I am working on a Google Chrome extension.
The optional permission is what I need.
According to the documentation here The user can request permission on demand. And the code is like this:
document.querySelector('#my-button').addEventListener('click', function(event) {
// Permissions must be requested from inside a user gesture, like a button's
// click handler.
chrome.permissions.request({
permissions: ['tabs'],
origins: ['http://www.google.com/']
}, function(granted) {
// The callback argument will be true if the user granted the permissions.
if (granted) {
doSomething();
} else {
doSomethingElse();
}
});
});
What does the origins: ['http://www.google.com/'] mean in the object that are passing to chrome.permissions.request?
Related
I have an array of valid URLs for a user.
let validUrls = ["*.example.com", "*.foo.com"]
I want to request permission to run my contentScript.js if the activeTab is on a domain that is a validUrl.
Without the user accepting permission first, I don't seem to get the active tab URL, so I am in a catch 22.
chrome.tabs.onUpdated.addListener((tabId, changeInfo, tab) => {
console.log("Tab Changed: ", changeInfo, tab);
chrome.scripting.executeScript(
{
target: { tabId: tabId },
func: checkPermissions,
args: [tab.url], // Null because no permission is granted yet
},
(result) => {
console.log(result);
}
);
});
I would like only to be requesting the activeTab permission and not the tabs permission.
My aim is sending email for sign up users using Firebase function and authentication.
I followed Firebase example.
But it tells below error message.
The provided dynamic link domain is not configured or authorized for
the current project
My code is at below.
const actionCodeSettings = {
url: 'https://www.example.com/finishSignUp?cartId=1234',
handleCodeInApp: true,
iOS: {
bundleId: 'com.example.ios'
},
android: {
packageName: 'com.example.android',
installApp: true,
minimumVersion: '12'
},
dynamicLinkDomain: 'example.page.link'
};
exports.sendmail = functions.https.onRequest((req, res) => {
return cors(req, res, () => {
firebase.auth().sendSignInLinkToEmail("sungyong#humminglab.io", actionCodeSettings)
.then((userCredential) => {
res.status(200).send(userCredential);
res.status(200).send(userCredential);
return;
})
.catch(error => {
// Handle Errors here.
var errorCode = error.code;
var errorMessage = error.message;
console.log(error)
// ...
res.status(400).send(error);
});
});
});
Here are my configuration at my console.
example.page.link is not configured as a dynamic link domain for your project.
You need to use one you own. You can get that from "Dynamic Links" under "Grow" in the left menu of the Firebase Console.
If you don't need to use dynamic links with mobile flows, just change to:
const actionCodeSettings = {
// Replace this URL with the URL where the user will complete sign-in.
url: 'https://www.example.com/finishSignUp?cartId=1234',
handleCodeInApp: true
};
Add "example.page.link" in the Authorised domain instead of www.example.com.
Because example.page.link is your domain id.
I am trying to implement node-acl with mongodb and express to allow control over each document e.g
User view all documents
User can only edit/delete their own documents.
I have taken this approach:
When user signs up, I use a post save hook to create a user and assign it a role:
UserSchema.post('save', function(doc) {
var roles = doc.roles || [];
if (!roles.length) {
roles = ['user'];
}
acl.addUserRoles(doc._id.toString(), roles, function(err) {
console.log(err, 'added user');
});
});
Now that the user has been created in the system, they can now create an trip. Like above, I use the post save hook to add the given permissions to the given user over the given resource:
TripSchema.post('save', function(trip) {
acl.allow(trip.user.toString(), '/trips/' + trip._id, '*', function(err) {
});
});
I then use a custom simple middleware function to check the given user has access to the given resource with the given permissions:
var middleware = function (req, res, next) {
acl.isAllowed(req.user._id.toString(), req.path, ['put'], function (err, allow) {
if (allow) {
next()
}
res.status(403).send({});
});
};
However, allow is always false and I think it may be to do with what permissions the user has been assigned.
acl.whatResources(req.user._id.toString(), function (err, roles) {
console.log(err, roles);
// roles === { '/trips/56933aedc012523c352d3d85': [ 'put' ] }
});
From the above I can assume that the user has 'put' as a permission on the '/trips/56933aedc012523c352d3d85' resource
I also tried checking areAnyRolesAllowed which should return true if any of the given roles have the right permissions
acl.areAnyRolesAllowed( req.user._id.toString(), '/trips/56933aedc012523c352d3d85', 'put', function(err, allowed) {
console.log(err, allowed);
// allowed === true
});
This only adds more confusion as to why isAllowed always returns false
Finally I make further checks with allowedPermissions which returns all the allowable permissions a given user have to access the given resources
acl.allowedPermissions(req.user._id.toString(), req.path, function (err, permissions) {
console.log(err, permissions);
// permissions === { '/trips/56933aedc012523c352d3d85': [] }
});
From this we can assume that the user does not have any permissions on this particular resource. Why? It appears to conflict with what is returned from whatResources so I'm a little confused.
Is there a step I'm missing out where I need to add permissions?
You have to call the method in your config file:
require('rout/of/your/policy/file').invokeRolesPolicies();
If you don't do it, always returns false unexpectedly
Situation I want to achieve:
Request to /register runs AuthController.register
Request to /facebook runs AuthController.register but applies a facebook policy before.
I have created a policy in
/api/policies/facebook.js
like this
var graph = require('fbgraph');
module.exports = function(req, res, next) {
facebook_token = req.query.facebook_token;
if(!facebook_token){
res.send('401',{error:"Missing facebook token"});
}
graph.setAccessToken(facebook_token);
graph.get("me",function(err,graph_res){
if(err){
res.send('401',{error:"Facebook authentication error"});
return;
}
else{
next();
}
});
};
Set it up policies in
/config/policies.js
like this
module.exports.policies = {
'auth': {
'facebook': ['facebook']
}
}
I set up my routes like this
module.exports.routes = {
'post /register': 'AuthController.register',
'post /facebook': 'AuthController.register',
};
Now the code in facebook policy doesn't get called. How would I accomplish something like this?
I'm not sure if policies can work the way you have intended them to. In your current /config/policies.js you're telling Sails to run the facebook.js policy whenever the AuthController action facebook is called. Since you have no such action defined in the controller, the policy never gets run. To policies, it doesn't matter which way the request came from, what matters is which controller action the request is trying to access.
What you could do, however, is to run the policy on every call to AuthController.register, and add a line in the policy file to check whether the request came from /facebook or not.
/config/policies.js:
module.exports.policies = {
auth': {
'register': ['facebook']
}
}
/api/policies/facebook.js:
module.exports = function(req, res, next) {
if (req.route.path === '/facebook') {
facebook_token = req.query.facebook_token;
if(!facebook_token){
res.send('401',{error:"Missing facebook token"});
}
graph.setAccessToken(facebook_token);
graph.get("me",function(err,graph_res){
if(err){
res.send('401',{error:"Facebook authentication error"});
return;
}
else{
next();
}
});
}
else return next();
};
I am trying to write a Google Chrome extension that will replace the new tab page and can connect to a users Google Calendar to show upcoming events. I am having trouble getting the extension to properly authorize access with OAuth.
I am testing the following code to authorize the user:
func.js
// initialize google api
gapi.client.setApiKey('MY API KEY');
gapi.client.load('calendar', 'v3', function() {
console.log('calendar api loaded')
});
// OAuth2 verification
function auth() {
var config = {
'client_id': 'MY CLIENT ID',
'scope': 'https://www.googleapis.com/auth/calendar'
};
gapi.auth.authorize(config, function() {
console.log('login complete');
console.log(gapi.auth.getToken());
});
}
manifest.json
{
// ...
"oauth2": {
"client_id": "MY CLIENT_ID",
"scopes": [
"https://www.googleapis.com/auth/calendar"
]
},
// ...
}
The Google API is initialized properly and the callback function is called. Before I added the "oauth2" parameter to manifest.json, I received an error from Google, but now when auth() is called the authentication popup window appears, but it just stays blank and says 'connecting' and nothing ever shows. Am I doing OAuth verification correctly? What is causing this hang?
Turns out I needed to add 'immediate': true inside var config