I'm developing an application with Couchbase Lite on client side, and Couchbase Sync Gateway on server side.
On server-side, I manage "access grant" documents. When such a document is created, the user given in that document is granted access to a channel. Obviously, when such a document is removed, access grant is revoked. It is indeed the case, excepted for one point.
Suppose I have one document that is published in the channel my user is granted access to. Then I delete the document. According to Couchbase documentation, once the document is removed, the user has no more access to the channel denoted in access grant.
Unfortunatly, the documents that were published into that channel have already been synchronized with user couchbase lite DB. Hence my question : I would like to have documents associated with channels for which the user have no more access be deleted from couchbase lite. But how can I do that ? It doesn't seems that either replication or lvie queries can allow this. So, is there a specific mechanism that can allow me to receive that kind of event ? Is there an API I do not yet know ?
Documents are assigned to channels. Users are given access to channels.
If a document is removed from a channel, this event is synced to a client.
Currently there is no support for notifying a client that it has lost access to a document because it has lost rights to read from a channel.
This is a difficult problem. For example, since a document may be assigned to many channels, revoking access to a channel (or even a set of channels) does not mean a client no longer has access to the document.
To see two possible approaches to work around this, see this GitHub issue comment series.
You can create a webhook service which can run when a document is deleted and run it as a Lambda service or something of that sort, or on your own application server. Whenever a document is removed, you can remove the channel from the sync_gateway user.
For couchbase sync gateway's webhook documentation, refer here: https://developer.couchbase.com/documentation/mobile/current/guides/sync-gateway/server-integration/index.html
I know it is a longer process and there should be a better way to do this, but, this is the only solution I can think of.
Related
As part of my project, I'd like to use microservices. The application is a store website where the admin can add products and the user can order and buy them.
I envision implementing four services: admin service, user service, product service, and order service.
I had trouble with handling data between multi services but it's solved by duplicating some necessary data using message brokers.
I can do this solution between product and user and order service because I need some of the data not all of them
Now, my question is about handling admin service because in this service I need to access all of the data, for example, the admin should have a list of users and the ability to add new products or update them.
how can I handle data between these services and the admin service?
should I duplicate all data inside the admin service?
should I use Rest API?
no thats wrong. it seems you want run away from the fact. in general duplication is an anti-pattern mostly in case you describe.
the way you thinking about admin-service is wrong.
because in this service I need to access all of the data
i dont think you need to have such a service. accessing the data based on users must be handled by Identity server(oidc Oauth) which is the separated service and handle the accessing end points .
for example the product-service provides 1-return product list 2-return individual product data 3-create data. the first two can access by both user and admin but the 3rd must be accessed by admin. one of identity server duty is to identify user in case of user interaction(login) with services.
ADMIN Scenario
user-client request create product endpoint(services eg:product.service).
client-app(front end app) is configed with identity server and realize there is no require identity tokens and redirect to identity server login.
NOTE: there is also identifying the client-app itself i skipped.
user-client login and get require token that based on his claims and roles and etc.
user-client request create product endpoint with tokens included in request header
endpoint (product service) receives the request and check the header (the services also configured base on identity server and user claims)
get the user claims info.
the create-product requires admin role if its there then there we go otherwise no access.
the image uses identity server 4 . there are also several kinds and also you can implement by your self using 0AUTH and oidc protocol libraries.
so the admin just request to the certain service not getting data through the separate service for this goal.
Communication between Service:
the most struggling part of microservices is the wiring it up. the wiring is directly the consequence of your design.(recommand deep study on Domain Driven Design).
asynchronous communication :
to avoid coupling between services mostly use asynchronous communication which you pass event eg:brokers like rabbitmq and kafka..etc , redis etc. in this communication the source service who send event does not care about response and not wait for it.just it always ready to listen for any result event. for example
the inventory service creates item
123|shoe-x22|22units
and this service fire event with data 123|shoe-x22(duplicate maybe or maybe not just id) to product service to create but it does not wait for response from product service that is it created successfully or not.
as you see this scenario is unreliable in case of fault and you need handle that so in this case you have to study CAP theory,SAGA,Circuit-breaker.
synchronous communication :
in this case the service insist to have response back immediately. this push service to become more coupling. if you need performance then you can use gRPC communication other wise simple api call to the certain service. in case of gRPC i recommand using libraries like MassTransit
which also can be used for implementingf gRPC with minimum coupling.
Some of Requests need data from multiple services
if you are in such situation you have two options.
mostly microservices architecture using APIGATE WAY (EG:nginx,OCELOT,etc)
which provide reverse-proxy,load balancing,ssl terminations etc. one of its ability is to merge the multiple responses from a request.but it just merge them not changing the data structure of response.
in case of returns desire response data structure you may create an Aggregator service which itself calls other two, gathers data and wrap it in desire format and return it.
so in the end still the Domain Driven Design is the key and i think i talked tooooo much. hope help you out there.
I am working with Google Firestore in native mode and CRUD'ing data within it using the "cloud.google.com/go/firestore" api in Go. Access to the data is wide open as long as you know the project id and using the Firestore API on a server. I don't want to try the rules until I figure out how to secure the data from server attacks that. Again, all the API requires is the project id to access the data so I need to lock that down firstly before I move any further. Rules are only for mobile/web clients from what I read and Server side clients completely bypass the rules. Please help. I do not want to use the Firebase API because attackers can still use the Firestore api to access the data.
It's unclear from the limited information in your question but, your Firestore database is not open to anyone with the Project ID.
The service is only accessible to any thing (human|machine) that has valid credentials. Either humans with e.g. Gmail accounts or Service Account key holders.
In either case, only identities that you've explicitly added to the project will be able to access its resources and then only those with the appropriate IAM roles|permissions.
Google provides an elegant facility called Application Default Credentials (ADCs) that simplifies authenticating clients.
I suspect that your code is using ADCs to authenticate you to the project|service.
Access to the data is wide open as long as you know the project id and using the Firestore API on a server.
If that is a concern, consider disallowing all access in the Firebase security rules for your Firestore database.
Also have a look at my answer here to understand why sharing your project ID is not a security concern, and in fact is necessary if you want to allow direct access from client-side devices: Is it safe to expose Firebase apiKey to the public?. If you don't want to allow direct client-side access, closing down the security rules (as they are by default, unless you choose test mode when creating the database) is the way to go.
Does anyone know how to get the information about user device that access the bot deployed in S4B channel and built using MS Bot Framework (C#).
I need to know about the options to detect the user device (Device type and OS) accessing the Skype For Business Bot. If there's a way to know whether user device is desktop or mobile. In bot framework the User-Agent header formatted similar to the string below:
SFBUserAgent (Microsoft-BotFramework/3.1+https://botframework.com/ua)
(The user agent from Connector returns the following:
fxversion/4.7.2563.0 osname/windowsserver2016datacenter osversion/6.3.14393 microsoft.bot.connector.connectorclient/3.14.1.1)
I want to know if UCWA can be used to detect the device type accessing Skype For Business bot.
UCWA is not able to do so, actually no client or client-facing api can provide such information. It's because User-Agent information is not part of the presence so the client doesn't publish it to other clients. The main purpose of this User-Agent information is for monitoring reporting purpose.
However there is still some space from server side to allow us to do something. If you have access to the Skype for Business server, you have several workarounds.
Get-CsConnections.ps1 is a well-known script to pull current logged in user from Lync server side. It was written in 2011 while we only had Lync 2010, but good news is it works fine with new version of Lync like Lync Server 2013, Skype for Business server 2015. This script needs to be run in Lync/Skype management shell or a Powershell session with Lync/Skype modules imported. It needs to run by using an Lync/Skype admin account.
To retrieve user agent for a particular user by using sip uri.
$UserHomePool = (Get-CsUser -Identity [sip address]).RegistrarPool
Get-CsConnections.ps1 -SipAddress [sip address] -Pool $UserHomePool
Connections.ps1 is the prototype script of the above Get-CsConnections.ps1, it's simpler but doesn't provide advanced features. You can look at it and decide which one you need.
Do it yourself. If you don't want to use 3rd party script or just want to do it in a simplest and pure way, it's possible to do it by querying it from server database. Lync/Skype server stores this user agent information in the dynamic database in Front End server. It's in the table dbo.RegistrarEndpoint of the database rtcdyn of the instance rtclocal.
Please notice that there is no public document about the database schema so you need to do a little guess and hacking yourself. Good news is all data in the database is strored in readable format so it shouldn't be a big issue.
In a very rare chance that you are not wanting this information in real-time, the monitoring report and database can be the best approach. It's not real-time data, the data is generated within 10 mins after a conversation is ended.
If you want to get it from monitoring database, you should look at SessionDetails view for P2P conversation and ConferenceSessionDetails for conference conversation. There are straighforward fields in the views called something like UserClientType to point out the user agent information for the certain session.
At last one thing I would like to remind is Skype allows user to logged in multiple clients simultaneously, so no matter how you make it work you still need to face the question which logged in client really matters to you if the user has multiple clients logged in.
So I want to create some sort of anonymous chat application. The model includes a single server (centralized) and multiple clients.
The server takes no records of the chat and also no records of who has connected amd such to maximise privacy the messages are also encrypted. You get the idea.
Now, my question was: say someone sent a link to a warez site or something deemed somewhat questionable or outright illegal. Who would get into trouble? The server owner or the client? Take into account that the server only provides a means to communicate between clients and holds no information other than the brief time it needs to receive and send.
Same thing with bots connecting to the server and using it for a communication portal for a botnet.
Thanks in advance.
I have implemented a feature in my application that allows registered users to send an email to a gmail account, which my server polls using Spring Integration, and then if it recognises the sender, stores the subject and body content in a database (via JPA).
I also want to allow users to be able to send files as attachments to these emails which I plan to store on AWS.
I'm sure there must be security implications with both of these features, but I'm not aware of what they might be.
So my question is, what are the security implications of allowing users to store email content in my DB and attached files on AWS?
TIA
You could have some problems when you will have many emails to process using a single email account (probably not a problem at the beginning). Also making yourself dependent on an external email provider may sound for you clients really unreliable (depending on your clients/business). Also someone could eat up all your space on gmail by sending too many emails that don't get deleted on time. Also when storing the files in AWS you must store the files with random filenames. Probably you will have to read some tutorials for that.