I'am searching for days now but could not get an answer.
I would like to do the following:
User connects to editor.html (Apache2 with basic http auth)
User want to open a file (lets say /home/user1/myfile.txt) on the server with his user/pass (same as in passwd)
Node.js Script gets startet with user rights from above and user can edit file
The Node Script will handle the connection via websockets and read/writes files.
I think the biggest problem is that its not possible to run a node script on the server from a web page... and I donĀ“t want to involve any php/cgi scripts... only Apache and Node.js / JS.
Please also comment or answer if you know that it is really not possible...
Thanks!
Kodak
Edit: The workflow should be the following:
User access webpage -> enters his credential (same as in passwd) -> node.js script gets started with the user rights of the logged in user -> files getting read or written with user rights
Biggest Problem: who starts the Node.js script? Apache? How?
I hate to be this person, but...
That is not the way node is designed, it is designed to use the event loop, I would recommend having node serve the static files, maybe using apache as a proxy, then when someone requests a certain page, doing what ever needs to be done, if you really must spawn a child process, use child_process.spawn, as for the rights of the user, I recommend just passing in a code, like 1=admin, 2=user, 3=guest, and the child process can do what is needs.
Use Socket.io - Official Socket.IO Website
You can also use Express with socket IO to create a separate app server. - Express JS Website
You may want to consider security implications of allowing a user to connect directly using their server side account. There are also many applications available that already do this that you might consider implementing instead of writing your own, with all the properly embedded security that will be required.
Let your users GET static auth.html page (via apache) without any authentication.
Let form submit action is some auth.js (Node.js script). This auth.js check if user's authentication is success. If so it starts node.js server, setups socket.io on it and redirects user to some editor.html.
In this case as you can notice that there is an authentication based on node.js scripting. If you want basic apache2 one I can recommend you the next scenario:
There is auth.html and editor.html pages on the server. Last one placed in /private folder and direct access to this folder is denied by .htaccess. So when the user pass apache2 authentication in auth.html he GET this auth.html which is empty document with onload event handler that send AJAX to auth.js (Node.js script). Node.js get private/editor.html and send it to user like /editor.html.
In this case user never has an access to editor without passing authentication. And after authentication node.js server is started and socket.io is setup and everything fine.
I found a solution:
It is possible to write a custom authentication program for apache with mod-auth-external:
https://code.google.com/p/mod-auth-external/
With basic authentication enabled the webserver would pass the credentials to a script/program and this can then run the node app.
Related
I have a static website developed through 11ty (Node based SSG), which contains a Contact form that sends a request to a nodemailer API with the data. Both are hosted on Render, as a Static Website and Web Service respectively, and they share a basic auth password which I've stored in each project as an environmental variable.
The Web Service accesses the variables just fine. However, the static website's event presents me with the error in the title "process" isn't defined, as in "process.env.VARIABLE_NAME" which is how I'm accessing them. I tried including a secret .env file in the project with the same key and including dotenv in the project, but no change.
I assume the nature of the static site is making it so the environmental variable isn't being processed/applied somehow. What possible steps could I be missing here?
EDIT: Although it seems it might be possible for me to do this through methods such as command line arguments (which then get injected into the code during the build process), that wouldn't work for my case since the password had to be secret in the generated source files. The dotenv package didn't work in my case. Finally, I've opted to discard this password-based authentication instead and simply use honeypot fields to prevent spam and CORS Origin headers in the API to control request source.
Your static site is running in a different context than your web service (which acts like a server). Since your static site is run from a users browser, it does not understand node-specific functionality like loading files or accessing your process environment.
Adding your password to your static site would also create a security risk, because a user could just see your password, take it, and run their own requests without any security your site may have.
A usual approach to this would be to create an API of your own that takes in a request from your static site and talks to the API directly or a technology stack that takes the page rendering to a server (like ServerSideRendering). This way, YOUR system takes care of calling the API while your users requests are restricted.
I have made a simple password protected webpage that provides the link to another webpage when we enter the correct password but we can easily have the webadrress of other page by browsers "View Page Source" feature.So how we can overcome this?
The problem is that you are keeping your secret data on the client and client can easily reach it. So, the only posible way for you is to keep them on the server. But, as far as I understand you need help with server part. So here is small instruction with links to the documentation.
You will need:
Some backend that will take data from your users and returns some responce. I would suggest you to have a look into Node.Js as a platform with Express as a server. Benefit from this setup is that Node.Js uses JavaScript so you have not to learn additional language, and Express is a very simple server to use. Of course, if you want to learn some other languages - you can take C# with ASP.NET MVC framework, PHP or any other nice language.
Some page with form for user's credentials that will post data to your backend. Basic form behavior can be found here
And some code on server that will validate credentials from form and return new page with or without your secret.
That's it. May be it sound a bit scary but there are lots of guides and information your can google.
Hope this helps. Happy coding!
Btw, if you are lloking for the some ready code, I have Node.JS client/server example with TypeScript (JavaScript with type validation) here. All you need is git, hope you already have it, and Node.Js
Then just execute this commands on your console (bash, cmd, etc)
git clone https://github.com/Drag13/typescript-browserify-template
This will download code from remote server to your local machine
npm install
Installs project dependencies - like express server
npm run server
Starts the server
cd..
npm run client
Starts the client
Maybe you will find this helpfull.
I am trying to implement Firebase Cloud Messaging to send push notifications to my app's users. I have found this tutorial by the Firebase team and read the documentation, in particular the one about the server.
It seems fairly simply but I am struggling with where I need to put Node.js code as it is not something I have done before. I currently have a website complete with index.html, style.css, etc. Where should I be putting the JavaScript code in order to make it run? If I simply create a file called Node.js at the root of my web server will that be enough to do the tutorial I linked earlier?
You will need a host that will allow you to run node.js scripts. Node that typical web hosts, such as Firebase Hosting, will not allow you to run node.js scripts. So you'll typically have a separate web site (which you can run almost anywhere) and a node host, which allows you to run node.js scripts on their server.
The blog post you refer to has a link to running node.js on Google Cloud Platform, which is one of the many platform that can run node.js scripts for you.
Since recommending a specific platform is off-topic on StackOverflow, the next best thing is a search like https://www.google.com/webhp?#q=Where+can+I+run+node.js+scripts.
The node.js chat example is ubiquitous. However, they all serve the static html page with which the chat feature is integrated.
What about an html page that is served via apache, php, .net, or other which interacts with a node.js based chat server. How would this be implemented?
For instance, the html page contains a form used to login. The form's action points to the node server which provides the authentication and message handling. How does this chat server communicate with the client-side when it is not also providing the static html content?
Yes, it's possible. If I understand you correctly, you'll probably want to use this approach:
Run the apache server on a different port from the node.js server, and have the static server serve the chat page. Then, you have two main options for how to get data from the static page to the node.js server: either use XMLHttpRequest directly from the static page with CORS (you'll need it because you're running from different ports, but it's still possible to have CORS allow from different ports on the same domain but nothing else, so it can still be secure), or have an invisible iframe of the node.js page on the static page, and then send data to it with postMessage, and then the iframe (which is on the same port as the node.js server, as it's being served by node.js) will forward the data from the postMessage to the server with XMLHttpRequest
You can also do a proxy, but it won't be as good for this type of situation I think, because if Apache is running the proxy, it completely erases how node.js does well with comet and things, but if you run node.js as the main server proxying to Apache, it would be easier just to do everything with node, so I'm guessing you don't want that
Here is a simple solution I found that works to add socket.io real-time interactivity to any existing html page, even when that page is hosted on another server.
Include a reference to socket.io in the head of the html page. The IP address and port number should be the location of your node.js server that is running socket.io.
<script src="http://xxx.xxx.xxx.xxx:xxxx/socket.io/socket.io.js"></script>
[NOTE: localhost doesn't work, you must use the actual IP address - don't forget the port]
Then, within a script block on the same html page, open a connection to the socket:
<script>
var socket = io.connect('http://xxx.xxx.xxx.xxx:xxxx');
</script>
That's it, you're connected!
I am trying to make a sign up activity on android and I am using a mysql database to store the data. On all the examples I have seen the http post goes to a ip address and then finds the php file. Can I just put the php file somewhere in the android app folder and access it from there, or do I have to find a host for it?
The php code, specially for tasks such as sign up, should never be placed on the client side or embedded with the front end application, but instead be placed on the server side hidden from the user for the sake of safety of your database/application. If you are only considering to put your php with your Android app together for the case you need to test it, and eventually doesn't have access to a server, you may then consider using Google App Engine, as it allows you to emulate a server locally without the need of a server. Here you find some info about Amazon's RDS.
You can put you php in the same directory you place your index.html file, i.e. in the root public directory of your domain. To load it to the Amazon, you can use the cPanel or the Filezilla or any other panel you wish among the options Amazon put available for their users.
In the case Amazon doesn't provide a place to put your php, as a suggestion, you can get a host that allows you to have a static ip accessing it thorough an easy to remember url address - for free. It is quite useful specially for making tests. Still if you decide at some point to have a personalized domain name registered, there are also some other good options to compare.
You dont need jQuery, when doing the POST request,PHP connects to the database get the data and return it to your app.
So to answer your question you should put the PHP in the same server where mysql runs.