afrostream / afrostream-api-v1 Goto Github PK

Problématic :
currently, api-v1 calls the backend inlining the token in the post request
the backend is using passport.authenticate('bearer') for authentication
inlining the token prevent receiving content-type text/xml data, because req.body is a string.

Solution :
we should use header Authorization: Bearer instead of Authroization: Oauth ..., and avoid sending the token in the body request.

l'api a un max-age à 0
il faudrait cacher ce qui peut l'être afin de diminuer fortement la charge & améliorer la qualité de service (utiliser un maximum le cache CDN)

it's a celery account,
could you check if it exists and activated ?

some people created an account with an upper case,
now they enter with a lower case and it doesn't work,

see with @nelsounet to smooththe process to mail all in lowercaser

https://devcenter.heroku.com/articles/docker

create a dockerfile
use docker on heroku

Request Header :
POST /api/subscriptions/ HTTP/1.1
Host: afrostream-api-v1-herokuapp-com.global.ssl.fastly.net
Connection: keep-alive
Content-Length: 779
Pragma: no-cache
Cache-Control: no-cache
Origin: http://beta.afrostream.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
Content-Type: application/json
Accept: /
DNT: 1
Referer: http://beta.afrostream.tv/49/marry-us-for-christmas/a0a18b89-1da2-46c8-9129-3f376cc3d19f
Accept-Encoding: gzip, deflate
Accept-Language: fr,pt;q=0.8,en;q=0.6

Request payload :

{"plan-code":"afrostreampremium","number":"4972300207965302","month":1,"year":2017,"cvv":"999","first_name":"NELSON","last_name":"COELHO","email":"[email protected]","coupon_code":"","unit-amount-in-cents":"9999","country":"FR","starts_at":"2015-09-01T00:00:00:00Z","is_gift":"0","gift_first_name":"","gift_last_name":"","gift_email":"","version":"3.1.1","key":"sjc-WOBbERhzqRX5AJ6hVGOPzv","recurly-token":"GME_AltirZU6Dw8N3FjJGA","afro_token":"5a87dbefd1592ee8f6b9de4ecdce386aef141b5d","access_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL2Fmcm9zdHJlYW0uZXUuYXV0aDAuY29tLyIsInN1YiI6ImF1dGgwfDI0NjciLCJhdWQiOiJCdFNkSXFLcWZJc2UwSDFkcWxwSEZKZ0tJa1VHME5wRSIsImV4cCI6MTQ0MTEzNDQ0OCwiaWF0IjoxNDQxMTI5NDQ4fQ.b1ypbQPKj2bXs-mpMr7ncnT0MEqB1jChRZXZbJJkbCQ"}

Response Header :

HTTP/1.1 500 Internal Server Error
Server: Cowboy
X-Powered-By: Express
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,PUT,POST,DELETE
Access-Control-Allow-Headers: Content-Type, Accept
Content-Type: application/json
Set-Cookie: connect.sid=s%3A1WHivOouTza8eiVbTSHYBuAFfmwiyFqg.0gukefIK9e7A4dhV%2BOVpGgotZfjwep0Gp3FC5EooEtI; Path=/; HttpOnly
Via: 1.1 vegur
Content-Length: 179
Accept-Ranges: bytes
Date: Tue, 01 Sep 2015 17:45:08 GMT
Via: 1.1 varnish
Connection: keep-alive
X-Served-By: cache-fra1241-FRA
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1441129505.782694,VS0,VE2391
Vary: Accept-Encoding

Response :

{"name":"RecurlyError","errors":[{"#":"Your transaction was declined. Please use a different card or contact your bank.","field":"subscription.account.base","symbol":"declined"}]}

We never could activate this account, i was forced to reimburse her,

could you take a look why ?

add node categories if present,
add categories in the order we defined them

backend errors http status code will be proxied to the client

check

• the session storage across cluster workers
• resave & saveUninitialized must be defined

[App:afrostream-api-v1][Err] Mon, 12 Oct 2015 12:45:41 GMT express-session deprecated undefined resave option; provide resave option at server/config/express.js:37:11
[App:afrostream-api-v1][Err] Mon, 12 Oct 2015 12:45:41 GMT express-session deprecated undefined saveUninitialized option; provide saveUninitialized option at server/config/express.js:37:11

Header Afr

add a specific header afr

Afr: dfjqsdjfiuqhfuhzlfihlaizuhflaiuhlazfhlaniuzfh

the content of this header is a secured json : (payload + hash).toString('hex')

Payload

{
  conf : {
    "afr-api-v1-staging" : {
        backend: {
           authority: "afr-back-end-staging-pr-4242.herokuapp.com"
        }
     },
   features: {
      "key": "variant",
      "cdnSelector": "disabled",

   }
}

payload.conf.* should be used to overwrite config "on the fly".

In the previous example, this payload should overwrite api-v1 staging config "on the fly" , to route the trafic to a specific backend PR.

payload.features.* should be used to activate/desactivate/addParams to features switchs.

use the help of nelson to be sure the payment process is smooth.we have some cases of failure

repéré par benjamin sur keymetrics
@see https://app.keymetrics.io/#/bucket/55e5866172fb5acb6a48efec/exceptions?server_name=heroku&app_name=afrostream-api-v1

TypeError: Cannot assign to read only property 'expires_at' of <!DOCTYPE html>
    <html>
    <head>
      <meta name="viewport" content="width=device-width, initial-scale=1">
      <style type="text/css">
        html, body, iframe { margin: 0; padding: 0; height: 100%; }
        iframe { display: block; width: 100%; border: none; }
      </style>
    <title>Application Error</title>
    </head>
    <body>
      <iframe src="//s3.amazonaws.com/heroku_pages/error.html">
        <p>Application Error</p>
      </iframe>
    </body>
    </html>
    at Afrostream.setTokenData (/app/server/components/purest/provider/afrostream.js:53:25)
    at /app/server/components/purest/provider/afrostream.js:29:14
    at Request._callback (/app/node_modules/purest/lib/utils.js:51:14)
    at Request.self.callback (/app/node_modules/purest/node_modules/request/request.js:198:22)
    at Request.emit (events.js:110:17)
    at Request.<anonymous> (/app/node_modules/purest/node_modules/request/request.js:1057:14)
    at Request.emit (events.js:129:20)
    at IncomingMessage.<anonymous> (/app/node_modules/purest/node_modules/request/request.js:1003:12)
    at IncomingMessage.emit (events.js:129:20)
    at _stream_readable.js:908:16
``

to stop using auth0, we need to open these routes :

/auth/signup

workflow: the user enter email + password in the new login box

POST https://afrostream-api-v1-herokuapp-com.global.ssl.fastly.net/auth/signup
{"email":"...","password":"..."}

result

{
  access_token: '1a17c416593efca902a06d871b549eff29274e25',
}

/auth/signin

workflow: the user enter email + password in the new login box

POST https://afrostream-api-v1-herokuapp-com.global.ssl.fastly.net/auth/signin
{"email":"...","password":"..."}

result

{
  access_token: '1a17c416593efca902a06d871b549eff29274e25',
}

/auth/facebook

workflow: the user click on 'facebook oauth button'

POST https://afrostream-api-v1-herokuapp-com.global.ssl.fastly.net/auth/facebook

result

{
  access_token: '1a17c416593efca902a06d871b549eff29274e25',
}

/auth/reset

workflow: the user click on 'email forgotten', the user enter : email + new password twice

POST https://afrostream-api-v1-herokuapp-com.global.ssl.fastly.net/auth/reset
{"email":"...","password":"..."}

result 200ok empty body or 500 with the error

an email is send to the user with a link https://afrostream.tv/reset?k=664355fcaab7df73065cdf43ba335e169e1dda268843d7f92416211de9ebb963ff4ce28125932878

project front-end can call

POST https://afrostream-api-v1-herokuapp-com.global.ssl.fastly.net/auth/reset
{"k":"..."}

result 200ok empty body or 500 with the error

http://afrostream-api-v1.herokuapp.com/api/categorys/5

[email protected],
could you look at it ?

userIp should be:

• x-forwarded-for => remove rfc 1918 address => read leftmost ip
• if (empty string) => req.ip

POST /api/search

linked to Afrostream/afrostream-back-end#186

should fwd backend cookies until we refactor the auth.