Closed corentingiraud closed 4 years ago
We schouldn't use facebook API page in the client side.
We schould use this module in back. As a result, we fetch the event every X minutes. https://github.com/kwhitley/apicache
Also, this package could be very usefull if we want to simplify calls to the facebook API graph page. https://www.npmjs.com/package/fb
Ok, nice job !
I don't have much to say.
For caching:
For post content:
Also, does we also post the post made through the K-App in Facebook ?
Anyway we will use webhooks to detect new post on the FB page: https://developers.facebook.com/docs/graph-api/webhooks/
We will add a new middleware https://github.com/alexcurtis/express-x-hub
I didn't have time to search for how subscription works, I will do it later
@Embraser01
Why using redis ?
Use redis could save server RAM: check ApiCache wiki
If we want to save post made by a barman, we will need a database, so why not save facebook post ?
Because we have update our database if a Facebook post, link ... is updated or removed. It will be very difficult to maintain. What do you think ?
we just need to set FB to sent us a notification when a new post is made
How ? Oh ok you answer that !
Also, does we also post the post made through the K-App in Facebook ?
No, I don't want to implement it. Maybe someone, one day, will !
Use markdown instead of HTML
Ok ! Great idea. Is that for security reasons ?
Ok ! Great idea. Is that for security reasons ?
Yes, exactly :wink:
It will be very difficult to maintain. What do you think ?
Actually, with the webhooks system, it will be easy, as it will be quite the same as updating a post from the website. As I understand:
Our new Privacy Policy
https://medium.com/@Jenananthan/how-to-create-non-expiry-facebook-page-token-6505c642d0b1
Pour tester la validiter d'un token et obtenir des informations
https://developers.facebook.com/tools/debug/accesstoken/
J'ai donc pu créer un token illimité mais ne peut pas l'utiliser (cf mon post slack):
REPORT
- C'est un coup dur pour l'application K-App & l'intégration des posts facebook !* Pour faire simple, Facebook vient tout juste (il y a 2 jours) de restreindre l'accès à son API à cause des attaques de Cambridge Analytica (la société au coeur du scandale). Renseignez vous sur le web ! L'article officiel sur le blog de facebook (posté le 21 mars). https://newsroom.fb.com/news/2018/03/cracking-down-on-platform-abuse/ Sinon, voici la capture d'ecran qui illustre la restriction (le token d'accès est valide et la requête est censée renvoyer la totalité des posts facebook de la page de la K-Fêt). Bonne nuit Another cool article: https://www.theguardian.com/technology/2018/mar/21/mark-zuckerberg-response-facebook-cambridge-analytica
Not possible due to same reason i suppose.
https://developers.facebook.com/docs/pages/realtime?locale=en_US
In our webhook product configuration (facebook application settings & configuration)
It's good now, I will start developping it soon (the back part)
So... To resume the path to get webhooks notifications from FB:
GET /feed/webhooks
)POST /feed/webhooks
)To subscribe for these updates, we have two options:
The first is to directly configure the app through the FB UI, but I don't think it's the best way.
The second way is through the subscriptions edge of FB:
A simple request to POST /v2.12/{app-id}/subscriptions
with:
app_id
which will be pass by the environnement variable FB_APP_ID
object
the type of object we want (here page
)callback_url
is WEB_CONFIG.publicUrl + '/api/feed/webhooks'
fields
a string listing all the fields wanted (separated by ,
)include_values
to true
verify_token
will be an environnement variable generated at setupaccess_token
which will be pass by the environnement variable FB_ACCESS_TOKEN
To be allowed to do that, the app must have access to the page:
See the official explanation to do it directly from the Graph Explorer here.
Or follow these instructions (approximatly the same): (incoming soon..)
Do we need FACEBOOK_APP_ID ENV VAR or a hard coded VAR for dev and prod is enough ?
Do we want that user can update PAGE ID ?
FACEBOOK_APP_SECRET
FACEBOOK_APP_ID
FACEBOOK_PAGE_ID
(in database for client update only in prod ? Security ?)FACEBOOK_PAGE_ACCESS_TOKEN
(in database for client update only in prod ? Security ?)FACEBOOK_APP_SECRET
(depend on FACEBOOK_APP_SECRET on prod & hard coded facebook test app secret on dev)FACEBOOK_APP_ID
(depend on FACEBOOK_APP_ID on prod & hard coded facebook test app id on dev)FACEBOOK_PAGE_ID
(depend on FACEBOOK_PAGE_ID on prod & hard coded facebook test page id on dev)FACEBOOK_WEBHOOK_URL
(depend on PUBLIC_URL on prod & ngrok on dev)FACEBOOK_PAGE_ACCESS_TOKEN
(depend on FACEBOOK_PAGE_ACCESS_TOKEN)Must read: Facebook documentation
GET /oauth/access_token
with these params:
client_id = FACEBOOK_APP_ID
client_secret = FACEBOOK_APP_SECRET
grant_type = 'manage_pages+publish_pages'
We have to get two page access token token (one for dev fake facebook page, one for prod real facebook page). These tow tokens have to never expire.
Follow these medium post with a facebook account which is a administrator of the page.
These tokens will never expire until user change the password / user revoke the app.
We have to think of a way to store / modify these tokens
/v3.0/{app-id}/subscriptions
(with an app access token)
object === 'page'
callback_url === ${WEBHOOK_URL}
fields include feed
active === true
If check succeed, Stop process. If check failed:
DELETE /v3.0/{app-id}/subscriptions
(with an app access token)GET /v3.0/{page-id}/subscribed_apps
(with an page access token)
POST /{page_id}/subscribed_apps
(with a page access token)POST /v3.0/{app-id}/subscriptions
(with an app access token)
object = 'page'
callback_url = ${WEBHOOK_URL}
fields = [feed]
active = true
GET api/feed/webhook
: Verification Request: Verify token + respond with challenge field (to which URL?)POST api/feed/webhook
: Event NotificationWhat do you think about his ?
Do we need FACEBOOK_APP_ID ENV VAR or a hard coded VAR for dev and prod is enough ?
An env variable is better (no need to edit code in case the app change).
Do we want that user can update PAGE ID ?
Page Id is not necessary, the application can receive update from every pages that allowed the app.
? FACEBOOK_PAGE_ID (in database for client update only in prod ? Security ?) ? FACEBOOK_PAGE_ACCESS_TOKEN (in database for client update only in prod ? Security ?)
There is no need for page id informations as the server will handle every post sent through the endpoint (we will consider it as coming from the K-Fêt page).
New config var: ...
I think we will rely only on ENV variables for dev config because every token is sensible informations and should not be commit. And we will add a failsafe if there is no TOKEN (no facebook feed in this case). And still no page IDs :smiley:
Access Tokens
I think this is for managing the page, but we can't get webhooks from here...
Server Process
I think we shouldn't install the apps from the server. It's a one time operation and should be done by the administrator of the page.
If we have some problems with the subscription edge, we could send an email to the webmaster with some logs describing the issue. This means that we don't know the page, but only the FB app.
GET api/feed/webhook : Verification Request: Verify token + respond with challenge field (to which URL?)
We respond to the request (there isn't another request made).
Models
Do we need a category? (I would say yes probably)
Otherwise it looks good, anyway it is the model sent by the webhook no?
Let's close this as it's no longer the goal of the K-App (maybe we can do something like this in https://github.com/K-Fet/kfet-insa.fr). Feel free to re-open it if it still is :wink:
Goal
Create a home page for Guest visitors. This page will be composed of cards representing a news. The card interface is described below.
A card could be:
Implementation
Front
In sprint 5, we will use material card to display cards. In next sprints, we will implement a unique card view in order to display custom card in a much better way.
API EndPoint
GET /feed?offset=XX
Get the 40 lastest news including facebook news and custom news with XX offset (we will define this figure considering ServerMonitoring logs). This request have to be cached in the server memory (or in a redisDB?). It is computed every X minutes (depends of the facebook application limits).The following endPoint will be implemented in next sprints:
POST /feed
Create a cardPUT /feed/{id}
Update a cardDELETE /feed/{id}
Delete a cardGET /feed/categories/
Get all categories.POST /feed/categories/
Post a new categoryPUT /feed/categories/{id}
Update a new categoryDELETE /feed/categories/{id}
Delete a new categoryCard Interface
Facebook edge to card support
For the begining, we have to support only post. In next sprints, we can implfutherement: link, status, photo, video, offer.