So I want to use a flash drive as an option for 2FA on my website(using the devices serial umber). I am using WebUSB, but the flash drive won't show up in the device selection window. I have seen that web USB can't read/write files, so
can it even see flash drives?
Here's my code if it helps:
console.log("test");
usbLookup.addEventListener('click', function() {
navigator.usb.requestDevice({ filters: [{ }] })
.then(device => {
console.log(device.serialNumber);
})
.catch(error => { console.log(error); });
});
<iframe allowpaymentrequest allow='usb'></iframe>
<a id="usbLookup">Get Serial</a>
On some platforms WebUSB can't see flash drives due to particulars in how it is implemented.
In general this is a poor second factor because a serial number is easy to guess and fake. I recommend using the WebAuthn API instead which provides support for truely secure tokens available from multiple vendors.
Related
So I made a react native app with nodeJS and in order to connect nodejs backend to react native frontend I had to create an endpoint like such:
app.post("/send_mail", cors(), async (req, res) => {
let {text} = req.body
var transport = nodemailer.createTransport({
host: "smtp.mailtrap.io",
port: 2525,
auth: {
user: "usertoken",
pass: "password"
}
})
await transport.sendMail({
from: "email#email.com",
to: "email2#email.com",
subject: "message",
html: `<p>${text}</p>`
})
})
and in react native frontend call function like that :
const handleSend = async() => {
try {
await axios.post("http://192.168.0.104:3333/send_mail", { //localhost
text: placeHolderLocationLatLon
})
} catch (error) {
setHandleSetError(error)
}}
and it works fine in the local environment. But in the google play store, this IP address doesn't work because it's my localhost ipv4. I tried to use localhost:3333, but that doesn't work too. I can't find anywhere described anything about what IP has to be used in the google play store. Does anyone know how I should make this endpoint? Thank you
You can't just host a service by yourself like that (typically your back-end). Well, you can but not with your knowledge level. It would be inefficient (as in you'd have to keep your computer up 24/7) and present security issues.
Does anyone know how I should make this endpoint?
Don't get me wrong, your endpoint is fine in itself. You're just lacking the networking part.
1) For testing purposes ONLY!
If this app is only for testing purposes on your end, and won't be part of a final product that'll be present on the Google Store, there's a way you can achieve this, called ngrok.
It takes your locally-running project and provides it a https URL anyone can use to access it. I'll let you read the docs to find out how it works.
2) A somewhat viable solution (be extremely careful)
Since ngrok will provide a new URL everytime you run it with your local project, it's not very reliable in the long term.
What you could do, if you have a static IP address, is registering a domain name and link it to your IP address, and do all the shenanigans behind it (figuring out how to proxy incoming traffic to your machine and project, and so on). But honestly, it's way too cumbersome and it implies that you have valuable knowledge when it comes to securing your own private network, which I doubt.
3) A long-lasting, viable solution
You could loan a preemptive machine on GCP and run your back-end service on it. Of course, you would still have to figure out some networking things and configs, but it's way more reliable than solution 2 and 1 if your whole app aims to be public.
Google gives you free credit (I think it's like 200 or 250€, can't recall exactly) to begin with their stuff, and running a preemptive machine is really cheap.
I am developing multiparty conferencing in nodejs using kurento (kurento-utils-js on client side and kurento-client package on server side)
When someone speaks (either local or on remote stream), I want to show the audio level on user interface (UI) to just show that he/she is speaking.
You can use hark API provided by kurentoUtils. Tweak the threshold between [-100, 0] to see which values works best for you. -50 works for me.
const speechEvent =kurentoUtils.WebRtcPeer.hark(stream, { threshold: -50 });
speechEvent.on('speaking', () => {
/* do something on the UI */
});
speechEvent.on('stopped_speaking', () => {
/* do something on the UI */
});
If you needed to do some kind of an authorization mechanism to an Electron application, what libraries/frameworks would you use for it?
Basic requirements would be that the user enters either a key or some identification information about himself and their right to use the application can be remotely allowed/blocked as necessary.
Kind of like a license key, but a bit more flexible in terms of defining when their right of use ends.
Your question is a little vague (and not really a programming question).
Are you talking about software licensing? I've researched this quite a bit and, while there are a bunch of turnkey solutions, they tend to be relatively expense (monthly subscription fees, etc).
I ended up settling on Easy Digital Downloads and their Software Licensing plugin. The latter enables setting a license expiration date if desired, update alerts and a bunch of other stuff. The tech support is also responsive. It is a WordPress system though – so you would need to set up a 'store' using WordPress.
The API is trivial to interface with through Javascript – to active a license, check license validity, and check for updates.
An open source project I found was Simple Licensing. That is free but is less well documented and there isn't any support.
It depends. I've detailed in this answer how to generate and verify cryptographically signed license keys without a license server. But cryptographic license keys like that are usually perpetual (though can have a fixed expiration inside of the key), and it sounds like you want something a bit more dynamic when it comes to a license's validity, since you mentioned that you want to be able to remotely block a license.
That's where a license server would come in.
At its core, most licensing servers are CRUD apps, meaning they're the typical server allowing you to create, read, update, and delete resources. In this case, that resource would be a license. You would want to create a server endpoint that takes a license key parameter, performs a database lookup for the key, and if the key exists check if the key is expired among other requirements such as its blocked column.
Here's a basic Express app that does that, minus the pg database bits:
const express = require('express')
const app = express()
const { Client } = require('pg')
const db = new Client()
const {
PORT = 8080
} = process
app.get('/validate/:licenseKey', async (req, res) => {
const { licenseKey } = req.params
const { rows } = await db.query('select * from licenses where key = $1::text limit 1', [licenseKey])
const [license] = rows
if (license == null) {
return res.send({ valid: false, code: 'NOT_FOUND' })
}
if (license.blocked) {
return res.send({ valid: false, code: 'BLOCKED' })
}
if (license.expiry < Date.now()) {
return res.send({ valid: false, code: 'EXPIRED' })
}
return res.send({ valid: true, code: 'VALID' })
});
app.listen(PORT, async () => {
await db.connect()
console.log(`Server is running on port ${PORT}`)
})
But in case you aren't particularly keen on writing and maintaining your own in-house licensing system, I’m the founder of a software licensing API called Keygen which can help you get up and running quickly without having to write and host your own license server.
Keygen is a typical HTTP JSON API service (i.e. there’s no software that you need to package with your app). It can be used in any programming language and with frameworks like Electron. As per your main requirement here, it supports remotely suspending (blocking) licenses.
In its simplest form, validating a license key with Keygen is as easy as hitting a single JSON API endpoint (feel free to run this in a terminal):
curl -X POST https://api.keygen.sh/v1/accounts/demo/licenses/actions/validate-key \
-d '{
"meta": {
"key": "C1B6DE-39A6E3-DE1529-8559A0-4AF593-V3"
}
}'
I recently put together an example of adding license key validation, as well as device activation and management, to an Electron app. You can check out that repo on GitHub: https://github.com/keygen-sh/example-electron-license-activation.
I've been following the https://github.com/TwilioDevEd/browser-calls-node project code, and I have it successfully making calls from a browser to a cellular phone, but I can't for the life of me figure out if Twilio's supports DTMF inside that call from the Cell phone.
Calling their sales department just had them create a support ticket and I haven't gotten a response.
Has anyone successfully done this? And if so, how?
This is the code I've added is to call.js, in the /connect endpoint I added:
const gather = twiml.gather({
input: 'dtmf',
finishOnKey: 9,
timeout: 1,
action: '/call/completed'
});
gather.say('Welcome to Twilio, please tell us why you\'re calling');
console.log(twiml.toString())
As well as added the route:
router.post('/completed', twilio.webhook({ validate: false }), function (req, res, next) {
console.log(req.toString());
});
Their support team replied saying (tl;dr) they only support sendDigits(digits) in the SDK, and do not support recognizing DTMF in incoming audio stream.
Their response:
The Twilio Client SDK's sendDigits(digits) parameter can used to pass dtmf tones.
The SDK only supports sending DTMF digits. It does not raise events if DTMF digits are present in the incoming audio stream.
Ref:https://www.twilio.com/docs/voice/client/javascript/connection#sendDigits```
I am developing a chrome extension to record desktop and upload the recorded media to a server. The extension can start/stop/pause recording by hot keys. All functions are in the extension. So far, I have two problems to overcome.
1. I can not get microphone access by getusermedia from the extension.
2. The recorded media is not time searchable on any player.
I appreciate any comment in advance.
To use the webcam or microphone, you need to request permission. The first parameter to getUserMedia() is an object specifying the details and requirements for each type of media you want to access. For example, if you want to access the webcam, the first parameter should be {video: true}. To use both the microphone and camera, pass {video: true, audio: true}:
Here is some example script.
<video autoplay></video>
<script>
var errorCallback = function(e) {
console.log('Reeeejected!', e);
};
// Not showing vendor prefixes.
navigator.getUserMedia({video: true, audio: true}, function(localMediaStream) {
var video = document.querySelector('video');
video.src = window.URL.createObjectURL(localMediaStream);
// Note: onloadedmetadata doesn't fire in Chrome when using it with getUserMedia.
// See crbug.com/110938.
video.onloadedmetadata = function(e) {
// Ready to go. Do some stuff.
};
}, errorCallback);
</script>
If you have more question about getUserMedia(), you can check this tutorial.