I'm already familiar that MongoDB is based on documents that are in JSON format. I'm creating my first web app using the MEAN stack, where users can register and then be able to sign in to a back-end dashboard where they can implement products/profile information etc. How would I set that up to be stored on MongoDB? would each user be stored as a document? And as far as security reasons, how can I go about not allowing a GET request to be able to get a different users information?
Currently, I just have a collection of users, and a collection of products (with the unique id number for each user), etc. to me that doesn't seem the proper way to store data.
If anyone can help me on how to setup the database for Mongo that would be fantastic! Thanks in advance!
would each user be stored as a document?
Yes, each user is an object, thus it's stored as a separate document.
how can I go about not allowing a GET request to be able to get a different users information?
This has nothing to do with Mongo or any other data storage mechanism. You'll need to work on a Web service layer which exposes your data filtering requests to authorize them based on user role, claims or any authorization approach you might find useful in your scenario.
Maybe you should look at implementing OAuth2. There's a package that integrates with Express to implement your own OAuth2 authorization server: node-oauth2-server.
Currently, I just have a collection of users, and a collection of
products (with the unique id number for each user), etc. to me that
doesn't seem the proper way to store data.
You are on the right way actually. Now when you show products page for users you need to retrieve only documents that belong to that single user that is currently authenticated, this implies that you have authentication set up, and products have a userId field.
This is how most application work. If you want to read about other ways of solving this then read about multi-tenancy.
Related
I'm building a React web app, where users can create 'content'. The content is displayed when a certain URL is visited, e.g.: https://myapp.com/username/contentid
The user doesn't have to be signed in to view the content.
My question is, how do I track unique views with Realtime firebase?
I don't necessarily need a code implementation, rather an idea/approach. Thanks!
First, you would need to enable your database to allow for writing capabilities from anonymous users. From there, write to the database when the site is first opened. You could store this information in a variety of different ways, I would recommend posting a timestamp and seeing total unique views by counting the total amount of timestamps uploaded. It may also be important to store locally, via Cookies, if the user has been to the site already. If they have, don't write.
I've created a webpage that will be used as a survey for end users to submit a review of how the helpdesk technician did with resolving a ticket. I've built the webpage using HTML, CSS, JS, and PHP. The page currently needs to pull 2 things from Dynamics 365: Users name and the company. I currently pass the ticket # via the URL which I plan to use as the value in a lookup (somehow).
I think that I need to use the Dynamics API somehow to get access to pull data from the form but I am not sure how to go about that. I found this post online https://functionalthoughts.com/dynamics-365-web-api-retrieve-data-javascript/
which I think is only for web resources created inside of CRM.
Here is an image of what I currently have:
Image
and the value that I have passed via URL Image2
The end goal would be to pull the value of the name and company fields in Dynamics 365 Online.
Without full context of your application, I can only give you high level pointers.
Before anything,
You need to authenticate to Dataverse (the engine that is hosting the data your after). That means you need a an identity + JWT Token to auth.
This is the more complicated part, depending on how your managing access to your site and if your intending to allow dataverse to manage data access security.
To do that, in php, your going to want to start here: https://learn.microsoft.com/en-us/azure/active-directory/develop/reference-v2-libraries#web-application and read up the Python path for MSAL.
Once you have that you will either use a S2S app ( ConfidentialClient app ), or user identity auth ( publicclient app. )
For explanation sake, I am going to assume that you created a Confidential app to work with. In Dataverse this type of login identity is called an "Application User"
Now you need add the application user to Dataverse and grant it permission to read the data you want. You should work with the admin of the dataverse instance to get that setup. if your trying to solo it :) there is a good blog on how to do this here: https://powermaverick.dev/2020/08/10/create-application-user-in-dataflex-pro-cds/ Dont forget to grant your user a security role that can access the data your after.
Next,
You said you want to query by Ticket ID, again assuming that ticket id is in dataverse, you need to create an alternate key for the field that contains the ticket to be able to query on it.
you can find info on how to do that here: https://learn.microsoft.com/en-us/powerapps/developer/data-platform/define-alternate-keys-entity
Ok, now that you have a user to work with and can create a token, and you have an alt key on the column your trying to query on, you just need to form the query to dataverse.
General info on how to form and call queries in dataverse can be found here https://learn.microsoft.com/en-us/powerapps/developer/data-platform/webapi/query-data-web-api a specific example of retrieving via alt key can be found here: https://learn.microsoft.com/en-us/powerapps/developer/data-platform/webapi/retrieve-entity-using-web-api#retrieve-using-an-alternate-key
Now that you have all the setup done, and once you have formed your query, you will need to generate the token and add it to the authorization header of the request and send over.
That should get you data back.
I am new to web development, but I am building a tool to help us visualize the customers in our database in a more concrete way (basically a CRM of sorts). Its a web app using a node.js backend and Vue.js for the front end.
THE BIG QUESTION - I found a connection.threadId query that can be run. If I save this threadID in a cooke or JSON web token, can I use this to have each user uniquely querying the database? If you need additional information on my issue, continue reading.
Essentially the problem I am running into is authentication. We were able to get a dummy user create that has read only privileges to the database, but this doesnt help the account management team. I am trying to find a way for them to be able to login with their own credentials and then be able to run queries from my node.js (javascript) backend using a series of get and post requests.
I am able to get the user to login with the SQL password and they can run the initial query (that fires upon login) but they then cannot re-query the database if someone else logs in after them (I realized that my variables were all globally scoped on the server.) I then moved everything client side in JSON web tokens, but I had to hash the database password to be safe which leaves me with another problem. My hash and the original database hash do not match, and that is not something I'll ever get access to. Not really sure where else to go with this at this point.
Please ask if you need any additional information to assist.
Thanks!
You probably can't.
You also probably shouldn't use variables on the SQL server for a web app like this. If you can refactor those into variables you can schlep around in the user session (or POST parameters or whatever), you're much better off, being more stateless (as far as the server components are concerned) and all too.
I am developing a website in HTML, JS, and CSS. My result is a PWA (Progressive Web App). It works really great. I am hosting and serving it via the Firebase Hosting and enjoy many functions of firebase. To let the user feel the full power of a PWA I need to manage Push Notifications. For that, I want to use Firebase Cloud Messaging. I already know how to send push notifications and so on. On my webpage, the users can subscribe to topics. And here we go. I do not know how to subscribe/unsubscribe a user to a topic via the javascript without the admins SDK. Can please provide somebody a clear and simple example for subscribe/unsubscribe users? From the documentation, I will not be smart.
Thanks in advance,
Filip.
I would do it like that:
(I assume you have users tokens stored somwhere in the database ordered by users id)
Create table 'topics' - store users ids there.
Create form - let the user add its id to the 'topic' table.
Then, before sending FCM, store every token, from owners which ids are assigned to the specific topic in the 'topic' table.
I have an express server setup that is handling all of my routing and session stuff. I want the system to work so that when a user is logged in they are able to connect to a "hub" like entity that is uniquely based on the location of the "hub". I thought about working it like each of the "hubs" is a collection in a database, but the way it works is that a user connects to the "hub" and then disconnects from it when they are done but can connect to different "hubs" based on a location. How should I go about creating a unique group of "hub" like things that all act as objects with storable data?
Instead of connecting to a "hub", why not just present them with different information from a database based on their location. The user will never really connect to anything other than your single backend. Unless, ofcourse, you set up different servers all over the world (known as a CDN, and probably a bit too much effort).
If you're using express, you could use something like mongodb for data storage.
With mongodb you get the mongoose npm package. With that, you can create Schemas. You could have different Schemas as "hubs" and load the correct ones based on location data. That would let the user see different information for different locations.