room, this is what happens on the server side:
socket.on('joingame', function(data){
if(livingplayers[data.room] && livingplayers[data.room][data.id]){
socket.emit('joinfail', 'That name is taken');
} else {
socket.join(data.room);
socket.emit('joingame', data);
}
});
So, as you can see here, I join the client into the game, and I responded from the same channel and I informed the client that he successfully joined the game and on the server side I put the client into the room he joined. Any subsequent in-game actions will be broadcasted only to the room that the client just joined here.
Related
I'm using cometd to listen to platform events generated in Salesforce. My cometd client configuration code looks like
this.client.configure({
url: `${this.org.instance_url}/cometd/46.0`,
requestHeaders: {
Authorization: `Bearer ${salesforceToken}`
},
appendMessageTypeToURL: false
});
where the salesforceToken is obtained using the refresh token. This all works fine for a while but if there are no events for a considerable period of time (anecdotally anywhere between 6-24 hours), then my client seems to expire and no events are received. If I refresh the token and restart my listener, things start working again.
Is there a way to keep the listener active other than writing some sort of timer to restart the process every few hours after inactivity ?
You do not have to refresh the token again
Whenever there is no activity on the channel, the server closes the connection after a specific time.
In that time client receives a 403 (Unknown client) status code, and the client has to handshake again withing 110 seconds.
By default, CometD tries to reconnect without any user interaction and If the client doesn't reconnect within the expected time, the server removes the client's CometD session.
Once the connection gets reconnect, all the channel subscriptions will be removed by ComedD, and we have to subscribe to the channel again in order to receive events.
In order to do so, we have to make use of meta/Handshake callback to resubscribe to the channel again.
see https://developer.salesforce.com/docs/atlas.en-us.api_streaming.meta/api_streaming/using_streaming_api_client_connection.htm, paragraph "After Invalid Authentication"
"Streaming API regularly validates the OAuth token or session ID while the client is connected. If client authentication is not valid, the client is notified with the 401::Authentication invalid error and an advice field containing reconnect=none. After receiving the error notification in the channel listener, the client must reauthenticate and reconnect to receive new events."
(X) First Scenario
We have a web application and we are using socket.io as middleware. There is an angular end and there are API from .net. and it is a chat application, when a user sends a message it calls for the socket server and from socket server, we call to the API and we send the message to the particular socket. but when we send the message to the client the client event gets called multiple times(not every time but sometimes) from the angular end but the message, we have only sent once from the server(we set a logger to confirm this from server end). We have Azure Linux server. We are pooling socket ids from user ids as rooms. Though we removed rooms and added a manual array to pool sockets ids from user ids issue still exists. Working fine on android and ios devices.
****Second scenario
when we disconnect internet connection and reconnect the connection gets to connect to the server and we send a message after that it does send the message to other ends, but if we are sending messages from other end, messages are not coming to this end, from loggers in a server it shows that messages are sent. to the particular socket ids.
Setup
socket.io version: V2.0.3
node 6.11.4
I am currently designing a web application using AngularJS. In this I am fetching and posting data via Rest API(s) with different methods. The data I retrieving is fetched in the form of JSON.
Problem:
Issue here is, while I am using https, the data sent and received via HTTP requests can still be seen in proxy tool or traffic monitors. All the JSON can be easily read from this.
Each of my request has a token attached in it's header which takes care of authentication. However, once authorized, there is some part I don't want to be displayed in/ caught in such monitoring tools.
Question:
This data is stored in an encrypted way in database and all, however while coming via HTTP request, it is first decrypted and then sent. How can I hide/protect this data?
You can't.
If you give it to the client, then the client has to be able to see it.
If the user has configured their browser to proxy requests, then the proxy is the client.
Once the data leaves your server in an HTTP response then anyone/anything thing the user of the client wants to trust with that data can access it. You don't have control at that point.
proxy tool or traffic monitors will see https data only if the client has accepted the man-in-the-middle (MITM) by installing the ssl certificate used by the MITM:
To see the content (other than the host name) of an https connection, someone who is neither the client or the server must do a MITM.
If someone do a MITM with a certificate not trusted by the client, the client will reject the connection.
WARNING: If the server do NOT use HSTS, the person doing the MITM can do an SSLSTRIP attack if the first connection is http. In that case, the MITM do not need a trusted certificate because the connection will stay in plain text (http)
I am developing an app using AngularJS and NodeJS. Being new to both I am struggling a bit.
My app is communicating with payment gateway to facilitate payments. Flow goes like MyApp-->Payment Gateway --> MyApp. I am able to send the request to payment gateway. Problem is I am not able to figure out how I will handle response that is coming from payment gateway. Payment Gateway is sending some data in the post request. I need to process this data before showing results of transaction to user.
Technically speaking I know what needs to be done. Like Step 1) Giving a return URL to Payment Gateway to which Post request will be sent. Step2) This HTML URL of my application will send data received from payment gateway to server side for processing. Step3) Based on processed results I will show transaction result to user.
Where I am struggling is show to achieve this using AngularJS and Nodejs. Pls help
You can use Angular's $http service to easily send and get data from server.
I'hv been trying to learn the Google App Engine's Channel API lately.
I tried to make a simple chat app, but I am reaching problems.
This is generally what i have done.
server opens a static channel:
token = channel.create_channel('bigboys')
client js connect to channel with:
var channel = new goog.appengine.Channel(token)
I am not using Google App Engines users. I don't want clients to have to login.
So my problem is, the chat app doesn't really work, only one client can join the channel. I know there is a one client ID per channel rule. So how do I support multiple clients in one "chat room"?
Think of a channel being the connection between one client (browser) and your server.
If you have a chatroom, you'll need a channel for each client. You'll need something on the server side to keep track of all the clients in the chatroom, and the channel for each client. When you send a message, you'll need to send it on every client channel in the chatroom.