I don't want to login manually to SSH each time I want to start a PHP websocket server, so I am looking for a way to do it automatically after 1 click on a HTML button (using AJAX).
The AJAX calls a PHP file which should execute this command
php /public_html/myServer/server.php to start the websocket server.
I know I can execute SSH commands with PHP's shell_exec function like posted here, but this is not async because the AJAX call won't continue/finish until the websocket closes.
So in short does somebody knows a nice and async way to execute the earlier mentioned SSH command trough PHP, preferably without any additional extension or library?
ps: The websocket server should still be running on the hosting server when I close my internet browser, the only way to stop the server is to press a other HTML button which send the stop command trough SSH.
Related
I'm following the steps in go quickstart gmail api.
On the function getTokenFromWeb, pasting either the long url
https://accounts.google.com/o/oauth2/auth?access_type=offline&client_id=abcdefg.apps.googleusercontent.com&redirect_uri=http%3A%2F%2Flocalhost&response_type=code&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fgmail.readonly&state=state-token
or
http://localhost:8000
results in
This site can't be reached. localhost refused to connect. ERR_CONNECTION_REFUSED
Following the same quickstart but for python works flawlessly.
If I get the token via python and use it in Go quickstart, it also works. So the issue is just on the token from web retrieval.
The issue you are having is related to the removal of oob. When that sample was originally created oob still worked. So it would display a nice web page for you where you could copy the authorization code.
That no longer works so we are forced to use http://127.0.0.1 or localhost. As your machine apparently does not have a web server running its displaying to you a 404 error.
However if you look in the URL bar you will find the authorization code you need in order to authorize your application.
The solution is to simply copy the code from the url bar. If you want to fix the 404 your going to have to figure out how to start a web server in order to host the http://127.0.0.1 from.
The python sample does this by running a local server
creds = flow.run_local_server(port=0)
Php can do it using something like this
php -S localhost:8000 -t examples/
Im not sure how that can be done with Go though.
Windows desktop tools like Azure Storage Expoler and Azure CLI support using a browser to authenticate. For example, for Azure ClI the sequence is:
az login
Web Browser launches
The request is redirected to an localhost address
SUCCESS
Flow
I imagine the process to be something like the following:
Login option is run in an application like Azure CLI's az login, Azure Storage Explorer etc.
The application starts a http server on a ~random port.
The application opens the default browser at
https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize?
client_id=...
&response_type=code
&redirect_uri=http://localhost:56094 <--- !
&...
After authenticating successfully the browser makes a http request to the redirect_uri with a code
The application uses the code <here my understanding ends>
...with some extra information that cannot be sniffed over the localhost list...
...to obtain access and refresh tokens
...or the code is used directly as access token
Question(s)
How is the code from the localhost request used and how is the flow protected from sniffing the localhost traffic (AFAIK while localhost cannot be redirected it can be recorded)?
If I had to guess.
localhost can't be over https because there shouldn't be a certificate for that address. So if using you really want to make sure secrets aren't passed
The localhost port is allocated and binded to first. That is, the socket listening on port 64656 in your picture is created, binded to and sets the SO_EXCLUSIVEADDRUSE flag via setsockopt. That should do a reasonable job of preventing other bad guy processes from trying to get in on the same port.
Then the URL it forms with http://localhost:port can be formed knowing that the browser process, when it hits that URL, will hit the socket established in the last step.
Further, I would also hope that all the HTTP and HTTPS sessions in the flow have the no cache flag or equivalent flags to tell the browser to not record these URLs in the history. I suppose you could press F12 on that browser window and observe.
I would also hope that the redirect URL has an attribute containing a nonce or random number that the localhost server is expecting. That way, it can get some validation that the redirect came from the same browser session as the control.
Secure? Mostly. You don't have to worry about anything external trying to eavesdrop on the data being passed on those URLs. Hypothetically, malware could get on the box and sniff your localhost traffic or simply monitor your keystrokes. But if that's the case, it's already game over.
In our product code, we host oauth dialogs using embedded browser controls such as the WebView2 or legacy Trident controls. Those browser controls allow the host EXE to listen for navigation events and monitor the URL that would appear in the address bar (had we opted to show it). We can simply have the redirect be a bogus URL and just close the window when we see the redirect being passed the secret.
I've made an app using Flask, that has a backend process that is initiated by the user.
When the user initiates the process, some data is sent to Flask via jQuery AJAX, which is then processed, and the results are returned.
This process can take between a few seconds and up to around a minute, so I have a 'please wait' modal on the front end while waiting for the AJAX response from the backend.
Is there a way I can send interim data to the front end, to update the 'please wait' modal, while the backend process is doing its thing?
The backed process performs iterations until it is satisfied. So ideally I would like to be able to display to the user how many iterations it has performed.
Initially I thought that there might be something within Flask's 'flash' message feature. But it seems that this relates more to redirects in a route, rather than AJAX calls to a route.
Any suggestions would be appreciated.
Cheers,
Hugh
Yes you can do it, but not with AJAX, becuse the HTTP comunication is only client to server, so you cant update asynchronously your clinent with HTTP, so you need to use other protocol. I highly recommend to use SocketIo, this protocol allows to you to send mensagens asynchronously from server to update your front, becuse this protocol persist the user in server. With this protocol(for example) you can make a chat room, like WhatsApp. for more information see Documentation SocketIo Flask Extension
I have a website in which there is chatroom where I use to send AJAX request to check if a person received a new message or not. If a new message is received, it gets appended to the DOM without refreshing the page (like Facebook).
I am using:-
setInterval(check_if_new_message, 1000);
i.e. one AJAX request to check message every one second.
This was working fine as it was supposed to when I was trying to run on the local server. But then I bought Starter Shared Linux Hosting on GoDaddy and then my ajax requests are not working properly. First 100-150 requests are working fine but after that, it stars giving an error like net::ERR_CONNECTION_CLOSED in the console of the browser.
setInterval(check_if_new_message, 1000);
You can see that you are using:
setInterval(check_if_new_message, 1000);
That means you are calling check_if_new_message after every 1 second. This works well in the localhost because it is on your computer. But when you try this on a live server, you will get:
net::ERR_CONNECTION_CLOSED
This is because your server can not handle so many requests. Your server may have less RAM.
This is not a good practice for a real-time chat application.
If you want to make a realtime chat application use WebSocket for that.
Useful resources for WebSocket:
What is WebSocket?
WS library
Query mainly due to trying to do this using Selenium but I see exactly the same behaviour if I repeat manually so I guess it's a general Chrome question.
So what I'm trying to do is use Chrome with some Selenium tests. Tests happen on a remote machine running 64 bit Ubuntu Linux (running Selenium Server) and are driven from my machine running 64 bit W7 Pro. Scripting is done in Python. Chrome is up to date, Selenium Server is up to date, as is Chromedriver.
The site I'm working on (still in development) uses a lot of AJAX/jQuery calls. It uses basic authentication to log you in.
Using Chrome, if I pass in the login credentials in the URL (as you have to with Selenium it seems) it gets me onto the site OK. Page navigation works OK. But AJAX requests fail as the basic authentication credentials are not added to the header for the request. If I log in via standard URL (manually enter ID + PW) the AJAX requests work OK. I see the same behaviour on Linux and Windows if I try it manually. Using FireFox, it all works OK - the AJAX requests have the authentication header as they're supposed to, regardless how you authenticate. Credentials are carried through correctly throughout. I've checked all the requests using Fiddler and can see the missing header for the Chrome AJAX request when passing in the credentials via the URL.
I did try and use the popup login box instead, but that appears to be a non-starter. Selenium hangs on the initial GET, and until you clear the popup, control is not passed back to the script. So I have no way of sending keys to it. I also tried navigating by using window.location.href = "url" directly, instead of the selenium "get". No luck that way either. And finally, if I reduce the page load timeout, wait for it to fail, and then try and pick up the popup, that doesn't work either. When it times out, the popup is removed.
At this point. I've just about given up. I can't use user profiles as it's a daily changing password (work thing) so theres no point in storing it.
I'm not the developer. I don't know JavaScript terribly well. I've spoken to the lead dev and their response is that this is a Chrome bug and nothing they can fix.
Does anyone concur? Or have a way round this. I'm snookered at the moment because of it ...
If you are facing Basic authentication issues, try authenticateUsing() method.
The Alert Method, authenticateUsing() lets you skip the Http Basic Authentication box.
WebDriverWait wait = new WebDriverWait(driver, 10);
Alert alert = wait.until(ExpectedConditions.alertIsPresent());
alert.authenticateUsing(new UserAndPassword("USERNAME", "PASSWORD"));
PS: Change the syntax for Python bindings