I subscribed twitter api for Search Tweets: Full Archive / Premium
In the yaml file I have to enter the access details.
account_type: premium
consumer_key: xxx
endpoint: ????????????????????????????
consumer_secret: xxx
bearer_token: xxx
I got all the keys and tokens. But what is the ```endpoint`` that I have to use? Where do I get that from ?
I'm using searchtweets library to access the api.
This library and API need you to provide the full URL to the API endpoint, because this is dependent on your options (30-day or full archive, and development environment name).
In your case, it would be something like
https://api.twitter.com/1.1/tweets/search/fullarchive/dev.json
Note that everything after /search/ depends on your setup:
You've already said that you want to use full archive, so I filled that in.
The last piece dev.json depends on your environment name from the premium dashboard. You might have named this differently to "dev". Under Products->Premium->Dev environments, look for the "Dev environment label". That's what you append, plus .json.
So for me, I have premium full archive with an environment called "dev", so my endpoint ends in dev.json (as above). Just as another example, for premium 30-day search, my environment is called "development" and the URL endpoint is:
https://api.twitter.com/1.1/tweets/search/30day/development.json
Related
Background:
I've got a project in Cloud Run with two services, both mapped to custom domains. The production site is mysite.com and the development site is dev.mysite.com. I deployed the development site with the --no-allow-unauthenticated flag to prevent public viewing. I want developers to be able to view the site in a browser though. Based on what I've read the "solution" Google currently has isn't great. You have to run the command gcloud auth print-identity-token to identify your Bearer token then use the ModHeader browser extension to modify the request header. The token is constantly changing and having ModHeader enabled to change the request header breaks authentication on other pages, so it is big PITA, but it works, mostly.
Question:
What doesn't work is having the development site load images from the Google Cloud Storage Bucket. Every resource which should be pulled from the bucket results in a 403 error for that resource, but the page loads fine otherwise. I'm the project owner (i.e. my email address is the "owner") and have admin rights on everything including the bucket in question. The bucket's Access Control is set to "Fine-grained: Object-level ACLs". When I deploy the project using the --allow-unauthenticated the images are accessible. Why isn't the bucket honoring my token?
Update:
I'm not 100% sure, but I think the issue might be related to the fact that ModHeader applies its rules to ALL open tabs. I tried another header modification extension named Requestly which allows rules to be targeted to specific URLs and now my development site is loading images as expected.
I have a Node.js app in a Docker container that I'm trying to deploy to Google Cloud Run.
I want my app to be able to read/write files from my GCS buckets that live under the same project, and I haven't been able to find much information around it.
This is what I've tried so far:
1. Hoping it works out of the box
A.k.a. initializing without credentials, like in App Engine.
const { Storage } = require('#google-cloud/storage');
// ...later in an async function
const storage = new Storage();
// This line throws the exception below
const [file] = await storage.bucket('mybucket')
.file('myfile.txt')
.download()
The last line throws this exception
{ Error: Could not refresh access token: Unsuccessful response status code. Request failed with status code 500"
at Gaxios._request (/server/node_modules/gaxios/build/src/gaxios.js:85:23)
2. Hoping it works out of the box after setting the Storage Admin IAM role to my Cloud Run service accounts.
Nope. No difference with previous.
3. Copying my credentials file as a cloudbuild.yaml step:
...
- name: 'gcr.io/cloud-builders/gsutil'
args: ['cp', 'gs://top-secret-bucket/gcloud-prod-credentials.json', '/www/gcloud-prod-credentials.json']
...
It copies the file just fine, but then the file is nor visible from my app. I'm still not sure where exactly it was copied to, but listing the /www directory from my app shows no trace of it.
4. Copy my credentials file as a Docker step
Wait, but for that I need to authenticate gsutil, and for that I need the credentials.
So...
What options do I have without uploading my credentials file to version control?
This is how I managed to make it work:
The code for initializing the client library was correct. No changes here from the original question. You don't need to load any credentials if the GCS bucket belongs to the same project as your Cloud Run service.
I learned that the service account [myprojectid]-compute#developer.gserviceaccount.com (aka "Compute Engine default service account") is the one used by default for running the Cloud Run service unless you specify a different one.
I went to the Service Accounts page and made sure that the mentioned service account was enabled (mine wasn't, this was what I was missing).
Then I went here, edited the permissions for the mentioned service account and added the Storage Object Admin role.
More information on this article: https://cloud.google.com/run/docs/securing/service-identity
I believe the correct way is to change to a custom service account that has the desired permissions. You can do this under the 'Security' tab when deploying a new revision.
My Nativescript app has some secret api tokens. I want to publish the app to the iOS app store. What do I need to do to keep the tokens secret when I publish the app?
I see a discussion here about storing secrets using webpack environmental variables. I am new to webpack, but it seems like this is the best way to do it.
Following that discussion, I am able put my tokens into the webpack bundle (instead of hardcoding it), like this:
$ tns run ios --bundle --env.uglify --env.aot --env.secret_token="yaySecret"
But does this keep "yaySecret" secret? I don't see this addressed anywhere in NS docs or online.
I assume this bundle command creates a bundle, and then this bundle becomes part of what Apple publishes. But then isn't Apple able to view "yaySecret"?
Uglify actually does the job here (--env.uglify).
--env.secret_token will be just a parameter that is passed to the compiler. It will replace the occurrence of the variable in source code with actual value based on your webpack define configuration.
You should have something similar to this in your webpack config
// Define useful constants like TNS_WEBPACK
new webpack.DefinePlugin({
"global.TNS_WEBPACK": "true",
"global.SECRET_TOKEN": JSON.stringify(env.secret_token),
"process": undefined,
}),
So all occurrence of global.SECRET_TOKEN in your actual source code will be replaced by actual token you passed in command line.
So far it had nothing to do with security, reverse engineering the APK may show the entire source code and token value. Using minimizers like Uglify is what makes your code hard to read.
There are many other minimizers / obfuscators in market, javascript-obfuscator is one free tool I have seen people using with NativeScript often. All of these tools have tons of options, if you want to encrypt your code properly, you might need to pay more attention to those options.
There are even paid tools like jscrambler. Using Obfuscators are not limited to NativeScript / JavaScript, even many native android apps use Java Obfuscator to prevent extraction of source code & sensitive information from the APK. So using an Obfuscator is very much common irrespective of platform you choose.
Additionally what you could do is, do not simply hard code your token. You may pass some encrypted value to env.secret_token, then write some complex function which can take this encrypted value and give you the actual token at run time. End of the day it's all about making your code harder to break.
I've been working on integration of Passbook for some of my apps. Right now, I've used Ray Wenderlich's tutorial on this, and it is quite frankly a pain to build even one Pass. I have to get the icon files all in place, program the JSON file, get the manifest file filled in with all the SHA1 values, and run a few lines in terminal to sign it, and then another line to zip it. Are there any online services or programs that can be used to save a pkpass file to computer, that I can then upload to my server?
There are also quite some developer tools that help you to create passes, you can find a list on wikipedia.
We provide an Objective-C SDK and a free cloud service that lets you create templates and generate passes. You can find the SDK on github (Sample App is included).
There are a number of services that can be used to generate passess. Take a look on wikipedia for a comprehensive list of providers, tools and projects.
If you want to update passes, then you will need to build a Passbook Web Service. When a pass is updated, the web service sends a new .pkpass bundle to the device. Therefore, your web service must also be capable of signing passes unless you want to manually create and upload them to your server before sending out a push request.
Using our service, PassKit, you can create a template using WSIYWIG editor then create a pass directly on your server via a simple API call. You can also update passes and push updates to passes via our API. If you just want to get hold of the .pkpass bundle, then you can append /d to the pass URL (the one beginning with r.pass.is), or use PassKit API in your User Agent string.
you should also check out Apple's Passbook Support Materials here:
https://developer.apple.com/passbook/
They have a simple XCode project called SignPass that you can use to easily create your own Passes.
Note: you need to be a member of Apple's Developer program to access these materials ..
There's lots more Passbook related info here:
http://www.flonsolutions.com
Andrew
I'm working on implementing omniauth into a Rails project. My problem is that the authentication providers - Twitter, Google, Facebook etc all require me to create an application with a url that limits authentication requests from anywhere other than the url. I need to be able to to test locally but also run code in production, but Facebook for example doesn't allow 2 domains and doesn't allow localhost anyhow.
So what are my options?
At work, we have multiple applications setup for the different environments. On local, add an entry in /etc/hosts (assuming you are on linux) eg: 127.0.0.1 mydomain.local.
On the facebook app setup for the local environment, add this as the url. Most things, except where facebook needs to scrape your site (Like buttons) work.
Here's a blog post with my solution: http://make.bettermistak.es/2012/05/03/how-to-create-a-local-sandbox-facebook-app/
Here's the relevant bit: "Facebook verifies that all requests for your app are coming from the right domain–they don’t allow requests from localhost or 127.0.0.1–and this info can be updated in your apps settings under Hosting URL. Add “local.herokuapp.com” to your Hosting URLs and save this setting. Then edit your /etc/hosts file so that local content is under the domain local.herokuapp.com. This file is hidden, so from the command line enter sudo vi /etc/hosts. (Substitute your favorite editor for vi.) We need to use sudo, because this file is locked. Add the line “127.0.0.1 local.herokuapp.com” below “127.0.0.1 localhost” and save and quit your text editor."
As far as I know, you must sing up two apps for you app.(one for remote side, one for local side)
Fortunately, there is a way to reduce the complication(Assuming you are working on linux):
You can configure you .bash_profile (local machine and remote machine separately):
export YOURAPP_APP_ID="XXXXX"
export YOURAPP_APP_SECRET="XXXXX"
And use ENV['YOURAPP_APP_ID'] and ENV['YOURAPP_APP_SECRET'] in your code.
For example, you can code like this in rails:
config.omniauth :facebook, ENV['YOURAPP_APP_ID'], ENV['YOURAPP_APP_SECRET']
By this way, you can use the same code in both local and remote side. It will be much easier for maintaining.
If you are using Heroku to host your application, you can refer to this page to config the environment variables.
I have created two apps on Facebook one of which i run in sandbox mode for development purposes. Would that be an option for you?