I'm trying to make a site where users can create accounts then chat with each other in real time using Django, Orbited, and Twisted. I want it so that two users individual chats are private and only they can see it.
Based on my knowledge of Orbited(which is limited since it seems like the site is down, so I've just been going off of blog posts and whatnot), there are channels that basically anyone can subscribe to and get the messages sent to it. Since the subscribing is done through Javascript, it would be easy for someone to just change what channel they're subscribed to and subscribe to someone else's private chat and see what they're saying.
So how would you get around this and have some kind of authentication in Orbited's channels? I've been looking around and most people cite Hotdot as an example, but it's not extremely documented so it's hard to understand. It also seems like it just checks for authentication before allowing you to subscribe to anything, but once you're logged in you'd still be able to subscribe to any channel you want.
a dirty way is to do this:
since sessionids are unique to each logged in user, you can create a unique id for each chatsession and attach the sessionids of the users to that.
then let your channel-name be /messages/{sessionid} or something similar and your users subscribe to that channel
whenever you want to push messages, just push to all /messages/{sessionids} attached to that chatsession
for a better solution, you should try the orbited discussion group: http://groups.google.com/group/orbited-users
it is still alive ;-)
Related
I am learning about microservices and I get very confused when it comes to data duplication. From different sources on the internet I get very different opinions on the subject, but the main conclusion that I got is that it depends if it's good on your use case or application.
Now I am struggling because I am trying to make a very simple microservice where I think data duplication is not necessary, but can't seem to think of a good alternative to it.
My Application
I am basically making a Twitter clone to understand the basics of microservices using AWS. To start I have 3 services:
Timeline Service
Post (or tweet) Service
Follow Service
Timeline service
The timeline service should return the timeline of the user that asked it. It should check who the user is, that requests his/her timeline is following, get the 100 most recent posts from those users and return it to the user (that requested his/her timeline)
Posts/tweet Service
When a user is posting a new tweet/post, the post timeline should save the post in the post database to keep track of who posts what.
Follow Service
When a user wants to follow another user the follow service should keep track of that.
If I put it into an image it would look like this:
The problem
My question is about the timeline service. Should the timeline
Have two (in memory) databases that also keep track of who follows who and who posts which tweets to give the user quickly their timeline back
Or should the timeline service call the different services to get that information?
The 'bad' thing from the last option would be that if my posts service is failing and can't send or receive requests, my timeline service also does not work and you create dependency which goes against microservice principles.
Since the last option seems the worst one to me, I would say data duplication is the better option because of response time and to keep the different services from relying on each other.
Can anyone help me to get on the right track with this problem?
I am fairly new in web development and I decided to handle a user's availability to send a POST request to server. However, I do not know even whether it is possible or not but when a user close my Django site without using logout button (For example close the browser or tab), in order to understand the user is offline or online, I want to send a request to server. As a result, when the server does not get an answer from the user for a while, it automatically logout the user.
Can you tell me is it a good way to handle a user's availability and first of all is it a realistic solution? If it is, can you suggest me a document or example that helps me please.
I agree to to the answer of #Mounir. That's not related to django, if you want to know when a user is "disconnected"(close the tab or window) you need to use javascript, in concrete you need to use Sockets.
I recommend you this ones:
http://socket.io/
https://github.com/centrifugal/centrifugo
I'm using centrifugo for one project right now. In concrete, for chat and inbox messaging. It's very simple to make it run with Django.
Greetings
For logging out user you can use the Session expiration, but for all other staff you want to achieve I don't see any thin really related to Django itself, everything depend on your requirements and is more Browser/javascript related than Django.
If I post an app-to-user notification as per the docs (https://developers.facebook.com/docs/reference/api/user/#notifications), it does only have a 'Create' section in the docs, but I'm just wondering if there is any way I can then remove them, like you can with apprequests (https://developers.facebook.com/docs/reference/api/user/#apprequests)?
We're building a game which allows for random-user play, so need app-to-user communication, but don't want to use an app-to-user apprequest because they don't get notifications. But with app-to-user notifications, they clutter up notification list if you're not able to delete them from the app.
I know in you can call https://graph.facebook.com/me/notifications/, but you need the 'manage_notifications' extended permissions for that, which then gives you access to all your notifications, which we think is overkill and unnecessary.
Is there any other way?
There have many people asking around how to send private inbox message by graph api, i search for long time, the answer is no. the reason is "App must be on whitelist"
Alternate solution is send by chat api (xampp). but this is not my solution. coz html message is not supported in chat api.
I know dropbox can do it, may i ask how to whitelist my app in Facebook to send inbox message?
I have the same requirement for an app that I am developing and I haven't been able to find any explicit directions on how to get onto the "white list".
However, my suspicion is that you need to apply to get into the Preferred Marketing Developer Program
At least, this is what Facebook says you need to do to get white listed to use the Ads API:
The Ads API is a restricted platform which may only be accessed by whitelisted Apps. You can learn more about the program and apply online. You need to apply separately for each app.
I am also struggling with this question for a while now.
I've posted my question on the facebook.stackoverflow.com site: http://facebook.stackoverflow.com/questions/13587441/facebook-invite-friends-functionality-for-multiple-recipients-custom-message
Isn't there any way of handling this issue? Help is highly appreciated!
BUMP: This is not a dead request. I'm still hoping to get a solid answer from someone at Facebook or anyone else. Thanks.
Revised Inquiry: I don't know if I'm not asking the right question, or if I'm asking a valid question that no one can answer.
New Questions:
Can we use FQL or another means to get all of the requests seen at reqs.php? I'm essentially looking for something like this:
SELECT request_id, app_id FROM apprequest WHERE recipient_uid = me()
Notifications return that data but app requests are often batched into a single record with a link identifying some but not all requests. I want individual records for all app requests currently open. The data to do this must be available, as this is the data used to build notifications! It just seems that this is not being made available to us. :(
Thanks!
Original Inquiry Follows:
I have an app that aggregates various sources of Facebook information for a user. One of the sets of data I'm working on is the collection of apprequests which have been sent to this user by friends. For example, I open GreatApp and click to send a request to you. You may or may not use GreatApp but let's assume you haven't blocked requests from it. You now open my AggregatorApp that shows my request to you, and the included link back to GreatApp. The data you see is the same as at reqs.php but formatted differently, with much more data, and of course simply much better. ;)
I thought that is what we got in apprequests. From this question I'm understanding that apprequests is a collection of requests sent out by the current application.
When using path/me/apprequests, we don't need to specify an app ID. But I believe here we do need to provide an app token rather than a user token. Is that correct? If that's correct then this confirms that the requests are those that this app sent out, not requests generated by other apps.
When using FQL, we need to identify the uid of the app as well as the id of the request in order to query the apprequests table. I get that, but even with a valid request id and app id (and valid permissions) FQL doesn't return request data. (I haven't checked with an app id, maybe that's the key.)
I am hoping people will provide some concrete examples for any of the above, specifically getting inbound requests from other apps, and confirmation about what token or other detail is expected for /apprequests and the apprequests table to return data.
Thanks!
Other threads asking the same question without a good (or any) response:
thread1 thread2
You need to make a graph api request to get the apprequests connection for a user. See the current documentation here: http://developers.facebook.com/docs/reference/api/user/.
In the Connections table, the documentation correctly notes that you need an application access token to retrive the requests to that user. There's a bug in the documentation under (http://developers.facebook.com/docs/reference/api/user/#apprequests) that claims you need a user access token. This is incorrect, and (as you've seen) will return an empty list of requests.
Requests sent by an application are only visible to the application. The user can't see or delete these requests (though they are able to hide the request). The reason for this is that the applications can put data into the requests (255 characters) that's never exposed to the user or other applications.
I don't think there's a way you'll be able to aggregate a user's requests from apps that you don't have an access token for.
What I have found out (before my question was deleted) was that you can't access requests with a user token, and app tokens can only access requests that app has sent (and I found that out myself in the documentation and playing with the graph explorer). Since I know there are iPhone apps and browser plugins for processing requests, I assume they are accessing the page itself and parsing the data (like scraping a site). The downfall to that approach is that on the request page only around 100 requests from each app are shown at one time.
(Unless some people have found a way that they aren't sharing...)
You are right, you need the app_access_token and not the user_access_token.
I think the FB documentation has an error.
The definitive answer was provided by a Facebook developer here in response to my bug report. The resolution is that this is By Design. This relates to the note by #noah-callaway that there's probably some app-specific data in requests that should not be available to other apps.
This is a shame, in my opinion, because as Facebook is all about sharing data among friends, I think it adds a dimension to the ecosystem when apps can share (limited and reasonable) information among one another.
Thanks for the responses!