Looking at the server logs when a new user signs up via an SDK, one can see the following:
verbose: POST /parse/users { 'user-agent': 'node-XMLHttpRequest, Parse/js1.8.5 (NodeJS 6.9.1)',
accept: '*/*',
'content-type': 'text/plain',
host: 'localhost:8888',
'content-length': '298',
connection: 'close' } {
"email": "joe#schmo.com",
"username": "joe#schmo.com",
"password": "********"
}
In the above, the password has been removed and replaced with *, which is helpful in the case that verbose logging is accidentally turned on in the production environment.
However, if one calls a user defined Cloud Code function or uses the REST API, that same information is not hidden.
verbose: POST /parse/functions/signUpUser { host: 'localhost:8888',
'x-parse-client-version': 'i1.13.0',
accept: '*/*',
'x-parse-application-id': 'app-id',
'x-parse-client-key': 'client-key',
'x-parse-installation-id': 'install-id',
'accept-language': 'en-us',
'x-parse-os-version': '10.2 (16D32)',
'accept-encoding': 'gzip, deflate',
'content-type': 'application/json; charset=utf-8',
'content-length': '76',
'user-agent': 'App/19 CFNetwork/808.2.16 Darwin/16.4.0',
connection: 'keep-alive',
'x-parse-app-build-version': '19',
'x-parse-app-display-version': '0.9905' } {
"username": "joe#schmo.com",
"password": "password1"
}
Is there a way in the headers or similar to indicate that a particular field is sensitive and should not be written to the logs?
Related
I am trying to Build a form submission handler for JS-free form submission.
But the api is not receiving the data sent by the html form.
I am following this documentation.
The signin.json.js file contains an export async function called post that takes in a request parameter and logs it to the console. It then returns a new Response object with the request parameter stringified as JSON and a status of 200.
The index.astro file contains an HTML form with an action of /api/signin.json and a method of post. It has two input fields, one of type text with the name text and a value of test, and the other of type submit.
Upon form submission, the output in the terminal shows the request object that was logged to the console. However, the output in the browser shows a JSON object with several properties, but none of them contain the data that was submitted in the form. It is unclear why the data from the form is not being received by the API. It could be a problem with the form itself, the way the data is being processed by the post function, or something else.
In the Astro JS directory my files are at
/pages/signin.json.js
/pages/index.astro
Code
// signin.json.js
export async function post({request}) {
console.log(request)
return new Response(JSON.stringify(request), {
status: 200,
});
}
// index.astro
---
---
<form action="/api/signin.json" method="post" >
<input type='text' name='text' value='test' />
<input type="submit" />
</form>
Output after submit
Terminal
Request {
size: 0,
follow: 20,
compress: true,
counter: 0,
agent: undefined,
highWaterMark: 16384,
insecureHTTPParser: false,
[Symbol(Body internals)]: {
body: <Buffer 74 65 78 74 3d 61 73 61>,
stream: Readable {
_readableState: [ReadableState],
_read: [Function: read],
_events: [Object: null prototype] {},
_eventsCount: 0,
_maxListeners: undefined,
[Symbol(kCapture)]: false
},
boundary: null,
disturbed: false,
error: null
},
[Symbol(Request internals)]: {
method: 'POST',
redirect: 'follow',
headers: {
accept: 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8',
'accept-encoding': 'gzip, deflate, br',
'accept-language': 'en-US,en',
'cache-control': 'max-age=0',
connection: 'keep-alive',
'content-length': '8',
'content-type': 'application/x-www-form-urlencoded',
cookie: 'io=NH8tzNimTmy0AtvFAAAA; asasa=asaa',
host: 'localhost:3000',
origin: 'http://localhost:3000',
referer: 'http://localhost:3000/login',
'sec-fetch-dest': 'document',
'sec-fetch-mode': 'navigate',
'sec-fetch-site': 'same-origin',
'sec-fetch-user': '?1',
'sec-gpc': '1',
'upgrade-insecure-requests': '1',
'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36'
},
parsedURL: URL {
href: 'http://localhost:3000/api/signin.json',
origin: 'http://localhost:3000',
protocol: 'http:',
username: '',
password: '',
host: 'localhost:3000',
hostname: 'localhost',
port: '3000',
pathname: '/api/signin.json',
search: '',
searchParams: URLSearchParams {},
hash: ''
},
signal: null,
referrer: undefined,
referrerPolicy: ''
},
[Symbol(astro.clientAddress)]: '::1'
}
Browser
{
"size": 0,
"follow": 20,
"compress": true,
"counter": 0,
"highWaterMark": 16384,
"insecureHTTPParser": false
}
I verified that the form action and method are correct and match the expected endpoint and HTTP verb. In this case, the form action is /api/signin.json and the method is post, which seem to be correct based on the code provided.
that's my config file
// astro.config.mjs
import { defineConfig } from 'astro/config';
import netlify from "#astrojs/netlify/functions";
import svelte from "#astrojs/svelte";
// https://astro.build/config
export default defineConfig({
output: "server",
adapter: netlify(),
integrations: [svelte()]
});
Here's a way to handle forms:
// pages/index.astro
<form action="/api/signin" method="post" >
<input type='text' name='text' value='asa' />
<input type="submit" />
</form>
Now the endpoint
// pages/api/signin.js
export async function post({request}) {
const data = await request.formData(); // Here's the data sent by the form
const text = data.get('text'); // Here's how you get the value of a field
console.log(text);
return new Response(JSON.stringify(request), {
status: 200,
});
}
I'm trying to parse so I can check if the username is valid or not. Though I have little to no experience working with JSON parasing in NodeJS. I'd appreciate some help on this issue. This has been a struggle moving over to NodeJS and trying to work with APIs and parasing them.
Here's the code and here is the error
userid = body[0]['data']['user']['id'];
^
TypeError: Cannot read properties of undefined (reading 'data')
at Request._callback (C:\Users\Tommy\Desktop\Misc\Node Projects\Discord Twitch Username Check\index.js:141:25)
at Request.self.callback (C:\Users\Tommy\Desktop\Misc\Node Projects\Discord Twitch Username Check\node_modules\request\request.js:185:22)
at Request.emit (node:events:390:28)
at Request.<anonymous> (C:\Users\Tommy\Desktop\Misc\Node Projects\Discord Twitch Username Check\node_modules\request\request.js:1154:10)
at Request.emit (node:events:390:28)
at IncomingMessage.<anonymous> (C:\Users\Tommy\Desktop\Misc\Node Projects\Discord Twitch Username Check\node_modules\request\request.js:1076:12)
at Object.onceWrapper (node:events:509:28)
at IncomingMessage.emit (node:events:402:35)
at endReadableNT (node:internal/streams/readable:1343:12)
at processTicksAndRejections (node:internal/process/task_queues:83:21)
function getUser(username) {
const opts = {
"url": `https://gql.twitch.tv/gql`,
headers: {
'Connection': 'keep-alive',
'Pragma': 'no-cache',
'Cache-Control': 'no-cache',
'sec-ch-ua': '" Not A;Brand";v="99", "Chromium";v="98", "Google Chrome";v="98"',
'Accept-Language': 'en-US',
'sec-ch-ua-mobile': '?0',
'Client-Version': '7b9843d8-1916-4c86-aeb3-7850e2896464',
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.102 Safari/537.36',
'Content-Type': 'text/plain;charset=UTF-8',
'Client-Session-Id': '51789c1a5bf92c65',
'Client-Id': 'kimne78kx3ncx6brgo4mv6wki5h1ko',
'X-Device-Id': 'xH9DusxeZ5JEV7wvmL8ODHLkDcg08Hgr',
'sec-ch-ua-platform': '"Windows"',
'Accept': '*/*',
'Origin': 'https://www.twitch.tv',
'Sec-Fetch-Site': 'same-site',
'Sec-Fetch-Mode': 'cors',
'Sec-Fetch-Dest': 'empty',
'Referer': 'https://www.twitch.tv/',
},
body: '[{"operationName": "WatchTrackQuery","variables": {"channelLogin": "'+username+'","videoID": null,"hasVideoID": false},"extensions": {"persistedQuery": {"version": 1,"sha256Hash": "38bbbbd9ae2e0150f335e208b05cf09978e542b464a78c2d4952673cd02ea42b"}}}]'
}
request(opts, (err, res, body) => {
body = JSON.parse(body);
userid = body[0]['data']['user']['id'];
if(userid === 0){
return "Invalid Username"
}else{
return userid;
}
});
};
I want to read data from a googleapis call. I am using async-await. But I am not sure how to read the data that I am getting back.
async function makeCall(params:String){
const apiResponse = await goopleapi.particular.get(params);
console.log(`not really sure how to read -- ${apiResponse}`;
// problem is the log prints [object Object].
}
How do I get the log from printing [object Object] to the actual content of the response? Ultimately I want to read the json that comes back -- how do I do that? Thanks.
In case it's important. I am using Firebase as a back-end with Typescript
udpate 1
The api in question is for billing. As in https://www.googleapis.com/auth/androidpublisher. I am calling .purchases.products.get. And when I try to parse the response with JSON.parse(apiResponse), I get the error:
SyntaxError: Unexpected token o in JSON at position 1
at JSON.parse (<anonymous>)
at getItem (/srv/lib/index.js:31:69)
at <anonymous>
at process._tickDomainCallback (internal/process/next_tick.js:145:8)
documentation: https://developers.google.com/android-publisher/api-ref/purchases/products/get
update 2
Here is the apiResponse that I need to parse into json. I tried using JSON.parse(apiResponse) but got an error:
{ config:
{ url: 'https://www.googleapis.com/androidpublisher/v2/applications/mypath',
method: 'GET',
paramsSerializer: [Function],
headers:
{ 'Accept-Encoding': 'gzip',
'User-Agent': 'google-api-nodejs-client/2.0.0 (gzip)',
Authorization: 'Bearer somecode',
Accept: 'application/json' },
params: {},
validateStatus: [Function],
retry: true,
responseType: 'json' },
data:
{ kind: 'androidpublisher#productPurchase',
purchaseTimeMillis: '111222333',
purchaseState: 0,
consumptionState: 1,
developerPayload: '',
orderId: 'some string',
purchaseType: 0 },
headers:
{ 'alt-svc': 'quic=":111"; ma=33445566; v="a string"',
'cache-control': 'private, max-age=0, must-revalidate, no-transform',
connection: 'close',
'content-encoding': 'gzip',
'content-type': 'application/json; charset=UTF-8',
date: 'Fri, 14 Jun 2019 12:40:12 GMT',
etag: '"some string"',
expires: 'Fri, 14 Jun 2019 12:40:12 GMT',
server: 'GSE',
'transfer-encoding': 'chunked',
vary: 'Origin, X-Origin',
'x-content-type-options': 'nosniff',
'x-frame-options': 'SAMEORIGIN',
'x-xss-protection': '1; mode=block' },
status: 200,
statusText: 'OK' }
The error is still the same as in "update 1"
Template strings will call toString on the parts. You need to do
console.log('You need to pass it as a parameter', apiResponse)
If you want to print the actual object to the console.
The object has already been parsed. The error is from passing json to JSON.parse() which expects a string.
[object Object] is returned from the objects toString() method in a template literal, to avoid this:
console.log('Some string',apiResponse);
if theres still a problem try console.log(JSON.stringify(apiResponse))
I'm trying to access my assistant but I'm getting a 404 Not Found error when inserting the iam_api_key and the url provided in the dahsboard.
And I can't find the password in the dahsboard.
I'm working with Node.js. I've tried to create other service credentials but nothing worked
{
username: '{api-key}',
password: '{password}', // I can't find this
// OR even
iam_apikey: '{api-key}'
url: '{url}',
version: '{version}',
disable_ssl_verification: true,
}
{ Not Found: Resource not found
{ ... }
at
at process._tickCallback (internal/process/next_tick.js:188:7) name: 'Not Found', code: 404, message: 'Resource not found',
body: '{"error":"Resource not found","code":404}', headers: {
'x-backside-transport': 'FAIL FAIL',
'content-type': 'application/json; charset=utf-8',
'access-control-allow-origin': '*',
'access-control-allow-methods': 'GET, POST, PUT, DELETE, PATCH, HEAD, OPTIONS',
'access-control-allow-headers': 'Content-Type, Content-Length, Authorization, X-Watson-Authorization-Token, X-WDC-PL-OPT-OUT,
X-Watson-UserInfo, X-Watson-Learning-Opt-Out, X-Watson-Metadata',
'access-control-max-age': '3600',
'content-security-policy': 'default-src \'none\'',
'x-dns-prefetch-control': 'off',
'x-frame-options': 'SAMEORIGIN',
'strict-transport-security': 'max-age=31536000;',
'x-download-options': 'noopen',
'x-content-type-options': 'nosniff',
'x-xss-protection': '1; mode=block',
'x-global-transaction-id': '{x-global-transaction-id}',
'x-dp-watson-tran-id': '{x-dp-watson-tran-id}',
'x-dp-transit-id': '{x-dp-transit-id}',
'content-length': '41',
'x-edgeconnect-midmile-rtt': '124',
'x-edgeconnect-origin-mex-latency': '142',
date: 'Wed, 19 Jun 2019 20:38:08 GMT',
connection: 'close' } }
You have to use either the api key OR the username / password combination. The API docs for IBM Watson Assistant have code samples for Node.js:
const AssistantV2 = require('ibm-watson/assistant/v2');
const assistant = new AssistantV2({
version: '{version}',
iam_apikey: '{apikey}',
url: '{url}'
});
Use this code as well. It's working on me. I added serviceUrl and headers. Make sure to add the correct service URL according to the assistant URL.
const assistant = new AssistantV2({
version: "2019-02-28",
authenticator: authenticator,
url: process.env.WATSON_ASSISTANT_URL,
serviceUrl: "https://api.us-south.assistant.watson.cloud.ibm.com",
headers: {
"X-Watson-Learning-Opt-Out": "true",
},
});
Refer more - https://cloud.ibm.com/apidocs/assistant-v2?code=node#endpoint-cloud
This is peculiar. Socket.io version ~1.3
io.sockets.on('connection', function (socket) {
console.log('Client connected from: ' + socket.handshake.address);
}
Returns
Client connected from: ::1
However
io.sockets.on('connection', function (socket) {
console.log(socket.handshake);
console.log('Client connected from: ' + socket.handshake.address);
}
Returns
{ headers:
{ host: 'localhost:8000',
connection: 'keep-alive',
origin: 'http://localhost:3000',
'user-agent': 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTM
L, like Gecko) Chrome/43.0.2357.130 Safari/537.36',
accept: '*/*',
dnt: '1',
referer: 'http://localhost:3000/dev.html',
'accept-encoding': 'gzip, deflate, sdch',
'accept-language': 'en-US;q=0.8,en;q=0.6,ko;q=0.4,de;q=0.2,ru;q=0.2,fr;q=0.2,ja;q=0.2,it;q=0.2',
cookie: 'io=yhyuAabou3GufhzNAAAA' },
time: 'Wed Jun 24 2015 22:50:19 GMT+0200 (Central European Daylight Time)',
address: '::ffff:127.0.0.1',
xdomain: true,
secure: false,
issued: 1435179019584,
url: '/socket.io/?EIO=3&transport=polling&t=1435179017804-3',
query: { EIO: '3', transport: 'polling', t: '1435179017804-3' } }
Client connected from: ::ffff:127.0.0.1
Why? Is there some ES6 proxy in the way? I thought maybe some weird JS conversion magic was in place, but it doesn't seem like it.
::ffff:127.0.0.1 is an IPv6 version of 127.0.0.1 and ::1 is an IPv6 shortcut for both.
See Express.js req.ip is returning ::ffff:127.0.0.1 for a similar question.