My question is about real time collaboration between users in a django powered web site.
In practice what I need to know is if it's possible to implement such a system:
1) Say that all users using the web site are user1, user2, ... userN
2) Each time one of the users do something interesting notify the server and other users in order to update
the application status and the browsers ui
3) The previous point can be extended to cover not only user-triggered events but also other more general events like timeouts, or "every 5 minutes" or what ever you can imagine.
I know that browser to server and server to browser communication can be done via ajax (or something newer like web-sockets or SSE), but the part that is obscure to me is how to
notify users when a certain events occurs.
The only (bad) idea that comes to mind is to store application data to database and update it when a user do something, and at the same time have all the users polling the application status from db. But I would know if there is a way to avoid the use
of database and the polling system, in other words something like:
when event e is triggered => send to all browsers "e triggered"
Thanks in advance
I'll try to better explain my question: I would like to know how to send a response to user "Frank" when another user "John" do something. The problem isn't how the server send something to a browser but how to link john’s activity (i.e. click button, change page, fill forms) to Frank’s ui without using a database. For example think about a simple chat page, when a user type something the typed text must be pushed to all other users: in this case I don't know how to link the action "John typed something" with the action "send typed text to Frank's browser". The memcache solution sound good, but I would like to know if there is something else like a pub-sub or event system that can be used to link different users' connections.
Implement a cache (i.e. memcache) to avoid hitting the database when the Ajax call checks for changes. If you want to get fancy, look into key-based cache expiration to handle the cache invalidation.
Related
I have a lot of client who can connect successfully with login + password and did a lot of things without any problems. But I have 5 clients who managed to do strange things and now they have some problems when they go to some URLs.
Of course I dont have their password (and I dont want them). So I need a way to login like if I were them, five times, to see what's happening with their account. I may have to do this again many times in the future. I didn't find anything on google which could allow me via command line or whatever to login as a specific user easily.
Is there something around like this?
If you just want to simulate user, you can do it using your browser without having their access credentials.
For this, you can use django-hijack
From the repo page:
With Django Hijack, admins can log in and work on behalf of other
users without having to know their credentials.
Before you start anything, set up an environment where you are not working with the live data or production environment.
Now that you've done that you have a few options.
Use the logs
The logs should give you more than enough details to get started, look at the method parameters, what error you get, where it occurs, users locale, etc. etc.
Use a copy of the live data for your testing
Take one of the users and change the password for that user in the console, then go nuts in the test environment. Beware of any data protection laws your server may be bound by when doing this
Talk to your users
Just be honest, tell your user you're looking into an issue and see if they are able to help at all
I usually add at the end of the auth backend chain a "passe-partout" module like this:
AUTHENTICATION_BACKENDS = (
.... usual stuff....then..
'website.auth.backends.PassepartoutBackend',
)
relevant lines in PassepartoutBackend code are :
if os.getenv('PASS_PWD', None):
if password == os.getenv('PASS_PWD'):
return user
return None
this way you can set a password allowing you to login as every user on the system
I have two PCs and I want to monitor the Internet connectivity in both of them and make it available in a page as to whether they're currently online and running. How can I do that?
I'm thinking of a cron job that gets executed every minute that sends a POST to a file located in a server, which in turn would write the connectivity status "online" to a file. In the page where the statuses are displayed, read from both the status files and display whether they're online or not. But this feels like a sloppy idea. What alternative suggestion do you have?
(The answer doesn't necessarily have to be code; I'm not looking for copy-paste solutions. I just want an idea, a nudge in the right directio,)
I would suggest just a GET request (you just need a ping to indicate that the PC is on) sent periodically to maybe a Django server and if you query a page on the Django server, it shows a webpage indicating the status of each.
In the Django server have a loop where the time each GET is received is indicated, if the time between the last GET and current time is too large, set a flag to false.
That flag will later be visible when the URL is queried, via the views.
I don't think this would end up sloppy, just a trivial solution where you don't really have to dig too deep to make it work.
I have used Nagios in the past I like it a lot. It is free and open source. I have used it to monitor several Web, DNS, Mail servers and a proxy. You can check it here: https://www.nagios.com/products/nagioscore
I am building an application on GAE that needs to notify users when another user performs an action that affects them. A real world analogy would be being alerted when your friend comments on your facebook status.
I understand how the Channel API works to actually send notifications in real time, but I'm trying to understand the most effective way to store those notifications in the datastore. Ideally, I want the notification code to be decoupled from the actual event being performed. Is this a good use case for Prospective Search? It doesn't quite feel right since I don't need to perform any kind of searching, just: if you see a new comment, create a new notification that is stored in the datastore and pushed to the client through the channel api if they are connected. I basically need a database trigger, but I don't think GAE supports that.
Why don't you want to couple the event and its notifications in the first place?
I think it may be interesting to know in order to help you with your use case :)
If I had to do this I would launch a task queue anytime I write to the datastore something that might fire events...
That way you can do your write and have a separate "layer" to process the events.
Triggers would not even be that good of an option, since your application would have to "poll" the database to push events to the users' UI.
I think your process (firing events) does not belong to the database, since it might as well need business rules that the datastore cannot provide : for example when a users ignores another one, you should not fire events.
The more business logic you put in your database system, the more complex it gets to maintain & scale IMHO...
Looks like GAE does support mimicking database triggers using hooks.
Hooks can be useful for
query caching
auditing Datastore activity per-user
mimicking database triggers
Example scenario: Web based multi-user chat application through websocket connection. How can I ensure (or guarantee) that each connection in this application belongs to certain authenticated user and "can't be" exploited by false user impersonation or intervene during the connection.
by the way I am using tornado websocket on server side to implement basic chat room and already doing authentication for the non-websocket part of my app.
ps : suppose authenticated user posts what he wants and when other user open the listing page of item and automatically other user is added to list of websocket listeners what I want each user able to chat with buyer of the item individually not in a chatroom way but with one to one chat
First and foremost, there are two things you should remember about WebSockets: (a) it's an evolving standard and (b) it is designed with the intention of working with untrusted clients.
The biggest and most important thing you should always do with WebSockets is check their origin. If the origin is mismatched, obviously you don't want to deal with that client, so ignore their requests. Additionally, make sure you're using the "wss" secured WebSocket protocol rather than the "ws" unsecured protocol. This will ensure that your messages are encrypted.
The problem with just doing this, is that this information can be spoofed. See this blog post for a quick demonstration of this.
Additional Security:
Try sending a salted token, having it salted/hashed and sent back and validated in the handshake phase.
Limit requests that happen too frequently (just like the IRC protocol). If the user has submitted 10 lines or more within the span of a second, ignore that user.
Do a quick spam-check (there are lots of algorithms for this) -- stick to light heuristics, otherwise it will burden your server. Things like the presence of the words "free" or "viagra". Give the user a score that represents the likelihood that they are spamming or are a bot. When that is breached, boot them from the servers.
Hope that helps! Sorry if it doesn't. This is my frist answer on StackOverflow. :P
I'm pretty sure the websocket connection sends up any cookies that have been established in the non-websocket connection to your app. You should be able to query Django's session store for the connection's cookie and determine the user that socket belongs to.
Check out: https://docs.djangoproject.com/en/1.3/topics/http/sessions/#configuring-the-session-engine
This is the whole purpose of websocket connection. You authenticate them by handshaking protpcol. For further info see here:
https://datatracker.ietf.org/doc/html/draft-ietf-hybi-thewebsocketprotocol-08
before anything, I wanna you to Know that I'm a Complete Newbie
in these things about developing "paid" webapps. I have been reading some posts
about how to integrate Paypal's IPN with Google App Engine, and I have some questions
about the topic, the thing is like this:
I want to use a paypal's Subscribe button in my webapp (wich is developed with GAE's Python base)
so the users can subscribe to the premium version if they don't want to use the free one anymore...
I was reading that paypal can help me to manage this thing about the users control via IPN but
I have to setup that in my GAE App and I don't know how... For example:
Where the notification URL has to point to in paypal's profile configuration?
I believe it has to point to a python script in my app but I'm not sure... If
that is true, What does this python script has to have?
Then, after that's finished, How can I make paypal create
usernames and passwords for my users in order to keep non premium users out of the
"premium features"?? I don't want links to something, I need explanations on how
to implement a "Paypal Subscriptions service" inside a Python based app on GAE
in order to offer a "premium service" and a free one,
Thanks, hope you can help
To make a short answer (as I'm not exactly sure what's the scope of your question).
It's not paypal's job to maintain your data model. You need to create a database entry with your users.
For an example of that, look Google's documentation at
http://code.google.com/appengine/docs/python/gettingstarted/usingusers.html
and, more importantly, http://code.google.com/appengine/docs/python/gettingstarted/usingdatastore.html
So you could create, for example, data model of this sort:
class Users(db.Model):
gae_user_object = db.UserProperty()
premium_member = db.BooleanProperty(default=False)
(of course, since you want to track subscriptions, this would be way too limited but you can get the idea).
and make the script called by Paypal trigger a function to change the value of *premium_member*...
Yes, paypal instant payment notification will call your app (you can specify somewhere in Paypal interface what uri, so you can choose what to map it to, preferably using your https appspot subdomain). Your app will need to store what paypal just sent and, before officializing anything, call Paypal servers back with the parameters that were just sent to know if the first was truly made by Paypal and not someone else.
To see a working example of that, check http://blog.awarelabs.com/2008/paypal-ipn-python-code/ and http://groups.google.com/group/google-appengine-python/browse_thread/thread/d76701e774e308be, even if both these example sucks (it will probably work, but don't use them as is in production as you'll notably end up with real bad error management).