I wrote a javascript file manager to manage user files on an Amazon S3. It uses the AWS Javascript API. Developed it using hard-coded IAM user credentials, and now for production want to use temporary credentials Instead.
My plan is for our PHP server to generate the temp credentials from the IAM credentials, via AJAX callback from the JS code to PHP via STS GetSessionToken. Seems simple enough, but I can't seem to find any documentation on how to pass the IAM key/secret to GetSessionToken in the URL. The examples in the AWS docs all show something like:
https://sts.amazonaws.com/?Version=2011-06-15&Action=GetSessionToken&DurationSeconds=3600&AUTHPARAMS
Where I guess "AUTHPARAMS" is so obvious that I should not need any further explanation. But sadly, I do need further explanation. All I need from the PHP side of things is this one little call, so I didn't really want to install the whole AWS PHP SDK just for this. If I can just find out how to build the URL for this one call, then I can send it off via CURL and be all set. At least that was the plan.
Is there a way to call GetSessionToken directly via the REST api, and pass it the IAM key/secret, or is it really more complicated than that?
You need to learn about AWS API request signing. More specifics here. Note that AWS regions opened after January 30, 2014 require v4 signing, while earlier regions accept v2 or v4 signing.
Or just use the PHP SDK which makes it all much simpler.
Related
I am building a static website, HTML, CSS, and Vanilla JS. I came to a point where I have to use MailChamp to send emails to the client whenever there is a form submission. Not so tricky, docs are very clear on how to do an API call. But I need to send an API_KEY with every request. Which is a problem. I do not want to save this secret key in the code. I have added it as a secret on github repo. But I am not sure how I can access it on Vanilla JS files. I tried the following,
process.env.API_KEY and API_KEY
I am getting this error, sendEmail.js:1 Uncaught ReferenceError: process is not defined
Which makes sense, because it's a static website. But I cannot think of any other way. If it was a node process it would have been very simple :/
Let's say I create an API endpoint, and the server where I can securely save API_KEY, how would I authenticate the request coming from the front-end/static website? Assuming that I cannot securely save the token on the client side.
There is no way to do it the way you want, i.e. with pure front end (FE) because it would mean that you need to send your secrets to them.
Whatever you send to the front end will always be accessible to your users, so it's not safe.
What you need to have is the back-end (BE), some kind of server that will receive an async call from the FE, connect to the external API and do whatever you want it to do, and then send some kind of confirmation to the FE that the process was successful.
Now, the BE will know your secrets, and this is fine because you control it and the users won't have access to it directly.
Now, you do not always need a full-blown application for that, some people are getting stuff done with platforms like Firebase, that can handle authentication of users for example for you.
So I am currently in the process of learning the new Javascript Cloud SDK. Of course there is also a package for attachments and document info records but I am still facing some problems.
So mainly I just want to get an attachment which is attached to a document info record and safe it to my local file system. I am working with the JS Cloud SDK so I am working with a Node application.
When working with the API directly (testing via Postman) I can get the media_src of the attachment simply by adding '$value' to the request path. When I try to access this URL outside of Postman with a simple Node https.get request I get a SAML 2.0 Error (SAML2 Service not accessible). I guess that is because I cannot access those URLs via browser and therefore I should use the SDK for that.
So the final problem I am facing is that I cannot find anything about getting the file itself in the JSDoc of the SDK.
Same goes also for creating an attachment. Should I use the 'builder()' method for that and pass a JSON object or how does a POST or PUT request work with that SDK? I cannot find any blogs etc. because they are only doing simple 'Hello World' programms or GET some data.
thanks for reaching out to us!
Currently, we do not support OData media streams in the JS SDK's VDM yet.
If this functionality is critical for you, you can consider using the Java version of the SDK. Alternatively, you can open an issue here.
Regarding the SAML error I cannot comment, since I don't how your Postman is configured or how your system is setup.
1) Client Access: Is there anyway to perform CRUD operations on DynamoDB using client side JavaScript (REST/Ajax/jQuery)?
I know Amazon has support for .NET and Java.
2) Server Access: Is there any way we can access DynamoDB using server side JavaScript (Node.js) without having to install Java/.NET on the server?
Update 2012-12-05
There is now an official AWS SDK for Node.js, see the introductory post AWS SDK for Node.js - Now Available in Preview Form for details, here are the initially supported services:
The SDK supports Amazon S3, Amazon EC2, Amazon DynamoDB, and the
Amazon Simple Workflow Service, with support for additional services
on the drawing board. [emphasis mine]
Update 2012-02-27
Wantworthy has implemented a Node.js module for accessing Amazon DynamoDB a week after its launch date, thus covering 2) as well, see dynode:
Dynode is designed to be a simple and easy way to work with Amazon's
DynamoDB service. Amazon's http api is complicated and non obvious how
to interact with it. This client aims to offer a simplified more
obvious way of working with DynamoDB, but without getting in your way
or limiting what you can do with DynamoDB.
Update 2012-02-11
Peng Xie has implemented a Node.js module for accessing Amazon DynamoDB at its launch date basically, thus covering 2) already, see dynamoDB:
DynamoDB uses JSON for communication. [...] This module wraps up the request
and takes care of authentication. The user will be responsible for
crafting the request and consuming the result.
Unfortunately there is no official/complete JavaScript SDK for AWS as of today (see AWS Software Development Kits and boto [Python] for the available offerings).
Fortunately decent coverage for several AWS services in JavaScript is provided by the Node.js library aws-lib already though, which would be a good starting point for adding DynamoDB accordingly. An as of today unresolved feature request to Add support for DynamoDB has been filed already as well.
Further, AWS forum user gmlvsk3 has recently implemented dedicated JavaScript interface for DynamoDB, but supposedly you need [a] Java runtime to run it, because it is based on the Mozilla Rhino JavaScript engine - I haven't reviewed the code in detail yet (at first sight it looks a bit immature though in comparison to e.g. aws-lib, but may cover your needs regardless of course), so you should check it out yourself.
Finally, you can implement JavaScript HTTP Requests to Amazon DynamoDB yourself of course (see the API Reference for Amazon DynamoDB for details):
If you don't use one of the AWS SDKs, you can perform Amazon DynamoDB
operations over HTTP using the POST request method. The POST method
requires you to specify the operation in the header of the request and
provide the data for the operation in JSON format in the body of the
request.
I created a module called Dino to make it easier to work with the AWS SDK in web applications. You can use something like Restify to expose your data to jQuery via a REST interface.
Suppose you wanted to display pages of blog posts for a user. Using Dino and Restify, you would do the following:
server.get('/posts/:user_id', function(req, res, next){
Post.find({
match: {
user_id: req.params.user_id
},
skip: req.params.skip || 0,
take: req.params.take || 10
}, function(err, posts){
return res.send(posts.toJSON());
});
});
Regarding 1), there is now the AWS SDK for JavaScript in the Browser that allows you to access services including DynamoDB.
as for 2) we've been working as well since DDB launch date. One of its key features are simplicity/performance and how close it is (retry behavior, etc) to Amazon official Java/PHP libraries:
https://github.com/teleportd/node-dynamodb
It's successfully used in production at various places with 100+ write/s (at teleportd). Additionally we're working on a a mocked version to enable efficient testing of the library's client code.
I want to collect data entered by the user in a browser and save to Amazon S3. Is this something I can do with Javascript/jQuery?
I know this is an old question, but I had the same issue and think I've found a solution. S3 has a REST interface to which you can POST data directly, without exposing your AWS Secret Key. So, you can construct an AJAX POST request to your S3 bucket endpoint using Javascript or jQuery. You can specify an access policy in the request as well, which restricts upload access to only certain buckets and certain directories.
Amazon verifies the authenticity of your requests using an HMAC signature which you provide in the request. The signature is constructed using details about the request and your AWS Secret Key, which only you and Amazon know, so fraudulent requests can't be made without someone having a valid signature.
Yes it is possible, and as I already pointed in the comments of the accepted answer there are legitimate and useful uses to do so without compromising security and credentials.
You can post objects to S3 directly from the browser:
http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTObjectPOST.html
Bad idea:
1) Think of how much fun people could have with emptying your bank account when they find your S3 credentials embedded in your Javascript code.
2) The javascript would be loaded from your server and trying to talk to Amazon's servers - that's forbidden as it's cross-domain communication.
Something like this you'd want to handle on the server. You could easily whip up an AJAX interface to send the data client browser -> your server -> amazon. That way your S3 credentials are store on your server and not transmitted willy-nilly to everyone using your site.
Maybe have a look at node.js, and try the aws-sdk package by:
npm install aws-sdk
There are blog and doc I found about how to upload files to S3:
this blog. and
aws doc.
There are a variety of issues with attempting to access S3 via client-side code:
There is no way to secure your credentials.
Many responses are in XML instead of JSON, and the XML parsing engine in JavaScript is heavy and slow.
Authenticating the requests would require JavaScript implementations of HMAC-SHA1.
There are issues with making cross-domain requests from JavaScript without routing through a proxy.
All-in-all, there are no feasible solutions for client-side JavaScript at the moment. If you're interested in server-side JavaScript, there are some S3 classes floating around GitHub for Node.js.
to start off, I know C++, C#, Python, some Ruby, and basic Javascript. Anyway, my question revolves around how to interact with RESTful API's via Javascript. I haven't been able to find any good examples on various websites, and so I've come here.
So my basic question is: How do I interact with RESTful API's via JS? And where can I find out how to implement OAuth in JS? I know how to get my keys and such, just not how to actually code them in.
Below is an example of a twitter API status update run from my MAC terminal with curl:
curl -u username:password
-d "my tweet"
http://api.twitter.com/1/statuses/update.json
How can I implement this in Javascript (preferably with OAuth authentication)? This would at least start me going in the right direction.
Thanks so much!!
The problem is that you will need to use AJAX to query the remote REST API, and AJAX is only allowed to query resources on the same domain as the page. So, a request to api.twitter.com will fail because it is on a different domain than your server.
To correct this you will need to code your server to make the request to twitter. You can however create your own AJAX stubs that will accept data directly from your page, and then build / send requests to twitter server-side using data supplied by your client.
Generally Justin's approach is the correct one, however if you must have your client script interact with the REST service then you can do it with JsonP. that's JSON data wrapped in a function call.
see this page how to do it
http://www.ibm.com/developerworks/library/wa-aj-jsonp1/
OAuth version 1.0 in JavaScript is a bad idea because you need to expose your application's secret key, by doing so you may be allowing anyone else to impersonate your application. OAuth 1.0 was intended for use with a server under your control. So your users can send their tokens to your server and then you fire off the request to twitter on their behalf.
OAuth 2.0 solves this though twitter does not support it yet.
If you really want OAuth 1.0 you use my plugin: https://github.com/jpillora/jquery.rest and also make the change specified in this GitHub issue