I see that AWS posts a json file with all their IP ranges here (Actual JSON HERE)
I was thinking of using this json file to check against every incoming connection in my node app but firstly I was wondering if it would be far too much overhead to loop through it for every request?
Secondly, I wasn't sure exactly how to go about this, as many IP ranges are formatted differently eg.
43.250.192.0/24
46.51.128.0/18
27.0.0.0/22
I'm not too sure what them suffix's mean.
Has anyone don something similar?
Your first concern is correct - it's a lot of overhead to loop through Amazon's IPs for each request. This should be handled at the firewall.
Nevertheless, the ip_prefix field Amazon is providing can be used to ensure valid IP addresses exist within that subnet. The node-ip module can help with this. It has a cidrSubnet function that can be used to test a prefix against a user's IP. See the below coffeescript.
ip = require 'node-ip'
amazonIPs = require 'amazonIPs.json'
someUsersIP = '192.168.1.190'
for prefix in amazonIPs.prefix
if ip.cidrSubnet(prefix).contains(someUsersIP)
console.log "#{someUsersIP} is within the #{prefix} range"
Related
I'm building an application that stores files into the FIWARE Object Storage. I don't quite understand what is the correct way of storing files into the storage.
The code python code snippet below taken from the Object Storage - User and Programmers Guide shows 2 ways of doing it:
def store_text(token, auth, container_name, object_name, object_text):
headers = {"X-Auth-Token": token}
# 1. version
#body = '{"mimetype":"text/plain", "metadata":{}, "value" : "' + object_text + '"}'
# 2. version
body = object_text
url = auth + "/" + container_name + "/" + object_name
return swift_request('PUT', url, headers, body)
The 1. version confuses me, because when I first looked at the only Node.js module (repo: fiware-object-storage) that works with Object Storage, it seemed to use 1. version. As the module was making calls to the old (v.1.1) API version instead of the presumably newest (v.2.0), referencing to the python example, not sure if that is an outdated version of doing it or not.
As I played more with the module, realised it didn't work and the code for it was a total mess. So I forked the project and quickly understood that I will need rewrite it form the ground up, taking the above mention python example from the usage guide as an reference. Link to my repo.
As of writing this the only methods that aren't implement is the object storage (PUT) and object fetching (GET).
Had some addition questions about the Object Storage which I sent to fiware-lab-help#lists.fiware.org, but haven't heard anything back so asking them here.
Haven't got much experience with writing API libraries. Should I need to worry about auth token expiring? I presume it is not needed to make a new authentication, every time we interact with storage. The authentication should happen once when server is starting-up (we create a instance) and it internally keeps it. Should I implement some kind of mechanism that refreshes the token?
Does the tenant id change? From the quote below is presume that getting a tenant I just a one time deal, then later you can use it in the config to make less authentication calls.
A valid token is required to access an object store. This section
describes how to get a valid token assuming an identity management
system compatible with OpenStack Keystone is being used. If the
username, password and tenant details are known, only step 3 is
required. source
During the authentication when fetching tenants how should I select the "right" one? For now i'm just taking the first one similar as the example code does.
Is it true that a object storage container belongs to only a single region?
Use only what you call version 2. Ignore your version 1. It is commented out in the example. It should be removed from the documentation.
(1) The token will be valid for some period of time. This could be an hour or a day, depending on the setup. This period of time should be specified in the token that is returned by the authentication service. The token needs to be periodically refreshed.
(2) The tenant id does not change.
(3) Typically only one tenant id is returned. It is possible, however, that you were assigned more than one id, in which case you have to pick which one you are currently using. Containers typically belong to a single tenant and are not shared between tenants.
(4) Containers are typically limited to a single region. This may change in the future when multi-region support for a container is added to Swift.
Solved my troubles and created the NPM module that works with the FIWARE Object Storage: https://github.com/renarsvilnis/fiware-object-storage-ge
import socket
def functions():
print ("hello")
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
server_address = ('192.168.137.1', 20000)
sock.bind(server_address)
sock.listen(1)
conn, addr = sock.accept()
print ('Connected by', addr)
sock.listen(1)
conn.sendall(b"Welcome to the server")
My question is how to send a function to the client,
I know that conn.sendall(b"Welcome to the server") will data to the client.
Which can be decoded.
I would like to know how to send a function to a client like
conn.sendall(function()) - this does not work
Also I would like to know the function that would allow the client to receive the function I am sending
I have looked on the python website for a function that could do this but I have not found one.
The functionality requested by you is principally impossible unless explicitly coded on client side. If this were possible, one could write a virus which easily spreads into any remote machine. Instead, this is client right responsibility to decode incoming data in any manner.
Considering a case client really wants to receive a code to execute, the issue is that code shall be represented in a form which, at the same time,
is detached from server context and its specifics, and can be serialized and executed at any place
allows secure execution in a kind of sandbox, because a very rare client will allow arbitrary server code to do anything at the client side.
The latter is extremely complex topic; you can read any WWW browser security history - most of closed vulnerabilities are of issues in such sandboxing.
(There are environments when such execution is allowed and desired; e.g. Erlang cookie-based peering cluster. But, in such cluster, side B is also allowed to execute anything at side A.)
You should start with searching an execution environment (high-level virtual machine) which conforms to your needs in functionality and security. For Python, you'd look at multiprocessing module: its implementation of worker pools doesn't pass the code itself, but simplifies passing data for execution requests. Also, passing of arbitrary Python data without functions is covered with marshal and pickle modules.
Minimum To Achieve:- Send nearly or more than 1 mb/second to other websocket clients.
Questions:--
Is it possible video streaming with SuperWebSocket?
What options/features of SuperWebSocket can be used like Asynch
mode/JsonCommands/CustomSession/etc to achieve fastest data
transfer?
How to sequence a big data sent in chunks but if received without any order at client or server side? Is there anything built in to sequence these chunks or I have to manually send sequence nos in message itself?
What I have tried:--
Multiple secure sessions with same port and different paths in javascript code
ws = new WebSocket(wss://localhost:8089/1/1)
ws = new WebSocket(wss://localhost:8089/2/2)
ws = new WebSocket(wss://localhost:8089/3/3)
with above sessions I send large data in chunks but it's not receiving in expected order at server/client side and also after successfully sending large chunk (size=55000kb) that session closes automatically!
I am looking into sample projects of SuperWebSocket but not sure where to go! I am open to try any option inside SuperWebsocket. Thanks
1) I am not sure it does, but if it provides an API to send Byte[], it may be enough.
2) No idea about this one, the documentation may explain it.
3) What do you mean without order? WebSockets is TCP based, so data segments sent in the same connection will arrive in the same order they were sent.
4) Why would you open different connections to the same site? There is also probably limitations about the connections that you can open to the same host. One should be OK, open several is not going to increment your bandwidth, only will increment your problems.
I develop a WebSocket server component that handles messages as Stream derived objects and has an acceptable performance so far, you may like to give it a try.
i've noticed that on LoLReplays webpage you can now stream live games via their program LoLRecorder. I found this code on their page
href="lrf://spectator spectator.eu.lol.riotgames.com 2nHvYdkaSjjqC7f+mtHQeIhFcUSQLFu5 488978485 EUN1 3.01.0.1"
And i've tried a little to stream from my own (already recorded) game. But all i get is unable to find match. My question is: Does anyone here know how this works?
Thanks!
TL;DR; You can't stream anything, but you can open LoLReplay in spectator mode for a specific match.
Try reinstalling LoLReplay, seemed to fix the issues that I was having.
The title of your post is somewhat misleading as no streaming actually happens - all that the link does is open LoLReplay on your local machine and pass in the details of the match you want to spectate.
This will only work for matches that are happening now, as it connects in a similar way as the LoL client does when you spectate a match.
Calling LoLReplay from the browser
The links seem to be formatted as follows:
lrf://spectator [Observer IP Address][:Observer Port] [Observer Encryption Key] [Game Id] [Platform Id] [Client Version?]
lrf://spectator tells LoLReplay to open up in spectator mode.
Observer IP Address is required and can either be a hostname or an IP address. The hostname is usually in the format spectator.[eu/na/br/etc.].lol.riotgames.com.
Observer Port is optional, I believe it defaults to 8088 which appears to be the default spectator mode port.
Observer Encryption Key... is a required per-match encryption key.
Game Id is a required, per-match integer id.
Platform Id is a more specific version of the region, I guess relating to how Riot have grouped their servers. For example EUW1.
Client Version, the last field appears to be a version number - I can only assume this is either the version of the client that LoLReplay is using OR the version of the client the players in the match are using.
How to find IP address, encryption key etc.
Edit: you can now grab all the info you need using the official Riot API, you just need the SummonerId of the user you're querying for. See current-game API docs for usage.
What is the "official" url I should use if I want to indicate just a resource that fails as soon as possible?
I don't want to use www.example.com since its an actual site that accepts and responds requests and I don't want something that takes forever and fails from a timeout (like typing using a random, private IP address can lead to).
I thought about writing an invalid address or just some random text but I figured it wouldn't look as nice and clear as "www.example.com" is.
If you want an invalid IP, trying using 0.0.0.0.
The first octet of an IP cannot be 0, so 0.0.0.0 to 0.255.255.255 will be invalid.
For more info, see this question: what is a good invalid IP address to use for unit tests?
https://www.rfc-editor.org/rfc/rfc5735:
192.0.2.0/24 - This block is assigned as "TEST-NET-1" for use in documentation and example code. It is often used in conjunction with domain names example.com or example.net in vendor and protocol documentation. As described in [RFC5737], addresses within this block do not legitimately appear on the public Internet and can be used without any coordination with IANA or an Internet registry. See[RFC1166].
Use .invalid, as per RFC 6761:
The domain "invalid." and any names falling within ".invalid." are special [...] Users MAY assume that queries for "invalid" names will always return NXDOMAIN responses.
So a request for https://foo.invalid/bar will always fail, assuming well-behaved DNS.
Related question: What is a guaranteed-unresolvable (but valid) URL?
if it's in a browser then about: is fairly useless - but it would be better if your service returned the correct HTTP status code - e.g. 200 = good, 404 = not found, etc.
http://en.wikipedia.org/wiki/List_of_HTTP_status_codes