I just started working in openHAB and was wondering if there was an API to get the MAC-address of an item or some other unique ID that will not change if I for example disconnect/delete the device and reconnect it.
I want the unique ID so that I can put the Thing in a database without it creating a duplicate in case it disconnects or I delete the device.
I think the REST API is providing good information.
https://www.openhab.org/docs/configuration/restdocs.html
for example
openhaburl:8080/rest/things
You get a List of things containing, amongst other things, the UID and that contains the serial of the device.
Regards
Michael
Related
From what i've been able to discern so far, Firebase/Firestore seem like the perfect platform to use for an app I am writing. However I can't quite connect all the dots when trying to design my backend. I am hoping that someone will be able to give answer a couple of basic questions about the use of FB/FS.
With my app, a user will be able to share a small piece of data with a select group of friends. ie if the data is to be a To-Do list, the user would create the list on his device (iphone only) and then invite a small group of friends (probably less than 10) to share that data. The friends would have read-only access by default, however, the user can assign any number of them to be "admins" which would allow them read/write permission. When any changes occur to the data, all "friends" who have access to the data will be notified (by some means - push notifications etc). They can manually sync or setup the app to automatically sync. It seems like FB/FS can be used for this right out of the box. However there are a couple of concepts that I can't get my head around.
The database I setup is accessible by ALL users of my app by default. It's not clear (at least to me) how I would set it up so when a user creates (in this case) a to-do list and invites 5 friends, only those 5 friends can access or even know about that data. This is main stumbling block in my development path.
Regarding invitations. I read in the FB/FS documentation that invitations and notifications are among the many features available. I'm not clear on how this will work if a) the recipient doesn't have my app installed and b) how the inviter would get feedback when the invitation was accepted or declined.
Any guidance that anyone is willing to share to help me get started will be a huge help and will be greatly appreciated. Thanks.
You can create new privates collections inside the main collection, and set different rules for access.
Check at: Firebase Firestore get private fields
Today when I receive a call, I get:
{"call_state":"PENDING","call_to":"client:test123","call_from":"client:test321","call_sid":"CA45af5dadsad3e699b9cb8d9"}
To not display test123, at the moment that I receive the event I search in my database the specific ID (123) and then I give to the user the right name.
That said, I would like to know if there's another way to add more information at the Client Identifiers avoiding the database search.
Twilio developer evangelist here.
You can't add more information in that request, however you could make your Client ID more useful.
You want your client identifier to be unique, and I assume the names you want to display aren't necessarily. So, if you make the client identifier something like "#{id}-#{username}" it will be unique as it contains the ID, but you could split the string on "-" and use the username to display to your user.
Let me know if that helps at all.
I've got a question around best practices with the document id's in Watson Discovery. I've got a unique key in my data, and I'm wondering if I should pass that in as the id or let Discovery generate one. Any thoughts?
According to me, it is not possible to pass your own id (be its environment id, collection id, configuration id or document id) to Discovery service yet.
Every time, you create an environment or collection etc, Discovery itself generates a unique ID for it.
Note: Having manual intervention in generating IDs as well may lead to multiple confusions among the users as well.
Currently I am creating a RESTful API for a mobile application. The RESTful API has a number of end points that allow users to exchange personal information between each other. I was testing how secure these endpoints were and quickly realized that if a third party managed to gain access to the API they could easily look up other user's information by guessing their user id or using an automated script to collect a wide range of personal information. This was due to the fact that I was using a primary key that was a simple auto-incremented integer which made it predictable and easy to determine other user's ids. I immediately began looking for something that didn't follow a distinct pattern. I came across UUIDs and decided to implement them with my existing rails app.
Was this a wise decision? I definitely see the upside to using UUIDs but upon further research I found that there were a number of negatives to this approach. Many sources claim that using UUIDs will cause performance issues with large tables. Are UUIDs right for my situation?
My second question is about implementing this in an existing Ruby on Rails application. I made the switch to UUIDs by following this article: http://rny.io/rails/postgresql/2013/07/27/use-uuids-in-rails-4-with-postgresql.html. I ran into an issue with enabling the uuid-ossp extension. I created a migration and put enable_extension 'uuid-ossp' inside the change function. I then changed the existing migrations to support UUIDs as their primary key and ran rake db:drop db:create db:migrate to recreate the database with the edited migrations. This failed with the error PG::UndefinedFunction: ERROR: function uuid_generate_v4() does not exist. I quickly realized that this was because I had created the migration that enabled the uuid-ossp extension after the migrations that I had edited to use UUIDs. When I changed the time stamp in the name of the migration to a date that preceded all migrations the db:migrate command completed with no errors. This felt very hack and defeated the purpose of having migrations. What is the correct way of adding this extension via a migration?
Edit in response to comments:
So a number of comments were made that suggested that I should just be properly authenticating users and checking their permissions before allowing them to view certain data. I have user authentication built into my application but will better explain my situation and why I needed something more than auto-incremented primary keys.
I have a number of users on this application and each user has the ability to create private and public contacts. Public contacts are viewable by everyone using the mobile application. Private contacts can only be viewed by the user who created them. However, a user can share their private contacts with other users by showing other users with the mobile application a QR code that has the contacts ID encoded into it. When the user decodes the contact ID a request is sent to the backend to notify the backend that the user is now an owner of that private contact. This allows the second user to now receive updates from that private contact. This is a large feature of my application. The aim here is to force people to have to exchange these contacts in person and to disallow others from seeing these contacts unless this process has happened.
Implementing this concept proved to be fairly tricky as all users could potentially share all private contacts with any other user on the system. I found this extremely hard to implement using permissions as which contacts a user can view is constantly changing.
Originally I implemented this with auto-incremented integers as my primary key for the contact IDs. It worked but forced me to create a very insecure API endpoint that essentially would take a user ID and a private contact ID as parameters and would add that user as an owner of that contact. Because auto-incremented IDs are so predictable a user with access to the API could essentially loop through a sequence of numbers calling the endpoint each time, pass the sequence number in as the contact ID and add themselves as owners to contacts that hadn't been shared with them. This would by pass the whole process of having to share the contact in person and in large defeats the purpose of having my mobile application.
I decided I needed something less predictable, completely random and unique to each private contact. I found UUIDs while doing research to solve this problem and changed the contact ID in my model to be of type UUID. Are UUIDs the best way to solve this? Should I use something else? Have I gone about solving this problem the wrong way?
Are UUIDs the best way to solve this?
You could use them as a solution. If you do, you should build a new contacts table and model instead of trying to migrate the old model. As well as being tricky to implement, any migration would immediately make existing contact/invite emails invalid (since they contain the old id). Briefly support both models, and retire the old auto-incrementing id model once you are happy that traffic using it is no longer important to your application.
There is still a flaw - your contact share links will now be long-lasting, and if anyone gets access to a contact's id for any reason, and know enough to construct the URL for gaining that user as a contact, then they gain the ability to share it to themselves and anyone else completely outside of the control of your application. This because you are relying on knowledge of the id as the only thing preventing access to the contact details.
Should I use something else?
In my opinion, yes. Use a separate nonce or one-off code model (with UUIDs, or an indexed column containing a long random string - you could use SecureRandom for this) that can grant rights to complete the sharing. When someone wants to share a contact, create the nonce object with details about what is being shared - e.g. the contact_id - and use it to generate email link pointing to a route that will find the nonce and allow access to the resource.
The model doesn't need to be called "Nonce" or contain that as a column, this is just a common name for the pattern. Instead you might call the new model "ContactShare" and the secret property "link_code".
This will allow you to resolve access to contacts using your app's permissions model as normal, and block the possible misuse of sharing links. When the controller with the nonce id or code is invoked, create permissions at that point in order to grant access to the contacts. Then expire or delete the nonce, so it cannot be re-used. I prefer expiry, so you can track usage - this can be as simple as a used boolean column that you update once the sharing request has succeeded.
Note I am not referring to Rack::Auth::Digest nonce routine, which is specific to server authentication. I did not find a RoR pre-built nonce model, but it is possible it goes under a different name.
I started using Path, and noticed that in the registration process, they identified both my phone number and my email.
As far as I know, there is no way to programmatically get those values (without being rejected by apple), so how does path do it?
Moving my comments into an answer :)
As I've stated above, this is a duplicate of How does Square's CardCase app automatically populate the user's details from the address book?
Because Path asks beforehand for the first and last name it's easy to search for the contact in the address book. Of course one has to handle the case when a) no contact or b) multiple contacts are found. In both this cases I'd probably go with standard input fields, because for the "no contact found" case you need those anyway.
How common it is to have a contact with it's own name I don't know, but according to the Fact that Path and other apps are doing it the same way I suppose it's worth taking the risk :) AFAIK MacOS X automatically creates a contact with my name in the Address Book, but really can't recall if iOS has the same behavior.