I need some advice on setting up an environment that is based on Django and XMPP.
My site has two parts.
Part A: users use an in-browser XMPP client, like Strophe.JS on a page that si served through Django.
Part B: Used by a different set of users to communicate with users who're communicating using the part A of the site. Users here will also use an in-browser XMPP client, like Strope.JS on a page that is server through Djano.
Since the communication happens in-browser, I'll not using a real XMPP stream but XMPP over BOSH. I've read that XMPP over BOSH is the de-facto way of transport XMPP messages over HTTP interfaces.
The solution for Part A is simple. A regular web-page with the Strophe.JS library thrown in. The difficult part for me seems to be figuring out how to handle the users of Part B. I need to relay XMPP messages between the Part A users and Part B users. The Part B users, need to able access information from the Django system for the user of Part A. I would need pretty good integration between XMPP and Django.
Could someone tell me how I would write a system like this? What tools would I use? Would a I use a stand alone XMPP server and integrate it to Django? If so, what? When a user on Part A initiates a chat session, it will show up on user of Part B of the site but which user will handle the chat request of the user will depend on some information retrieved from Django.
Thanks in advance everyone.
You'll definitely need stand alone Jabber/XMPP server (e.g. ejabberd). I'll make a wild guess that Part A users communicate within chat room A (MUC), and the same users in Part B communicate within chat room B. You need to write 3 scripts/daemons (I use perl and Net::Jabber (Net::XMPP can not join MUC)). They would be: scripta, scriptb, mediator.
script/daemon A will join the MUC room A, while mediator being part of it's roster. It will listen to all message stanzas but will react only to some (e.g. message stanza with body "SendToB MSG"). This message is sent by user that has joined chat room A. Then "RelayToB MSG" should be sent to mediator by scripta (From: scripta#jabberserver.dom, To: mediator#jabberserver.dom). The mediator will send the "RelayFromA MSG" to MUC B based on "RelayToB" part of the message stanza body. scriptb will receive "RelayFromA MSG" and will send "MSG" to chat room B.
script/daemon B (the same logic) with mediator#jabberserver.dom being in users roster.
mediator will not join any chat room. It will have scripta#jabberserver.dom and scriptb#jabberserver.dom in it's roster. It will only relay messages between the chat rooms.
I have already posted sample code here How to create a jabber/XMPP proxy/logging service?. The code will apply scripta/b. The code is rather long, and make sure you check InMessage and InPresence subs. Other stuff concerns my needs.
I hope I was clear enough. Don't hesitate to ask more questions.
EDIT:
Create script using perl and Net::Jabber. The user that will login to XMPP server will be mediator#jabberserver.dom. Everyone will be able to send messages to him. The mediator will forward messages to the support person in format (From:user1 MSG). Support person will reply to mediator#jabberserver.dom with the message (Reply:user1 REPLY). The mediator will forward REPLY to user1.
Check mod_shared_roster here http://www.ejabberd.im/shared-roster-all (example 4) and here http://www.process-one.net/docs/ejabberd/guide_en.html#htoc61.
I think that the 2-nd solution will require no additional coding apart from javascript/strophe code in your page.
Related
I am trying to set some session information in one web method and return it in another web method, but the session data is always empty on the second web method. Here is what I tried
Web Method 1 - Sets session information
Method StartSession() As %String [WebMethod]
{
set %session.NewSession = 1
set %session.Data("key") = "dude"
Quit "Session Started"
}
Web Method 2 - Gets session information should return dude, but is returning blank
Method TestSession() As %String [WebMethod]
{
Quit $Get(%session.Data("key"))
}
To use sessions with Cache web services you need to set the SOAPSESSION class parameter of your web service class equal to 1.
Doing so will cause the web service to return a SOAP session header in the response. If you are using a client that was built to expect this header you may not need to set up anything else. Otherwise, your client application will have to read this header and include it in all further requests, so the server can know which session you are using. An example of this header given in the documentation is:
<csp:CSPCHD xmlns:csp="http://www.intersystems.com/SOAPheaders">value of
CPSCHD token</csp:CSPCHD>
Note that security is a separate issue that your example doesn't address.
Also note that Intersystems has decided that web services will continue to use a license for some period of time after the call has been made. I can't find documentation on this, and I believe it's something like a few seconds per call. I believe that this can cause license issues that would not occur if you used other software to provide web services, and had that other software call Cache via some mechanism other than web services. I believe this is true even when that other software carefully follows all the rules in the license agreement about named and anonymous users. However, I'm not certain about any of this licensing stuff. Still, you might want to do some testing before you commit to an architecture.
As an alternative to psr's answer another way to handle state is to use custom SOAP headers.
For example:
Create a class for your custom SOAP headers like below:
Class Headers.TimeStamp Extends %SOAP.Header
{
Property TimeSent As %TimeStamp;
}
In the web method do this:
set h=##class(Headers.TimeStamp).%New()
set h.TimeSent=$ZTIMESTAMP
do ..HeadersOut.SetAt(h,"Timestamp")
This will generate the following SOAP header:
<SOAP-ENV:Header>
<TimeStamp xmlns:hdr="http://www.myapp.org">
<TimeSent>60712,70996.027Z</TimeSent>
</TimeStamp>
</SOAP-ENV:Header>
This will allow state to be maintained within the SOAP headers rather than using Cache's session management.
I apologize if this isn't "programming" worthy. I'm wondering if a service exists that when the HTTP service is pinged, it echos back the exact same request you made as the response.
The reason I want this is I want to UnitTest a class I made to build requests and send them over a socket. I realize I could just do a Mock object of some sort, but I think that involves more complexity than just making sure the request being sent was properly built.
Ideally, the web service would send the content back as proper HTTP 1.1 with the request info I sent in the body of the response.
Thanks!
Kyle
-- edit --
Just a quick reference to the solution. Point your browser to: http://scooterlabs.com/echo.json or http://scooterlabs.com/echo.xml
This guy seemed to have the same problem as you web service echo test
Refers to some links you might be interested in
I guess there are some uses for a simple echo, but in any kind of a realistic interaction it's going to be pretty hard to isolate just the piece you are trying to test.
A more general approach would be to use a local proxy server, stands as the man in the middle
between you and all remote sites, and can log urls, responses, content and so on.
If you're developing the server side as well as the client, you definitely ought to run a
local mirror of the server site.
I made an application using Qt/C++ that reads some values every 5-7 seconds and sends them to a website.
My approach is very simple. I am just reading the values i want to send and then i make an HTTP POST to the website. I also send the username and password to the website.
The problem is that i cannot find out if the request is successful. I mean that if i send the request and server gets it, i will get an HTTP:200 always. For example if the password is not correct, there is no way to know it. It is the way HTTP works.
Now i think i will need some kind of a protocol to take care the communication between the application and the website.
The question is what protocol to use?
If the action performed completes before the response header is sent you have the option of adding a custom status to it. If your website is built on PHP you can call header() to add the custom status of the operation.
header('XAppRequest-Status: complete');
if you can modify the server side script you could do the following
on one end :
You can make the HTTP post request via ajax
and evaluate the result of the ajax request.
On the serve side
On the HTTP request you do your process and if everything goes accordingly you can send data back to the ajax script that called it.
solves your problem .. ?
I am wanting to expose a restful web service for posting and retrieving data, this may be consumed by mobile devices or a web site.
Now the actual creation of the service isn't a problem, what does seem to be a problem is communicating from a different domain.
I have made a simple example service deployed on the ASP.NET development server, which just exposes a simple POST action to send a request with JSON content. Then I have created a simple web page using jquery ajax to send some dummy data over, yet I believe I am getting stung with the same origin policy.
Is this a common thing, and how do you get around it? Some places have mentioned having a proxy on the domain that you always request a get to, but then you cannot use it in a restful manner...
So is this a common issue with a simple fix? As there seem to be plenty of restful services out there that allow 3rd parties to use their service...
How exactly are you "getting stung with the same origin policy"? From your description, I don't see how it could be relevant. If yourdomain.com/some-path/defined-request.json returns a certain JSON response, then it will return that response regardless of what is requesting the file, unless you have specifically defined required credentials that are not satisfied.
Here is an example of such a web service. It will return the same JSON object regardless of from where the request is made: http://maps.googleapis.com/maps/api/geocode/json?address=1600+Amphitheatre+Parkway,+Mountain+View,+CA&sensor=true
Unless I am misunderstanding you (in which case you should clarify your actual problem), the same origin policy doesn't really seem to apply here.
Update Re: Comment
"I make a simple HTML page and load it as file://myhtmlfilelocation/myhtmlfile.html and try to make an ajax request"
The cause of your problem is that you are using the file:// URL scheme, instead of the http:// protocol scheme. You can find information about this scheme in Section 3.10 of RFC 1738. Here is an excerpt:
The file URL scheme is used to designate files accessible on a particular host computer. This scheme, unlike most other URL schemes, does not designate a resource that is universally accessible over the Internet.
You should be able to resolve your issue by using the http:// scheme instead of the file:// scheme when you make your asynchronous HTTP request.
Because I don't exactly know how any auth method works I want to write my own.
So, what I want to do is the following.
A client sends over HTTPs username+password(or SHA1(username+password))
the server gets the username+password and generates a big random number and stores it in
a table called TOKENS(in some database) along with his IP,
then it give the client that exact number.
From now on, all the requests made by the client are accompanied by that TOKEN
and if the TOKEN is not in the table TOKENS then any such request will fail.
If the user hasn't made any requests in 2 hours the TOKEN will expire.
If the user wants to log out he makes a request '/logout' to the server and the server
deletes from the table TOKENS the entry containing his token but ONLY if the request to
'/logout' originates from his IP.
Maybe I am reinventing the wheel... this wouldn't be very good so my question is if there
is some auth system that already works like this , what is it's name , does it have any OSS C++ libraries or Python libraries available ?
I am not sure if finding such an auth system and configuring it would take longer than
writing it myself, on the other hand I know security is a delicate problem so I am
approaching this with some doubt that I am capable of writing something secure enough.
Also, is there a good OSS C++ HTTP library ? I'm planning to write a RESTful Desktop
client for a web app. Depending on the available libraries I will choose if I'll write it
in C++ or Python.
If you are implementing such authentication system over ordinary HTTP, you are vulnerable to replay attacks. Attacker could sniff out the SHA1(username+password) and just resend it every time he/she wants to log in. To make such authentication system work, you will need to use a nonce.
You might want to look at HTTP Digest authentication for tips.
Because I don't exactly know how any auth method works I want to write my own
How could you ever write something you don't understand? Learn at least one, the underlaying concepts are similar in every library.
Python has repoze.what.
I would highly recommend OAuth here, for which many open source libraries are available.