I know from https://github.com/near/near-cli#overview that I can call near state to view general details of an account, like this:
NEAR_ENV=mainnet near state root.near
Account root.near
{
amount: '517981340092537993206924239',
block_hash: '6A4vsQqTjdQgKnWrHVURycSmehBMgtgg4GNemmjZUB6S',
block_height: 64959783,
code_hash: '11111111111111111111111111111111',
locked: '0',
storage_paid_at: 0,
storage_usage: 13899,
formattedAmount: '517.981340092537993206924239'
}
And I know that I can browse on the web at https://explorer.near.org/accounts/root.near
But how can I explore (either via a website or CLI) the contents of all of the on-chain data in an account's storage?
You can use the CLI's view-state command. An example of this could be:
export NEAR_ENV=mainnet
near view-state nft.nearvember-challenge.near --finality final
This will return key value pairs that are base64 encoded. You can loop through and decode these as you wish. For example, one of the key value pairs returned from this call is:
{
key: 'A3YkAAAAAAAAAA==',
value: 'ARgAAABORUFSdmVtYmVyIENoYWxsZW5nZSBORlQBNwAAAHRoYW5rIHlvdSBmb3IgcGFydGljaXBhdGluZyBpbiB0aGUgbmVhcnZlbWJlciBjaGFsbGVuZ2UBTwAAAGh0dHBzOi8vY2xvdWRmbGFyZS1pcGZzLmNvbS9pcGZzL1FtUEt6WnFIdnY1c2VCQ3hIdW5nNFpLRFlHS2QxOFozSzRmWWtHeTJTMjFOQVoAAWQAAAAAAAAAAAAAAAAAAA=='
},
which, if base64 decoded, has a value of
NEARvember Challenge NFT7thank you for participating in the nearvember challengeOhttps://cloudflare-ipfs.com/ipfs/QmPKzZqHvv5seBCxHung4ZKDYGKd18Z3K4fYkGy2S21NAZd
Keep in mind that the CLI will only return state that's below a certain threshold. If the account's state is too large, it won't be viewable unless you configure and run your own node.
Related
im working minting NFT with n copies with the NEP-171 and i wanna know how can i tranfer a copy.
I see paras.id use something like
'{"token_id":"1:1","receiver_id":"comic1.test.near"}'
refering to the token and the copy number.
Does anyone know how to transfer a single copy of the NFT?
I tried to implement what john says,but in fact
when i use the nft_tranfer send the token and also the copies,not one copy how he says.
this is the original metadata info.
{
token_id: '2',
owner_id: 'dokxo.testnet',
metadata: {
title: 'Thunder Sword',
description: 'Thunder Sword 2',
media: '',
copies: 10,
extra: "{'burrito_type':'Planta','hp':'5','attack':'6','defense':'7','speed':'8','win':'0','level':'1'}",},}
and then we make the transfer with:
near call dev-1643782582362-23960957659801 nft_transfer '{"token_id":"2","receiver_id":"dokxotest.testnet"}' --accountId dokxo.testnet --deposit 0.000000000000000000000001
so this is new metadata:
{
token_id: '2',
owner_id: 'yairnava.testnet',
metadata: {
title: 'Thunder Sword',
description: 'Thunder Sword 2',
media: '',
copies: 10,
extra: "{'burrito_type':'Planta','hp':'5','attack':'6','defense':'7','speed':'8','win':'0','level':'1'}",},}
and then when i try to send the same token it returns this cuz i'm not the token's owner anymore:
Failure [dev-1643782582362-23960957659801]: Error: {"index":0,"kind":{"ExecutionError":"Smart contract panicked: Unauthorized"}}
May I need to implement something else or change the minting method?
In order to transfer an NFT token implemented using the NEP-171 standard, you can call the nft_transfer function on the contract. The function signature looks like this:
function nft_transfer(
receiver_id: string,
token_id: string,
approval_id: number|null,
memo: string|null,
) {}
the function will transfer only one token, not all copies. Only the TokenMetadata holds information about the number of copies. The token token itself is not all copies, just one of them. Each token in the collection will have a different id.
Then you can call it like this using the near-cli:
near call contractName nft_transfer '{"token_id":"someTokenId","receiver_id":"comic1.test.near"}' --accountId yourAccoutnId
EDIT
After looking at your own answer, I think maybe you have misunderstood what the "copies" field mean.
Let's look at the following call in your question
'{"token_id":"1:1","receiver_id":"comic1.test.near"}'
Here, I assume that this is the first edition of your token that you want to transfer. If you have 10 copies, you should have 9 more tokens, where the id is different. Most likely, they will have the following format on the token_id: "token_id":"sameIdForAllTokens:edition", where sameIdForAllTokens is the common ID amongst NFTs in your collection (in your example, it's 1). edition is a number that varies, e.g. from 1 to 10 (if you have 10 copies). Now, all of this depends on how the contract is implementented, but this is the format I've seen on paras.id.
Currently I work in a bank where it has a Watson bot and I need to capture and save the intention prior to a specific intention that generates the derivation with a human. I need to do this to know the last topic the user talked about before the referral with a human
Your dialog that recognises the previous intent should save that intent in a context variable. You can set it to any arbitrary value that makes sense to your dialog.
If you did want it to match an intent, you can set it to the intent eg. where abc is the intent you are capturing
#abc
If the intent is abc then #abc is true, else it is false.
You can save the intents in a context variable using <? intents ?>
intents is an array of objects that have this structure and is sorted in descending order of confidence.
[
{
"intent":"greeting",
"confidence":1
},
{
"intent":"yes",
"confidence":0
},
{
"intent":"pizza-order",
"confidence":0
}
]
You can find more info about this built-in variable here
I am using "Platform agnostic Security Token" for oAuth in Golang - https://github.com/o1egl/paseto
I am not able to understand, why this is better than JWT even after reading README
My Major Question is:
Can "token" generated be altered like "JWT" and pass modified or tampered data?
Can "token" generated using "paseto" be decrypted and viewed like "JWT"?
Paseto library above uses "SET" and "GET" method inside their JSONToken method. Is that how we can verify authenticity of the user?
Sample Code:
symmetricKey := []byte("YELLOW SUBMARINE, BLACK WIZARDRY") // Must be 32 bytes
now := time.Now()
exp := now.Add(24 * time.Hour)
nbt := now
jsonToken := paseto.JSONToken{
Audience: "test",
Issuer: "test_service",
Jti: "123",
Subject: "test_subject",
IssuedAt: now,
Expiration: exp,
NotBefore: nbt,
}
// Add custom claim to the token
jsonToken.Set("data", "this is a signed message")
footer := "some footer"
v2 := paseto.NewV2()
// Encrypt data
token, err := v2.Encrypt(symmetricKey, jsonToken, footer)
// token = "v2.local.E42A2iMY9SaZVzt-WkCi45_aebky4vbSUJsfG45OcanamwXwieieMjSjUkgsyZzlbYt82miN1xD-X0zEIhLK_RhWUPLZc9nC0shmkkkHS5Exj2zTpdNWhrC5KJRyUrI0cupc5qrctuREFLAvdCgwZBjh1QSgBX74V631fzl1IErGBgnt2LV1aij5W3hw9cXv4gtm_jSwsfee9HZcCE0sgUgAvklJCDO__8v_fTY7i_Regp5ZPa7h0X0m3yf0n4OXY9PRplunUpD9uEsXJ_MTF5gSFR3qE29eCHbJtRt0FFl81x-GCsQ9H9701TzEjGehCC6Bhw.c29tZSBmb290ZXI"
// Decrypt data
var newJsonToken paseto.JSONToken
var newFooter string
err := v2.Decrypt(token, symmetricKey, &newJsonToken, &newFooter)
Now, if you see there is code: jsonToken.Set("data", "this is a signed message") and we can get that value in Decrypt data at the end where newJsonToken variable is created.
We can get the value of "data" key using: newJsonToken.Get("data").
But is above data "verifiable" and can't be tampered or modified on user's end?
Like in JWT debugger at JWT.io, People can tamper data and know the algorithm and pass "modified" data.
Can user do the same with my generated token as well? Can they decode and pass tampered data? or they can't decode data or view actual data at all?
1 - Can "token" generated be altered like "JWT" and pass modified or tampered data?
Note that token cannot be "altered" either using PASETO or JWT without knowing the signing key (which should of course be secret).
The fact you mention about being able to view the JWT token data in JWT.io page is because data is not encrypted (so you can see it without the key).
But token is signed, so if you modify any value and don't have the key, you won't be able to sign it back and the token receiver will note the token is not valid when trying to verify it.
2 - Can "token" generated using "paseto" be decrypted and viewed like "JWT"?
It depends on how you generate the PASETO token.
See here:
https://tools.ietf.org/id/draft-paragon-paseto-rfc-00.html#rfc.section.2
Format for the token is version.purpose.payload.
And from the docs:
The payload is a string that contains the token's data. In a local token, this data is encrypted with a symmetric cipher. In a public token, this data is unencrypted.
So if you generate the token as in the code snippet you posted (local token, with a symmetric key), then payload will be encrypted (you won't be able to see it unless you know the symmetric key and use that one to decrypt it).
If you use a public/private key pair, then payload will not be encrypted, so you'll be able to see it without the key (but you'll not be able to change it and sign it again without knowing the private key).
I'm trying to test an API response where key values are randomized alphanumerics. This is making it difficult for me to drill down into the JSON response to get the data I want to test.
I am using SuperTest/Mocha/Chai. At this point I'm just trying to test to see if the property 'id', 'name', and 'pattern' exist, and to verify the values of those properties.
Unfortunately since the parent of those properties is a randomized value, i've been unable to access it.
I'm new to API testing in general, so I apologize if I'm not including some important information. Normally I would do something like this:
Example of expects I normally write:
end(function(err, res) {
expect(res.body).to.have.property('id');
expect(res.body.id).to.equal(0);
}
So far, the only way I've found to do it is to put response.text into a variable, then use split and splice to separate out the data I want. This is ugly and probably inefficient.
Example JSON I'm working with:
{ idTag1: 'randomValue',
idTag2:
{ 'randomValue':
{ id: 'an integer',
name: 'a basic string',
pattern: 'a basic string'
}
}
}
Is it possible to search an account's custom data to find a value contained in an array?
Something like:
?customData.[arrayName].{key}=value
The Stormpath docs don't mention array searching.
Yes, with Stormpath it is totally possible to search for custom data even if the values are stored as an array!
Please note that the field names are simple names, and the values are what are different data types like array, map, string etc... so the query is not as complex as one would think :-)
For example, if I want to store custom data called favoriteColors, which is an array like
"favoriteColors": [ "red", "black", "blue", "white" ]
Notice the field name is just like any other field name. The value is the array.
To search for accounts which have a value red in the favoriteColors array, you just need the normal query syntax:
?customData.favoriteColors=red
The full request (if searching a Directory of accounts), might look like this:
https://api.stormpath.com/v1/directories/<directory_uid>/accounts?customData.favoriteColors=red
You could also do the same search on the Tenant resource to search tenant-wide (across all accounts):
https://api.stormpath.com/v1/tenants/<tenant_uid>/accounts?customData.favoriteColors=red
This query would match an account that contains red in the favoriteColors array. If I changed the query to ?customData.favoriteColors=yellow it would not match unless yellow was also added to the array.
Searching for custom data in an array can definitely be done. The syntax is: customData.{fieldName}\[{index}\]=value where {index} can be the specific index you are looking for, or * if you want to find it anywhere in the array. (Note that the [] characters are escaped with a backslash or the query interpreter gets it confused with a range query.)
If you leave off the index entirely, then \[*\] is implied. More precisely, Stormpath will check for either the value in the fieldName or the value as an element in an array of fieldName. However, syntactic sugar can only work if the array field is the last element in your search. Since you can put literally any JSON object into your custom data, Stormpath cannot check every single possibility. Imagine something like customData.foo.bar.baz.qux=bingo. Stormpath would not try to guess that maybe foo is an array, maybe bar is an array or not, maybe baz is an array or not - only maybe qux is an array or not. So, if you want to search an array of objects, you cannot leave out the \[*\].
Here is an example. I have an account with the custom data:
{
"favoriteThings": [
{
"thing": "raindrops",
"location": "on roses"
},
{
"thing": "whiskers",
"location": "on kittens"
},
{
"thing": "snowflakes",
"location": "on my nose and eye lashes"
}
],
"favoriteColors": [
"blue",
"grey"
]
}
The following queries will yield the following results:
customData.favoriteColors=blue will include this account.
customData.favoriteColors\[1\]=blue will not include this account because blue is not at index 1.
customData.favoriteThings\[*\].thing=whiskers will include this account
customData.favoriteThings\[*\].thing=ponies will not include this account because it does not list ponies as one of his favorite things, but may include other accounts with custom data in the same structure.
customData.favoriteThings.thing=whiskers would not include this account or any other accounts with the same custom data structure because in that case, Stormpath would be looking for a single nested JSON favoriteThings object, not an array.