I have a strange issue where I have passed in parameters from a URL, into my Express server,
When I get the req.params.code & req.params.mode variables, they are different than what is passed in through the URL.
Allow me to show you...
Here is the Express code:
router.get('/verify/:user/:mode/:code', function(req,res){
console.log("STARTING VERIFICATION");
var code = req.params.code;
console.log('code: ' + code);
var user = req.params.user;
console.log('user: ' + user);
var mode = req.params.mode;
console.log('mode: ' + mode);
console.log('req.params: ' + JSON.stringify(req.params));
var regex = new RegExp(["^", req.params.user, "$"].join(""), "i");
console.log('REGEX: ' + regex);
var verified = false;
console.log('req.params: ' + req.params);
console.log('req.body: ' + req.body);
console.log("rx: "+ regex);
console.log('req.params.code: ' + req.params.code);
console.log('req.params.user: ' + req.params.user);
etc... etc... etc...
Here is the output in the console:
STARTING VERIFICATION
code: background-cycler.js
user: admin
mode: js
req.params: {"user":"admin","mode":"js","code":"background-cycler.js"}
REGEX: /^admin$/i
req.params: [object Object]
req.body: [object Object]
rx: /^admin$/i
req.params.code: background-cycler.js
req.params.user: admin
Here is the URL that is passed into the browser:
https://examplesite.com/verify/admin/sms/9484
I want to say that this code worked prior to dusting it off and moving an instance to google's cloud compute...
As you can see, the parameters passed in to the verify, code should be 9484 and mode should be sms. Instead i'm getting an unintended js filename, and a js mode instead.
UPDATE: As requested I added this within the Express route function:
console.log(req.originalUrl);
and I get this result:
/verify/admin/js/background-cycler.js
I can verify the URL that sent this was:
https://examplesite.com/verify/admin/sms/9484
Related
Good morning,
I am using this library (https://github.com/theoephraim/node-google-spreadsheet) to work with Google Sheets, and it seems like the authentication is working properly, but when I am recovering the sheets to work with them, it is throwing me a weird error and I don't know how to fix it.
It's not working the following code (in doc.getInfo):
function getInfoAndWorksheets (step) {
console.log('jj')
doc.getInfo(function (err, info) {
console.log('cvcv')
console.log(info)
console.log('Loaded doc: ' + info.title + ' by ' + info.author.email)
var sheet = info.worksheets[0]
console.log('sheet 1: ' + sheet.title + ' ' + sheet.rowCount + 'x' + sheet.colCount)
console.log(err)
step()
})
}
The error is the next one: err = Error: incorrect header check at Zlib._handle.onerror (webpack-internal:///./node_modules/browserify-zlib/lib/index.js:352:17) at Zlib._error (
You can see the error in the next photo:
https://www.photobox.co.uk/my/photo/full?photo_id=501798366536
Try this
const doc = new GoogleSpreadsheet('<Spreadsheet ID>', null, { gzip: false })
UPDATE 1: I've created a GIST with actual running code in a test jig to show exactly what I'm running up against. I've included working bot tokens (to a throw-away bot) and access to a telegram chat that the bot is already in, in case anyone wants to take a quick peek. It's
https://gist.github.com/pleasantone/59efe5f9d7f0bf1259afa0c1ae5a05fe
UPDATE 2: I've looked at the following articles for answers already (and a ton more):
https://github.com/francois2metz/html5-formdata/blob/master/formdata.js
PhantomJS - Upload a file without submitting a form
https://groups.google.com/forum/#!topic/casperjs/CHq3ZndjV0k
How to instantiate a File object in JavaScript?
How to create a File object from binary data in JavaScript
I've got a program written in casperjs (phantomjs) that successfully sends messages to Telegram via the BOT API, but I'm pulling my hair out trying to figure out how to send up a photo.
I can access my photo either as a file, off the local filesystem, or I've already got it as a base64 encoded string (it's a casper screen capture).
I know my photo is good, because I can post it via CURL using:
curl -X POST "https://api.telegram.org/bot<token>/sendPhoto" -F chat_id=<id> -F photo=#/tmp/photo.png
I know my code for connecting to the bot api from within capserjs is working, as I can do a sendMessage, just not a sendPhoto.
function sendMultipartResponse(url, params) {
var boundary = '-------------------' + Math.floor(Math.random() * Math.pow(10, 8));
var content = [];
for (var index in params) {
content.push('--' + boundary + '\r\n');
var mimeHeader = 'Content-Disposition: form-data; name="' + index + '";';
if (params[index].filename)
mimeHeader += ' filename="' + params[index].filename + '";';
content.push(mimeHeader + '\r\n');
if (params[index].type)
content.push('Content-Type: ' + params[index].type + '\r\n');
var data = params[index].content || params[index];
// if (data.length !== undefined)
// content.push('Content-Length: ' + data.length + '\r\n');
content.push('' + '\r\n');
content.push(data + '\r\n');
};
content.push('--' + boundary + '--' + '\r\n');
utils.dump(content);
var xhr = new XMLHttpRequest();
xhr.open("POST", url, false);
if (true) {
/*
* Heck, try making the whole thing a Blob to avoid string conversions
*/
body = new Blob(content, {type: "multipart/form-data; boundary=" + boundary});
utils.dump(body);
} else {
/*
* this didn't work either, but both work perfectly for sendMessage
*/
body = content.join('');
xhr.setRequestHeader("Content-Type", "multipart/form-data; boundary=" + boundary);
// xhr.setRequestHeader("Content-Length", body.length);
}
xhr.send(body);
casper.log(xhr.responseText, 'error');
};
Again, this is in a CASPERJS environment, not a nodejs environment, so I don't have things like fs.createReadableStream or the File() constructor.
I'm looking for a way to give my SharePoint users a way to create new wiki pages from an existing template. In the process of researching I found a great walkthrough that seems to fit the need (http://www.mssharepointtips.com/tip.asp?id=1072&page=2), but I'm having trouble getting it to work. The problem seems to lie in the assignment of a path to PATHTOWIKI-- if I use "/Weekly Update Wiki", the script returns an error of "There is no Web named '/Weekly Update Wiki'." If I use "Weekly Update Wiki" without the forward slash, I instead get an error of "There is no Web named '/sites/[parentSite]/[childSite]/Weekly Update Wiki/Weekly Update Wiki'."
Any ideas about what I'm not understanding here?
function myCreateProject() {
// Configure these for your environment
// include no slashes in paths
var PATHTOWIKI = "Weekly Update Wiki";
var PATHTOPAGES = "Pages";
// file name only for template page, no extension
var TEMPLATEFILENAME = "Template";
var myPathToWiki = encodeURIComponent(PATHTOWIKI);
var myPathToPages = PATHTOPAGES + "%2f";
var myTemplateFileName = encodeURIComponent(TEMPLATEFILENAME) + "%2easpx";
var EnteredProject = document.getElementById("NewProjName");
var myNewName = EnteredProject.value;
if(myNewName == "") {
alert('Please enter a name for the new project page');
} else {
myNewName = encodeURIComponent(myNewName) + "%2easpx"
$.ajax({
url: PATHTOWIKI + "/_vti_bin/_vti_aut/author.dll",
data: ( "method=move+document%3a14%2e0%2e0%2e4730&service%5fname="
+ myPathToWiki +
"&oldUrl=" + myPathToPages + myTemplateFileName +
"&newUrl=" + myPathToPages + myNewName +
"&url%5flist=%5b%5d&rename%5foption=nochangeall&put%5foption=edit&docopy=true"
),
success: function(data) {
var rpcmsg1 = getMessage(data, "message=", "<p>");
$("#myInfo").append("<br />" + rpcmsg1);
if(rpcmsg1.indexOf("successfully") < 0) {
// get error info
var rpcmsg2 = getMessage(data, "msg=", "<li>");
$("#myInfo").append("<br />" + rpcmsg2 + "<br />");
} else {
$("#myInfo").append("<br />Go to new page<br />");
}
},
type: "POST",
beforeSend: function(XMLHttpRequest) {
XMLHttpRequest.setRequestHeader("X-Vermeer-Content-Type",
"application/x-www-form-urlencoded");
}
});
}
}
Update: I figured out what needed to happen in my case. Since I couldn't get a grasp on the relative approach, I just went with the absolute path for PATHTOWIKI and slightly modified the append in the ajax call.
PATHTOWIKI:
var PATHTOWIKI = "https://[domain]/sites/[parentSite]/[childSite]";
append:
$("#myInfo").append("<br />Go to new page<br />");
The change in the latter line of code is subtle; since I used an absolute path in PATHTOWIKI, I just removed the leading forward slash in the anchor tag, so that <a href=\"/" became <a href=\"". This renders the script slightly less portable, but since it's a one-off effort I'll stick with this unless anything comes along to expand the scope.
Can someone please help me out on this?
I have spent a considerable amount of time setting up PhantomJS to save JPGs of specific web-pages and it works/ed really well until I went to deploy it on a machine which accesses the net through a proxy.
Now, whatever I try, I can not get the authentication right?
Has anyone EVER managed to do this?
I am using command line arguments:
--proxy=xx.xx.xx.xx:8080
--proxy-type=http
--proxyAuth=myusername:mypassword
I have checked on the Proxy (TMG) which still insists that my username is anonymous rather than the one which I am sending through using the command line.
From the --debug, I am able to see that proxy, proxyType and proxyAuth have all been populated correctly so PhantomJS is understanding the command line, yet when it runs, it still returns 'Proxy requires authentication'
Where am I going wrong?
Thanks for reading this and, hopefully, helping me out
BTW - I am using Windows 7 - 64 bit
OK, so I've done a whole load of digging on this and have got it working. So I thought I would publish what I found in case it might help someone else.
One of the things that I found when I was searching around is that there was a bit of a discussion about the inclusion of the following in the headers which are submitted by the JS which is used to drive PhantomJS:
page.customHeaders={'Authorization': 'Basic '+btoa('username:password')};
rather than using
page.settings.userName = 'username';
page.settings.password = 'password';
which will not work. Please refer to Previous Discussion
This is fine if you are using basic levels of authentication on the proxy. It will not work if you are using Integrated Authetication as this will still require NTLM/Kerberos or whatever.
The way around this is to change the settings on the client.
You need to allow the client access to the outside world WITHOUT it routing through the proxy. Certainly in TMG, this is done by changing the settings which apply to the Client Network Software which is installed on the client hardware.
By allowing the PhantomJS Executable to bypass the proxy, you will overcome the problems which I and many others have experienced but you will still have a bit of an issue as you will have just broken your system security so be aware and hope that there is a new version PhantomJS which handles NTLM/Kerberos.
Alternatively, change your Proxy to use Basic Authentication which will allow the use to the customHeaders solution to work as above but this is potentially an even greater risk to you security than allowing the client to bypass the proxyy.
var page = require('webpage').create(),
system = require('system'),
fs = require('fs'),
fileName = 'phantomjs',
extension = 'log',
file = fs.open(fileName + '.' + extension, 'w'),
address,
output,
delay,
version = phantom.version.major + '.'
+ phantom.version.minor + '.'
+ phantom.version.patch ;
if (system.args.length === 1){
console.log('Usage: example.js <some URL> delay');
phantom.exit();
}
// Handle the command line arguments
address = system.args[1];
output = system.args[2];
delay = system.args[3];
// Write the Headers into the log file
file.writeLine("PhantomJS version: " + version);
file.writeLine("Opening page: " + address);
file.writeLine("Writing image to: " + output);
file.writeLine("Applying a delay of: " + delay + " milliseconds");
function quit(reason, value) {
console.log("Quit: " + reason);
file.writeLine("Quit: " + reason);
file.close();
if (value !== 1){
// If there has been an error reported, stick a datetime stamp on the log to retain it
var d = new Date();
var dateString = d.getFullYear().toString() +
((d.getMonth() + 1) <= 9 ? '0' : '') + (d.getMonth() + 1).toString() +
(d.getDate() <= 9 ? '0' : '') + d.getDate().toString() +
(d.getHours() <= 9 ? '0' : '') + d.getHours().toString() +
(d.getMinutes() <= 9 ? '0' : '') + d.getMinutes().toString() +
(d.getSeconds() <= 9 ? '0' : '') + d.getSeconds().toString();
fs.move(fileName + '.' + extension, fileName + '_' + dateString + '.' + extension);
}
phantom.exit(value);
}
page.onResourceError = function(resourceError) {
page.reason = resourceError.errorString;
page.reason_url = resourceError.url;
};
page.onError = function (msg, trace) {
console.log(msg);
file.writeLine(msg);
trace.forEach(function(item) {
console.log(' ', item.file, ':', item.line);
//file.writeLine(' ', item.file, ':', item.line);
})
quit("Failed", 0);
}
page.onResourceRequested = function (request) {
file.writeLine('Request: ' + JSON.stringify(request, undefined, 4));
};
page.onResourceReceived = function (response) {
file.writeLine('Receive: ' + JSON.stringify(response, undefined, 4));
};
// Set a user agent - if required
//page.settings.userAgent = 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; .NET CLR 1.1.4322)';
// And open the page
page.open(address, function (status) {
if (status !== 'success') {
console.log('Unable to load the address: \"' + page.reason_url + '\": ' + page.reason);
file.writeLine('Unable to load the address: \"' + page.reason_url + '\": ' + page.reason);
quit("Failed", 0);
}
else {
window.setTimeout(function() {
console.log('Saving the page!');
file.writeLine('Saving the page!');
page.render(output);
quit("Finished", 1);
}, delay);
}
});
I have an application that uses a flex form to capture user input. When the user has entered the form data (which includes a drawing area) the application creates a jpg image of the form and sends back to the server. Since the data is sensitive, it has to use https. Also, the client requires both jpg and pdf versions of the form to be stored on the server.
The application sends data back in three steps
1 - send the jpg snapshot with ordernumber
2 - send the form data fields as post data so it is not visible in the address bar
3 - send the pdf data
I am sending the jpg data first using urlloader and waiting for the server to respond before performing opperation 2 and 3 to ensure that the server has created the record associated with the new orderNumber.
This code works fine in IE over http. But If I try to use the application over https, IE blocks the page response from store jpg step and the complete event of the urlloader never fires. The application works fine in FireFox over http or https.
Here is the crossdomain.xml (I have replaced the domain with ""):
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.<mydomain>.com" to-ports="*" secure="false"/>
<allow-http-request-headers-from domain="*.<mydomain>.com" headers="*">
</cross-domain-policy>
Here is the code that is executed when the user presses the submit button:
private function loaderCompleteHandler(event:Event):void {
sendPDF();
sendPatientData();
}
private function submitOrder(pEvt:MouseEvent):void
{
//disable submit form so the order can't be submitted twice
formIsValid = false;
waitVisible = true;
//submit the jpg image first with the order number, userID, provID
//and order type. The receiveing asp will create the new order record
//and save the jpg file. jpg MUST be sent first.
orderNum = userID + "." + provID + "." + Date().toString() + "." + orderType;
var jpgURL:String = "https://orders.mydomain.com/orderSubmit.asp?sub=jpg&userID=" + userID + "&provID=" + provID + "&oNum=" + orderNum + "&oType=" + orderType;
var jpgSource:BitmapData = new BitmapData (vbxPrint.width, vbxPrint.height);
jpgSource.draw(vbxPrint);
var jpgEncoder:JPEGEncoder = new JPEGEncoder(100);
var jpgStream:ByteArray = jpgEncoder.encode(jpgSource);
var header:URLRequestHeader = new URLRequestHeader ("content-type", "application/octet-stream");
//Make sure to use the correct path to jpg_encoder_download.php
var jpgURLRequest:URLRequest = new URLRequest (jpgURL);
jpgURLRequest.requestHeaders.push(header);
jpgURLRequest.method = URLRequestMethod.POST;
jpgURLRequest.data = jpgStream;
//navigateToURL(jpgURLRequest, "_blank");
var jpgURLLoader:URLLoader = new URLLoader();
try
{
jpgURLLoader.load(jpgURLRequest);
}
catch (error:ArgumentError)
{
trace("An ArgumentError has occurred.");
}
catch (error:SecurityError)
{
trace("A SecurityError has occurred.");
}
jpgURLLoader.addEventListener(Event.COMPLETE, loaderCompleteHandler);
}
private function sendPatientData ():void
{
var dataURL:String = "https://orders.mydomain.com/orderSubmit.asp?sub=data&oNum=" + orderNum + "&oType=" + orderType;
//Make sure to use the correct path to jpg_encoder_download.php
var dataURLRequest:URLRequest = new URLRequest (dataURL);
dataURLRequest.method = URLRequestMethod.POST;
var dataUrlVariables:URLVariables = new URLVariables();
dataUrlVariables.userID = userID
dataUrlVariables.provID = provID
dataUrlVariables.name = txtPatientName.text
dataUrlVariables.dob = txtDOB.text
dataUrlVariables.contact = txtPatientContact.text
dataUrlVariables.sex=txtSex.text
dataUrlVariables.ind=txtIndications.text
dataURLRequest.data = dataUrlVariables
navigateToURL(dataURLRequest, "_self");
}
private function sendPDF():void
{
var url:String = "https://orders.mydomain.com/pdfOrderForm.asp"
var fileName:String = "orderPDF.pdf&sub=pdf&oNum=" + orderNum + "&oType=" + orderType + "&f=2&t=1" + "&mid=" + ModuleID.toString()
var jpgSource:BitmapData = new BitmapData (vbxPrint.width, vbxPrint.height);
jpgSource.draw(vbxPrint);
var jpgEncoder:JPEGEncoder = new JPEGEncoder(100);
var jpgStream:ByteArray = jpgEncoder.encode(jpgSource);
myPDF = new PDF( Orientation.LANDSCAPE,Unit.INCHES,Size.LETTER);
myPDF.addPage();
myPDF.addImageStream(jpgStream,0,0, 0, 0, 1,ResizeMode.FIT_TO_PAGE );
myPDF.save(Method.REMOTE,url,Download.ATTACHMENT,fileName);
}
The target asp page is not sending back any data, except the basic site page template.
Can anyone help me figure out how to get around this IE crossdomain issue? I have turned off the XSS filter in IE tools security settings, but that still didn't solve the problem.
THANKS
Do everything over https. Load the swf from an https url. Send the initial form post via https. Send the images via https.