1659360600
トークン認証と Javascript を使用したファイルのダウンロード
最近、私のプロジェクトで問題が発生しました。複雑な承認規則に基づいて、ユーザーがバックエンドからファイルの ZIP アーカイブをダウンロードできるようにする必要がありました。次の 4 段階のプロセスが必要でした。
- フロントエンドは、ダウンロードするファイル名のリストを使用してバックエンドを呼び出します。
- バックエンドは、JWT トークンを使用してユーザーを認証します。
- 次に、ユーザーがそれらのファイルを取得することを許可されているかどうかを確認します。
- 最後に、アーカイブを送り返します。
これまで、私たちは「あいまいさによるセキュリティ」に依存していました。つまり、ユーザーが盗み見して取得するはずのないファイルをダウンロードするのを防ぐために、一意に生成されたファイル名を信頼していました。
しかし、これだけでは十分ではありませんでした。ファイルに対するユーザーの権利を取り消すにはどうすればよいでしょうか? ユーザーがアクセスするはずのないファイルにアクセスしていないことをどのように確認できますか? ルートに認証を追加する必要がありました。
認証されていないケース
まず、今まで使っていたコードをお見せしましょう。この場合、バックエンドは Spring Boot マイクロサービスであり、フロントエンドは Angular SPA です。
以下は、認証されていないケースの簡略版です。/files/downloadこれが行うことは、一連のファイル ID をパラメーターとして取得し、ファイルを取得して圧縮し、クライアントに送り返すGET ルートを定義することです。
@GetMapping("/files/download")
public ResponseEntity<ByteArrayResource> download(
@RequestParam Set<UUID> fileIds
) {
ByteArrayResource zippedFiles = new ByteArrayResource(
fileService.getZippedFiles(fileIds)
);
return ResponseEntity
.ok()
.contentLength(zippedFiles.contentLength())
.header(HttpHeaders.CONTENT_TYPE, "application/zip")
.header(
HttpHeaders.CONTENT_DISPOSITION,
ContentDisposition
.builder("attachment")
.filename("archive.zip")
.build()
.toString()
)
.body(zippedFiles)
;
}これで、 に GET リクエストを送信すると、圧縮された/files/download?fileIds=UUID名前のファイルを受け取ります。UUIDこれにより、フロントエンド コードを非常にシンプルに保つことができます。これは、 Content-Disposition ヘッダーのおかげで、クライアントのブラウザーでダウンロード ポップアップをトリガーするのに、バックエンド ルートへの URL を指す単純なアンカー要素で十分だからです。
したがって、フロントエンド コンポーネントは必要なファイル名を取得し、何らかの方法でそれらを連結してから、次のようにバックエンド URL へのリンクを表示するだけです。
<a
href="{{ backendUrl }}/files/download?fileIds={{ fileNames$ | async }}"
>Download your archive</a>これはすべて問題ありませんが、これを行うと JWT トークンを転送できないため、ユーザーを認証できません。別の方法でファイルをダウンロードする必要があります。
ルートへの認証の追加
そのため、まず、何らかの認証と承認を追加する必要があります。私のプロジェクトには複雑な承認規則が必要でしたが、ファイルを送信する前にユーザーがログインしていることを確認したいだけだとしましょう。これは、バックエンド ルートにデコレータを追加するだけの問題です。
@GetMapping("/files/download")
@PreAuthorize("hasRole(T(fr.theodo.security.Roles).USER)")
public ResponseEntity<ByteArrayResource> download(…) {…}これは簡単な部分です。ここで、前述のリンクを使用しようとすると、エラーが発生します。認証トークンが提供されていないため、バックエンドは 401 Unauthorized 応答で応答します。どうすれば修正できますか?
JavaScript を使用したファイルの取得
ファイルのダウンロードは 2 つの手順で行われます。まず、JavaScript を使用してファイルをダウンロードし、認証トークンを設定できるようにします。次に、ファイルをユーザーに「転送」します。
または、 Cookie ベースの認証など、このルート専用の別の認証方法を設定することもできますが、これは、プロジェクトに 2 つの異なる認証方法があり、そのうちの 1 つが単一のルートで使用されることを意味します。それに対してアドバイスします。
ファイルのダウンロード
ある種の API クライアントを使用してバックエンドへの認証済み呼び出しを既に実行していると仮定すると、ファイルのダウンロードは簡単です。コンポーネントでクライアントをインスタンス化し、バックエンドを呼び出します (ここでは、 で実行されますthis.apiClient.downloadZipFile)。
RxJSswitchMapオペレーターを使用すると、変更があった場合に以前の呼び出しを破棄できますthis.project$。Learn RxJS で詳細を読むことができます。
export class MainPanelComponent {
@Input() project$!: Observable<Project>;
constructor(private apiClient: ApiClientService) {}
private getZip(): Observable<string> {
return this.project$.pipe(
switchMap(project => this.apiClient.downloadZipFile(project.files)),
);
}
}ユーザーへのファイルの「転送」
によって Observable として返されたファイルを取得しswitchMapたので、ユーザーのコンピューターで保存をトリガーする必要があります。これは、RxJS パイプで 2 つの新しい演算子をチェーンするだけの問題です。
…
return this.project$.pipe(
switchMap(project => this.apiClient.downloadZipFile(project.files)),
map(data => window.URL.createObjectURL(data)),
tap(url => {
window.open(url, '_blank');
window.URL.revokeObjectURL(url);
})
);
…まず、map取得したデータをオブジェクト URLに渡します(単純なstring)。MDNはそれらをより詳細に説明しますが、知っておく必要がある主なことは、それらがブラウザーのメモリを指すローカル URLを作成する方法であることと、Internet Explorer ではサポートされていないことです。対象者によって異なります。
最後に、tapこの新しい Observable にアクセスして、ファイルをユーザーに公開し (このローカル URL で新しいウィンドウを開くだけで機能します)、オブジェクト URL を削除して自分の背後をクリーンアップします (これにより、ファイルが読み込まれると、ブラウザーはメモリを解放できます)。ダウンロードされます)。
ダウンロードのトリガー
お気付きかもしれませんが、今のところgetZipメソッドはありますが、それを呼び出していません。これを解決するには、コンポーネントに 2 行、テンプレートに 1 行のコードを追加するだけです。
export class MainPanelComponent {
@Input() project$!: Observable<Project>;
zipDownloadTrigger = new EventEmitter<void>();
constructor(private apiClient: ApiClientService) {
this.zipDownloadTrigger.pipe(exhaustMap(this.getZip)).subscribe();
}
…
}<button (click)="zipDownloadEmitter.emit()">Download your archive</button>これは、ボタンがクリックされるたびに発生するイベント エミッターを定義します。このエミッターをexhaustMapRxJS オペレーターと連鎖させます。このオペレーターはgetZipメソッドを呼び出し、イベント エミッターのリッスンを再開する前に完了するのを待ちます (したがって、「排出」です。詳細については、 RxJSの学習を参照してください)。
これは、コンポーネントがファイルをダウンロードしている間、ボタンのすべてのクリックが無視されることを意味します。これがなくても実行できることに注意してください。その場合、getZipメソッドをボタンのクリック コールバックとして単純に渡すことができます。
簡単にするために、ここではボタンを使用していますが、これはアクセシビリティの点で悪い習慣であることに注意してください。ファイルをダウンロードするには、常にダウンロード リンクを使用する必要があります。ここで、ダウンロードをトリガーするボタンを作成し、ローカル URL をhref属性としてリンクを表示できます。
UX の細やかさと最終的なコード
これらすべてをまとめて単純な読み込みトグルを追加すると、次のコードが得られます。
export class MainPanelComponent {
@Input() project$!: Observable<Project>;
isTheArchiveLoading: boolean = false;
zipDownloadTrigger = new EventEmitter<void>();
constructor(private apiClient: ApiClientService) {
this.zipDownloadTrigger.pipe(exhaustMap(this.getZip)).subscribe();
}
private getZip(): Observable<string> {
this.isTheArchiveLoading = true;
return this.project$.pipe(
switchMap(project =>
this.apiClient
.downloadZipFile(project.files)
.pipe(finalize(() => { this.isTheArchiveLoading = false; }))
),
map(data => window.URL.createObjectURL(data)),
tap(url => {
window.open(url, '_blank');
window.URL.revokeObjectURL(url);
})
);
}
}isTheArchiveLoadingこれにより、 true の場合にローダーをユーザーに表示できるようになります。メソッドと同様に、解決時finalizeにパイプ内の演算子downloadZipFileが呼び出されます。downloadZipFilePromise.finally()
これで、フロントエンドから呼び出される認証済みルートを使用して、完全に機能するダウンロード方法ができました!
ソース: https://blog.theodo.com/2021/03/authenticated-file-download-with-javascript/
What is GEEK
Buddha Community
1622207074
What is JavaScript - Stackfindover - Blog
Who invented JavaScript, how it works, as we have given information about Programming language in our previous article ( What is PHP ), but today we will talk about what is JavaScript, why JavaScript is used The Answers to all such questions and much other information about JavaScript, you are going to get here today. Hope this information will work for you.
Who invented JavaScript?
JavaScript language was invented by Brendan Eich in 1995. JavaScript is inspired by Java Programming Language. The first name of JavaScript was Mocha which was named by Marc Andreessen, Marc Andreessen is the founder of Netscape and in the same year Mocha was renamed LiveScript, and later in December 1995, it was renamed JavaScript which is still in trend.
What is JavaScript?
JavaScript is a client-side scripting language used with HTML (Hypertext Markup Language). JavaScript is an Interpreted / Oriented language called JS in programming language JavaScript code can be run on any normal web browser. To run the code of JavaScript, we have to enable JavaScript of Web Browser. But some web browsers already have JavaScript enabled.
Today almost all websites are using it as web technology, mind is that there is maximum scope in JavaScript in the coming time, so if you want to become a programmer, then you can be very beneficial to learn JavaScript.
JavaScript Hello World Program
In JavaScript, ‘document.write‘ is used to represent a string on a browser.
<script type="text/javascript">
document.write("Hello World!");
</script>
How to comment JavaScript code?
- For single line comment in JavaScript we have to use // (double slashes)
- For multiple line comments we have to use / * – – * /
<script type="text/javascript">
//single line comment
/* document.write("Hello"); */
</script>
Advantages and Disadvantages of JavaScript
#javascript #javascript code #javascript hello world #what is javascript #who invented javascript
1616670795
Hire Dedicated JavaScript Developers -Hire JavaScript Developers
It is said that a digital resource a business has must be interactive in nature, so the website or the business app should be interactive. How do you make the app interactive? With the use of JavaScript.
Does your business need an interactive website or app?
Hire Dedicated JavaScript Developer from WebClues Infotech as the developer we offer is highly skilled and expert in what they do. Our developers are collaborative in nature and work with complete transparency with the customers.
The technology used to develop the overall app by the developers from WebClues Infotech is at par with the latest available technology.
Get your business app with JavaScript
For more inquiry click here https://bit.ly/31eZyDZ
Book Free Interview: https://bit.ly/3dDShFg
#hire dedicated javascript developers #hire javascript developers #top javascript developers for hire #hire javascript developer #hire a freelancer for javascript developer #hire the best javascript developers
1589255577
The essential JavaScript concepts that you should understand
As a JavaScript developer of any level, you need to understand its foundational concepts and some of the new ideas that help us developing code. In this article, we are going to review 16 basic concepts. So without further ado, let’s get to it.
#javascript-interview #javascript-development #javascript-fundamental #javascript #javascript-tips
1626321063
JS Development Company India | JavaScript Development Services
PixelCrayons: Our JavaScript web development service offers you a feature-packed & dynamic web application that effectively caters to your business challenges and provide you the best RoI. Our JavaScript web development company works on all major frameworks & libraries like Angular, React, Nodejs, Vue.js, to name a few.
With 15+ years of domain expertise, we have successfully delivered 13800+ projects and have successfully garnered 6800+ happy customers with 97%+ client retention rate.
Looking for professional JavaScript web app development services? We provide custom JavaScript development services applying latest version frameworks and libraries to propel businesses to the next level. Our well-defined and manageable JS development processes are balanced between cost, time and quality along with clear communication.
Our JavaScript development companies offers you strict NDA, 100% money back guarantee and agile/DevOps approach.
#javascript development company #javascript development services #javascript web development #javascript development #javascript web development services #javascript web development company
1670062320
How to Use Zapier with MongoDB
I’m a huge fan of automation when the scenario allows for it. Maybe you need to keep track of guest information when they RSVP to your event, or maybe you need to monitor and react to feeds of data. These are two of many possible scenarios where you probably wouldn’t want to do things manually.
There are quite a few tools that are designed to automate your life. Some of the popular tools include IFTTT, Zapier, and Automate. The idea behind these services is that given a trigger, you can do a series of events.
In this tutorial, we’re going to see how to collect Twitter data with Zapier, store it in MongoDB using a Realm webhook function, and then run aggregations on it using the MongoDB query language (MQL).
The Requirements
There are a few requirements that must be met prior to starting this tutorial:
- A paid tier of Zapier with access to premium automations
- A properly configured MongoDB Atlas cluster
- A Twitter account
There is a Zapier free tier, but because we plan to use webhooks, which are premium in Zapier, a paid account is necessary. To consume data from Twitter in Zapier, a Twitter account is necessary, even if we plan to consume data that isn’t related to our account. This data will be stored in MongoDB, so a cluster with properly configured IP access and user permissions is required.
You can get started with MongoDB Atlas by launching a free M0 cluster, no credit card required.
While not necessary to create a database and collection prior to use, we’ll be using a zapier database and a tweets collection throughout the scope of this tutorial.
Understanding the Twitter Data Model Within Zapier
Since the plan is to store tweets from Twitter within MongoDB and then create queries to make sense of it, we should probably get an understanding of the data prior to trying to work with it.
We’ll be using the “Search Mention” functionality within Zapier for Twitter. Essentially, it allows us to provide a Twitter query and trigger an automation when the data is found. More on that soon.
As a result, we’ll end up with the following raw data:
{
"created_at": "Tue Feb 02 20:31:58 +0000 2021",
"id": "1356701917603238000",
"id_str": "1356701917603237888",
"full_text": "In case anyone is interested in learning about how to work with streaming data using Node.js, I wrote a tutorial about it on the @MongoDB Developer Hub. https://t.co/Dxt80lD8xj #javascript",
"truncated": false,
"display_text_range": [0, 188],
"metadata": {
"iso_language_code": "en",
"result_type": "recent"
},
"source": "<a href='https://about.twitter.com/products/tweetdeck' rel='nofollow'>TweetDeck</a>",
"in_reply_to_status_id": null,
"in_reply_to_status_id_str": null,
"in_reply_to_user_id": null,
"in_reply_to_user_id_str": null,
"in_reply_to_screen_name": null,
"user": {
"id": "227546834",
"id_str": "227546834",
"name": "Nic Raboy",
"screen_name": "nraboy",
"location": "Tracy, CA",
"description": "Advocate of modern web and mobile development technologies. I write tutorials and speak at events to make app development easier to understand. I work @MongoDB.",
"url": "https://t.co/mRqzaKrmvm",
"entities": {
"url": {
"urls": [
{
"url": "https://t.co/mRqzaKrmvm",
"expanded_url": "https://www.thepolyglotdeveloper.com",
"display_url": "thepolyglotdeveloper.com",
"indices": [0, 23]
}
]
},
"description": {
"urls": ""
}
},
"protected": false,
"followers_count": 4599,
"friends_count": 551,
"listed_count": 265,
"created_at": "Fri Dec 17 03:33:03 +0000 2010",
"favourites_count": 4550,
"verified": false
},
"lang": "en",
"url": "https://twitter.com/227546834/status/1356701917603237888",
"text": "In case anyone is interested in learning about how to work with streaming data using Node.js, I wrote a tutorial about it on the @MongoDB Developer Hub. https://t.co/Dxt80lD8xj #javascript"
}
The data we have access to is probably more than we need. However, it really depends on what you’re interested in. For this example, we’ll be storing the following within MongoDB:
{
"created_at": "Tue Feb 02 20:31:58 +0000 2021",
"user": {
"screen_name": "nraboy",
"location": "Tracy, CA",
"followers_count": 4599,
"friends_count": 551
},
"text": "In case anyone is interested in learning about how to work with streaming data using Node.js, I wrote a tutorial about it on the @MongoDB Developer Hub. https://t.co/Dxt80lD8xj #javascript"
}
Without getting too far ahead of ourselves, our analysis will be based off the followers_count and the location of the user. We want to be able to make sense of where our users are and give priority to users that meet a certain followers threshold.
Developing a Webhook Function for Storing Tweet Information with MongoDB Realm and JavaScript
Before we start connecting Zapier and MongoDB, we need to develop the middleware that will be responsible for receiving tweet data from Zapier.
Remember, you’ll need to have a properly configured MongoDB Atlas cluster.
We need to create a Realm application. Within the MongoDB Atlas dashboard, click the Realm tab.
For simplicity, we’re going to want to create a new application. Click the Create a New App button and proceed to fill in the information about your application.
From the Realm Dashboard, click the 3rd Party Services tab.
We’re going to want to create an HTTP service. The name doesn’t matter, but it might make sense to name it Twitter based on what we’re planning to do.
Because we plan to work with tweet data, it makes sense to call our webhook function tweet, but the name doesn’t truly matter.
With the exception of the HTTP Method, the defaults are fine for this webhook. We want the method to be POST because we plan to create data with this particular webhook function. Make note of the Webhook URL because it will be used when we connect Zapier.
The next step is to open the Function Editor so we can add some logic behind this function. Add the following JavaScript code:
exports = function (payload, response) {
const tweet = EJSON.parse(payload.body.text());
const collection = context.services.get("mongodb-atlas").db("zapier").collection("tweets");
return collection.insertOne(tweet);
};
In the above code, we are taking the request payload, getting a handle to the tweets collection within the zapier database, and then doing an insert operation to store the data in the payload.
There are a few things to note in the above code:
- We are not validating the data being sent in the request payload. In a realistic scenario, you’d probably want some kind of validation logic in place to be sure about what you’re storing.
- We are not authenticating the user sending the data. In this example, we’re trusting that only Zapier knows about our URL.
- We aren’t doing any error handling.
When we call our function, a new document should be created within MongoDB.
By default, the function will not deploy when saving. After saving, make sure to review and deploy the changes through the notification at the top of the browser window.
Creating a “Zap” in Zapier to Connect Twitter to MongoDB
So, we know the data we’ll be working with and we have a MongoDB Realm webhook function that is ready for receiving data. Now, we need to bring everything together with Zapier.
For clarity, new Twitter matches will be our trigger in Zapier, and the webhook function will be our event.
Within Zapier, choose to create a new “Zap,” which is an automation. The trigger needs to be a Search Mention in Twitter, which means that when a new Tweet is detected using a search query, our events happen.
For this example, we’re going to use the following Twitter search query:
url:developer.mongodb.com -filter:retweets filter:safe lang:en -from:mongodb -from:realm
The above query says that we are looking for tweets that include a URL to developer.mongodb.com. The URL doesn’t need to match exactly as long as the domain matches. The query also says that we aren’t interested in retweets. We only want original tweets, they have to be in English, and they have to be detected as safe for work.
In addition to the mentioned search criteria, we are also excluding tweets that originate from one of the MongoDB accounts.
In theory, the above search query could be used to see what people are saying about the MongoDB Developer Hub.
With the trigger in place, we need to identify the next stage of the automation pipeline. The next stage is taking the data from the trigger and sending it to our Realm webhook function.
As the event, make sure to choose Webhooks by Zapier and specify a POST request. From here, you’ll be prompted to enter your Realm webhook URL and the method, which should be POST. Realm is expecting the payload to be JSON, so it is important to select JSON within Zapier.
We have the option to choose which data from the previous automation stage to pass to our webhook. Select the fields you’re interested in and save your automation.
The data I chose to send looks like this:
{
"created_at": "Tue Feb 02 20:31:58 +0000 2021",
"username": "nraboy",
"location": "Tracy, CA",
"follower_count": "4599",
"following_count": "551",
"message": "In case anyone is interested in learning about how to work with streaming data using Node.js, I wrote a tutorial about it on the @MongoDB Developer Hub. https://t.co/Dxt80lD8xj #javascript"
}
The fields do not match the original fields brought in by Twitter. It is because I chose to map them to what made sense for me.
When deploying the Zap, anytime a tweet is found that matches our query, it will be saved into our MongoDB cluster.
Analyzing the Twitter Data in MongoDB with an Aggregation Pipeline
With tweet data populating in MongoDB, it’s time to start querying it to make sense of it. In this fictional example, we want to know what people are saying about our Developer Hub and how popular these individuals are.
To do this, we’re going to want to make use of an aggregation pipeline within MongoDB.
Take the following, for example:
[
{
"$addFields": {
"follower_count": {
"$toInt": "$follower_count"
},
"following_count": {
"$toInt": "$following_count"
}
}
}, {
"$match": {
"follower_count": {
"$gt": 1000
}
}
}, {
"$group": {
"_id": {
"location": "$location"
},
"location": {
"$sum": 1
}
}
}
]
There are three stages in the above aggregation pipeline.
We want to understand the follower data for the individual who made the tweet, but that data comes into MongoDB as a string rather than an integer. The first stage of the pipeline takes the follower_count and following_count fields and converts them from string to integer. In reality, we are using $addFields to create new fields, but because they have the same name as existing fields, the existing fields are replaced.
The next stage is where we want to identify people with more than 1,000 followers as a person of interest. While people with fewer followers might be saying great things, in this example, we don’t care.
After we’ve filtered out people by their follower count, we do a group based on their location. It might be valuable for us to know where in the world people are talking about MongoDB. We might want to know where our target audience exists.
The aggregation pipeline we chose to use can be executed with any of the MongoDB drivers, through the MongoDB Atlas dashboard, or through the CLI.
Conclusion
You just saw how to use Zapier with MongoDB to automate certain tasks and store the results as documents within the NoSQL database. In this example, we chose to store Twitter data that matched certain criteria, later to be analyzed with an aggregation pipeline. The automations and analysis options that you can do are quite limitless.
If you enjoyed this tutorial and want to get engaged with more content and like-minded developers, check out the MongoDB Community.
This content first appeared on MongoDB.
Original article source at: https://www.thepolyglotdeveloper.com/