ARTEFACT download from nexus failing because the data is cached - maven

I am using curl to publish to maven:
const curlOptions = [
'--silent',
'--output', '/dev/stderr',
'--write-out', '"%{http_code}"',
'--upload-file', fileLocation,
'--noproxy', options.noproxy ? options.noproxy : '127.0.0.1',
'--fail'
];
const curlCmd = ['curl', curlOptions.join(' '), targetUri].join(' ');
const childProcess = exec(curlCmd, execOptions, function (error) {
if (error) {
console.log(chalk.red(error));
}
});
This works for the upload but the artefact gets cached and I cannot get the artefact from curl without going to nexus and running rebuild metadata on the affected artifact.
Can i programmatically invalidate the cache?

To answer your question directly, it should be possible to invalidate cache in later versions of NXRM3 using the REST API and the "/beta/repositories/{repositoryName}/invalidate-cache" endpoint.
It should also be possible to do the same and run the scheduled task (rebuild metadata; /v1/tasks/{id}/run endpoint) though that seems a less desirable route as that is generally used for repair.
You can see more on the REST API in the NXRM3 documentation though the intent of some is that it's self documenting by using the Swagger UI in the application. Note at time of this answer, only those with the nx-admin privilege can access the Swagger UI (though people with proper permission can use the endpoints). You can find the Swagger UI in the Admin section under System -> API.
That being said, I think there's likely something else going on. I don't think it should be necessary to invalidate your cache like that each time. I didn't want to go too far from the question however. I encourage you to look at community.sonatype.com for answers to what else might be going on and ask there if you don't see one.

Related

Google gapi.auth2.getAuthInstance().isSignedIn().get() is always false when multiple google accounts

I am having a weird problem with google gapi auth. For some reason, the value for gapi.auth2.getAuthInstance().isSignedIn().get() is always returning false. This is my setup:
gapi.load("auth2", initAuth2);
initAuth2(){
gapi.auth2.init({
client_id: "xxxxx-yyyyy.apps.googleusercontent.com",
hosted_domain: "domain.com",
redirect_uri: "http://localhost:4200",
ux_mode: "redirect",
}).then(performAuth, error=>{
console.error(`Error initiating gapi auth2: ${error.details}`);
});
}
performAuth(googleAuth){
const isSignedIn = googleAuth.isSignedIn.get();
if(!isSignedIn){
googleAuth.signIn();
return;
}
const user = googleAuth.currentUser.get();
console.log(user);
}
I have two google workspace accounts sign in the same chrome profile. When I run this script, I get the prompt to select an account. No matter which one I choose, the flow just keeps looping. The reason for that is that the line const isSignedIn = googleAuth.isSignedIn.get(); is always returning false.
Things I've tried so far:
I thought that maybe the client_id was corrupted so I generated a new one. Same behaviour.
I though the GCP project was corrupted, so I created a new project with new credentials. Same behaviour.
Thought there was an issue with cookies, so I deleted and clear cookies and history. Same behaviour.
Thought is was related only to localhost so I deployed to the web. Same behaviour.
If I change the init options from ux_mode: "redirect" to ux_mode: "prompt". It works. However, that is not the desired experience. Also, if I only have one google workspace in the chrome profile, it works. Even more interesting... if I use a client id from an older project... it works! The problem is that the consent screen shows the wrong app name.
I know this question is similar to this one, however I feel it's different because none of the above troubleshooting works. Any insights?
There is a case for the exact same problem here, it is most likely a bug in the api set

How to force loading the current version of an offline-able web app?

I'm doing a tiny offline-able web app / PWA. It's meant to be opened from a home screen icon and mimic a regular app by loading entirely from a cache when offline.
The app is written using Vue and to accomplish the above I'm just using their PWA template and whatever it generates. To the best of my knowledge what this does is set up workbox using the GenerateSW plugin to precache everything in the Webpack build, and registers it using register-service-worker. That is, I have fairly little control out of the box over the fine details, it's meant to be a turnkey solution.
That said, I'm not sure how to actually load a new build of the application when it's available. The above can detect this - the generated SW registration file with my changes looks like this:
import debug from 'debug';
import { register } from 'register-service-worker';
if (process.env.NODE_ENV === 'production') {
register(`${process.env.BASE_URL}service-worker.js`, {
ready(...args) {
log('App is being served from cache by a service worker.\n', ...args);
},
cached(...args) {
log('Content has been cached for offline use.', ...args);
},
updated(...args) {
log('New content is available; please refresh.', ...args);
},
offline(...args) {
log('No internet connection found. App is running in offline mode.', ...args);
},
error(error, ...args) {
log('Error during service worker registration:', error, ...args);
}
});
}
When I make a new build of the application, and I refresh the app in a browser, the updated() callback is executed, but nothing else is done. When I tried adding:
window.location.reload(true);
which should be a forced refresh, I just get a refresh loop. I'm assuming this is because the service worker cache is completely independent from the browser cache and unaffected by things like the above or Ctrl+F5. (Which makes the "please refresh" rather misleading.)
Since this is going to mimic a native app, and it's supposed to be a simple line-of-business tool, I don't really need to do anything more complicated than immediately reload to the new version of the app when an update is available. How can I achieve this?
Okay so the behaviour I've observed is that the update does happen automatically, it's just not obvious as to what the exact sequence of events is. I'll try to describe my best understanding of how the generated service worker works in the installed PWA scenario. I'll speak in terms of "app versions" for simplicity, because the mental model behind this is closer to how apps, not webpages work:
You deploy v1 of your application to a server, install / precache it on a device, and run it for the first time.
When you suspend and resume your app, it does not hit your servers at all.
The app will check for an update when it's either cold-started, or you reload the page, i.e. using the pull down gesture on Android.
(Possibly also periodically as the cached version goes stale, but I haven't checked this.)
Say you've deployed v2 of your app in the meantime. Reloading an instance of v1 of the app will find this update, and precache it.
(One reason why prompting the user to reload doesn't seem to make sense. Whatever the reloading is meant to accomplish has already happened.)
Reloading an instance of v1 again does absolutely nothing. The app remains running between reloads, and you'll just get v1 afterwards.
(Reason number two why prompting the user to reload is pointless - it's not what causes a new version of an app to load.)
However, next time you cold start your app - e.g. nuke it from the task switcher and reopen - v2 of your app will be loaded and I'm guessing v1 will get cleaned out. That is, your app must fully shut down so an update will load.
In short, for an application to be updated from v1 to v2, the following steps need to occur:
Deploy v2 to server
Refresh instance of v1 on device, or shut down and reopen the app.
Shut down and reopen the app (again).

Parse.Config does not work on Parse Server?

I can't seem to find anything official about this: Does Parse.Config work on Parse Server? It used to work on Parse.com but when I try to migrate to Parse.Server, when trying the REST API it seem to fail:
GET http://localhost:1337/parse/config
Passing in my app ID. I read somewhere Config does not work on Parse Server, but wanted to confirm
Although is not officially supported as mentioned on the docs,there is a way to make it work. It is still an experimental implementation though.
As mentioned here & here, you should set the environment variable:
PARSE_EXPERIMENTAL_CONFIG_ENABLED=1
Then restart your node server. In case you deployed it on heroku for example you should on cli heroku restart -a <APP_NAME>
If that doesn't work I would suggest to simply add your route with your configuration options on your project's index.js file where express is initialized like so.
var parseConfig = {
"params": { /*...put your options here*/ }
};
// :one? is for old SDK compatibility while is optional parameter.
app.all('/parse/:one?/config', function (req, res) {
res.json(parseConfig);
});

detecting users with hola extension

I want to know if users are using hola better internet to browse my site. Hola! is an extension that uses a peer to peer network so users can appear to be browsing from different countries. I am worried however that some bots are using this plugin as a proxy. From what I read it does not send the X-FORWARDED-FOR header, and does not seem to announce itself on the navigator.plugins - verified with panopticlick. This seems like a huge security issue, as this plugin has 42 million users..
I see people using it to see netflix from other countries, I guess they would love to stop it too.
How do I detect users who are using this plugin?
--EDIT--
Also, see this - luminati.io - what seems to be the worlds largest botnet for hire... i cant see how they wont piss off google like this. But this does look like a great security risk to any site on the web.
Looking at the source code of the plugin there is this:
function hola_ext_present(){
// Only <html> is present at document_start time, use it as a
// storage to communicate presence of extension to web page.
document.documentElement.setAttribute('hola_ext_present', 'true');
}
so basically something like:
document.documentElement.getAttribute('hola_ext_present');
will tell you if it is present or not.
I know this should be done on server side, but what I can think for now is doing it on the client side since hola when successfully loaded it creates an attribute on html tag named hola_ext_inject.
So using jquery :
$(function() {
var hola_inject = $('html').attr('hola_ext_inject');
if (typeof hola_inject !== typeof undefined && hola_inject !== false) {
console.log('plugin exist');
}
});

Front-end Ajax in ModX Revolution

What's the proper way for implementing front-end Ajax functionality in ModX Revolution? I like the idea of connectors and processors, but for some reason they are for back-end use only - modConnectorResponse checks if user is logged in and returns 'access denied', if he is not.
Inserting a snippet into resource and calling it by resource URL seems a one-time solution, but that doesn't look right to me.
So how do I get safe Connector-like functionality for front-end?
So, as boundaryfunctions said, it's not possible and ModX developers recommend using a resource with a single snippet included. But for those who despite the will of developers look for Connector-like functionality, there may be a solution made by guess who-- ModX core developer splittingred in Gallery extra. In connector.php, before handleRequest() call, there's a code that fakes authorisation:
if ($_REQUEST['action'] == 'web/phpthumb') {
$version = $modx->getVersionData();
if (version_compare($version['full_version'],'2.1.1-pl') >= 0) {
if ($modx->user->hasSessionContext($modx->context->get('key'))) {
$_SERVER['HTTP_MODAUTH'] = $_SESSION["modx.{$modx->context->get('key')}.user.token"];
} else {
$_SESSION["modx.{$modx->context->get('key')}.user.token"] = 0;
$_SERVER['HTTP_MODAUTH'] = 0;
}
} else {
$_SERVER['HTTP_MODAUTH'] = $modx->site_id;
}
$_REQUEST['HTTP_MODAUTH'] = $_SERVER['HTTP_MODAUTH'];
}
Works for me. Just need to replace first if condition with my own actions.
UPDATE: I forgot to mention that you need to pass &ctx=web parameter with your AJAX request, because default context for connectors is "mgr" and anonymous users will not pass policy check (unless you set access to the "mgr" context for anonymous users).
And also the code from Gallery extra I posted here seems to check some session stuff that for me doesn't work with anonymous front-end users (and works only when I'm logged in to back-end), so I replaced it with the next:
if (in_array($_REQUEST['action'], array('loadMap', 'loadMarkers'))){
$_SESSION["modx.{$modx->context->get('key')}.user.token"] = 1;
$_SERVER['HTTP_MODAUTH'] = $_REQUEST['HTTP_MODAUTH'] = 1;
}
I don't know if this code is 100% safe, but when anonymous user calls it, he doesn't appear to be logged in to Manager, and when admin is logged in and calls the action from back-end, he is not logged off by force. And that looks like enough security for me.
This solution is still portable (i.e. can be embedded into distributable Extra), but security should be researched more seriously for serious projects.
As far as I know, this is not possible in modX at the moment. It has already been discussed on the modx forums and filed as a bug here, but it doesn't look like anybody is working on it.
There are also two possible workarounds in the second link. Personally, I would favour putting the connector functionality into the assets folder to keep the resource tree clean.
There's a more complete explanation of the technique used in Gallery here:
http://www.virtudraft.com/blog/ajaxs-connector-file-using-modxs-main-index.php.html
It allows you to create a connector to run your own processors or a built-in MODX processors without creating a resource.

Resources