I have an App Engine web application (based on python) in which one I would like to offer a "Free" Version and a "Premium" one. I would like to charge a monthly fee to the users that want to use the Premium version of the app, blocking access to premium features to the free users, just as Grooveshark does.
Which is the best way to do this when you're using Google App Engine for developing? I mean, I know that Paypal let you to charge a monthly fee to users but, How can I restrict access between the two interfaces? I'm really lost in this field, Never made a "Paid Model App" before.
Authorization determines what your users are allowed to do in your application based on their roles/permissions.
Basically you would need the following things:
A flag membership status that indicates if a user is Premium or not; this should be set after the payment
A #is_premium decorator to check if, reading the membership flag value
, a given Web Handler can be called by the current user
Have a look to Web2py authorization, Django Auth or Tipfy acl extension for some pretty neat solutions.
Related
I'm thinking on my scenario and there is a point I cannot manage to bring to a valid approach:
I have a web app where users log in and, among other things, they can create calendars. If this calendars are marked as publics, all users can see them.
I want them to be able to sync the calendars with their google calendar account. I have this already implemented using gapi.
The problem is when, after a while, any user updates an event of a calendar which other user had synchronized before. He is not going to see the changes in his google calendar, as I'm not able to send him updates since he is not logged into the app.
So, my idea was to create all calendars in our own account, and whoever wants to have it in their google account, just have to subscribe to it. I would do that with gapi.acl lib.
What I don't know how to do is: when the first user wants to syncronize the calendar, it should first be created in our own google account, so that the user will be able to subscribe to it...
But how do I change the account where to create a calendar using gapi?
Maybe it is a stupid question but I cannot manage to find out how to do it.
Thanks in advance!!!!
But how do I change the account where to create a calendar using gapi?
You cant, what you are trying to do is get offline access to a users Google calendar data. OffLine access means that your application can access the users account when the user is "offLine" as in not there. This being a fully automated functionality of your application.
You need to request permission of the user for "offline" access once that is granted you are given a Refresh token the refresh token can then be used to request a new access token when ever your application needs even if the user is "offline".
Your problem being that JavaScript is client side this means that the code is running in the users browser. Due to major security concerns offline access is not something you can request using JavaScript you need to use a server sided programming language.
Maybe it is a stupid question but I cannot manage to find out how to do it.
I don't think its a stupid question but I do think there are some major wholes in your applicating design.
You first need to think of if users really want you writing to their personal calendar account.
Then you need to consider weather or not you want to be writing and sharing your personal calendar with a bunch of unknown users.
There are also major limitations to the number of writes or inserts you can make to a single calendar per day so storing everyone's calendar data in your own calendar is going to not only messy but it may end up overloading your request limit.
Once all that is added up have you considered the verification process this application is going to have to go though. How will you justify your application to googles security review, I am writing to a users calendar, I am storing users calendar data in my own personal calendar ....
I plan to develop an app for Amazon Selling Partner API (SP-API). The general idea of the app is that it will be the app, that different sellers can use to help them manage their stock on Amazon. I myself am not a seller on Amazon, and I don't work for a particular seller. The app, once ready, should be available to multiple sellers who are interested in using it.
Unfortunately, from what I found in SP-API documentation here and here it seems it's impossible to register as a developer, without being a seller yourself or having an existing seller that can register you as a developer. Is this correct? If yes, is there any way to overcome this issue? It seems a bit ridiculous that Amazon doesn't provide an easy way for third party developers to develop and test their apps on Amazon.
They would require a Seller Central account to be set up for public applications to allow you to register as a developer. The main account would be used to access the developer registration form and can be used to set up developer access. This would also allow support cases to be raised. Be aware that they will charge a monthly fee. Recent updates to documentation appears to suggest this will only affect Public application developers.
I have spent 3 days researching this problem and cannot find a solution or similar use case that shows how to solve the problem, so any pointers would be greatly appreciated.
I am creating a web-app that uses Google Cloud Storage and Bigquery. A user registers on the web app and then can upload data to Cloud Storage and Big Query. Two users could be from the same company and therefore should be able to view the same data - i.e. Jack and Jill work for company A and if Jack uploads a massive dataset via this app, Jill should also be able to view it later.
Another scenario will be I have two completely separate clients with users using this web-app. If users from Company A upload data, users from Company B should not be able to view Company A's data, and vice versa. But users from the same company should be able to view the data within their company.
Currently, I have an app that works for a single company. This has a React front-end that uses Firebase for authentication. Once the user is logged in, they can use the app which sends off API calls to a Flask back-end that does some error checking and authentication checking and then fires off an API call to GCP. This uses a service account and the key is loaded as an environment variable in the environment in which the Flask app is running.
However, if Company B want to use the app now, both Company A and Company B will be able to see each other's data and visualize it through the app. In addition, they will be sharing a project (I would like to change this to allocate billing more easily to have each client have their own project).
I ultimately want to get this app onto Kubernetes and ensure that each company is independent of each other, however, do not want to have to have separate URL's for every company using the app. Also, I want to abstract GCP away from the client. I would prefer to authenticate a user based on their login credentials and then they will be given access to their GCP project (via my front-end) accordingly.
I thought about perhaps having separate service keys for each client and then storing the service key info in Firebase, while using the respective keys for API calls but not sure this is best practice. It is however the only strategy I can think of.
If anyone could provide some help or guidance it would be very much appreciated. This is my first GCP project and have not been able to find any answers on GCP, SO, Google Groups, Slack or Medium.
Thanks,
TJ
First if all, welcome on GCP! It's an awesome platform, very powerful and flexible. But not magic.
Indeed, the use case that you describe is specific to your business logic. GCP provides told for securing access for user and VM(through service account) but not for customer. Here you have to implement your own custom and authorisation logic, with a database (I don't recommend bigquery for website, the latency is too high) to list three users, the companies where they work, the blobs of each company...
Nothing is magic and your use case specific.
If you want to discuss more about which component to use and to start, no problem. Let a comment.
I am in process of designing a SaaS application over PaaS (Google App Engine).
My SaaS will have two user interfaces:
Web Based
Mobile App based
Web based would be feature-rich whereas Mobile app would have essential and/or frequently used features.
Mobile app would invoke RESTful services to perform business logic.
This SaaS would target mainly individuals using Mobile Apps; however, there could a use-case wherein these individuals could form a group and operate as a company.
So with that in mind, I am considering two entities: Account (Tenant) and User.
I am considering having many-to-many relationship between these two entities as one user could be part of multiple Accounts (unlikely but can’t be ruled out) and of course, one account can have multiple users.
I would like to know the best practices for authentication under such scenario:
Should I use Google's provided Authentication or should I implement my own authentication? (I am still exploring OAuth and Google's authentication offering.)
I think, for web-based interface, username/password over SSL would suffice. But, not sure, can this be applied to mobile app?
Can I avoid a situation wherein I have to store credentials in mobile app?
Thanks in advance for any help you can provide on this.
A
Having just completed my first project using Google App Engine, I can say that I ran into alot of the questions that you have. I'll try to explain my approach to each point and also approach it from your perspective as well.
Authentication - Generally using Google's auth would be the easiest route, but you would still have to implement a custom adaptation in order to work with the "company"/"group" concept. Implement in the datastore/whatever database you prefer to use an entity called "Groups" which have a list of google users... this way users can belong to many groups.. then you just search by property (user) to get all groups they belong to. I implemented my own authentication system for unrelated reasons.
Google App Engine comes with SSL/HTTPS support for its own domains. You can add in your own custom domain with SSL support as well. You can use SSL through native apps or mobile web apps additionally. I simply used the native support that came with it.
Yes and no. You will always have to store the credentials somewhere. Maybe it wont be in your apps code/directly connected to your app (Google auth would be an example). But somewhere, on your phone, the credentials WILL reside. They may be encrypted/obfuscated, but they will be there. So either have your user enter them in everytime, or save them/use the ones provided by the phone. For myself, .NET provided a nice way of storing credentials in a secure fashion (non-plain-text) for each user's machine.
If i want to rent space on my service which I in turn host on Google App Service, is there some Terms of Service i need to know about?
Also, if I want to provide a service that should be customized for a company, say a Wiki that the company can tailor like their own with skins and even domains. Can that be done? Will I have to provide the binaries to be installed at my customer's Google App accounts? E.g. my wiki application would run at wiki.company.com
I don't believe there is anything in the TOS that prevents you from selling your software as a service on GAE.
The domain issue is a bit trickier at the moment, however, as there are relatively limited tools for attaching large numbers of domain names to a single app instance. Your best bet at the moment would likely be to purchase Google for domains accounts for each customer and host them on these separate accounts.
(cf Issue 113)