search

Ziggeo / ReactNativeSDK

React Native SDK
Apache License 2.0
7 stars 6 forks source link

Ziggeo.VideosApi.destroy not working #64

Closed jessypouliot98 closed 3 years ago

jessypouliot98 commented 3 years ago

Sample code

delete = async () => {
        if (!this.state.token) {
            return;
        }

        Ziggeo.cancelRequest();

        try {
            await Ziggeo.VideosApi.destroy(this.state.token);
        } catch (error) {
            console.error(error); // [Error: Error not specified.]
        }

        this.setState({ token: null, currentState: VideoCommunication.STATE.NULL }, () => {
            this.onTokenUpdated();
            this.onStatusUpdated();
        });
    }

After a video has been fully uploaded/processed, we have the ability to delete the video. Though, the API isn't working properly which is throwing an unspecified error as commented in sample code.

Additional info:

jessypouliot98 commented 3 years ago

From additional investigation, it might be because we need server_auth parameter like descbribed for Javascript SDK

Though, the following is the react-native function declaration..

destroy: async function (tokenOrKey) {
    return Videos.destroy(tokenOrKey);
},

It does not support additional args.

3akat commented 3 years ago

Please try to use Ziggeo.setServerAuthToken(token)

Bane-D commented 3 years ago

Just to add a bit more information related to this in case someone else finds the same. It contains important info so I do suggest reading till the end.

By default we are blocking the delete requests because anyone could make them. By default we allow create, read and update ones.

You can however make the change on the CRUD actions to not allow any of those or to allow all if that is the type of use case that is OK with you.

Now, "blocked by default" means that it is possible, however only if the request comes from authorized person. The way we can tell that someone is authorized is by the use of our auth tokens.

There are 2 types:

  1. Client auth and
  2. Server auth

Client auth are longer "hashes" of the permissions that you allow which can be created on fly on your server without the need to contact our system first.

The server auth is same thing done differently, where you send permissions to our system which then sends you back the auth token that you can use (short string much like video tokens are).

What is important is that all auth tokens should be created outside of your app - that is on your servers. By adding the codes needed to create auth token into the app itself it is the same as removing all requirements for auth tokens because anyone that opens your app files will be able to see this info and do any actions you could do.

What we suggest to our customers and how they add it is to create the auth tokens on their server side. Once they do they can pass the token or auth string to the mobile device. Both of these are safe as anyone with bad intentions would not be able to do much with this.

Auth tokens are going to make things harder to work with if there is anything off so my personal suggestion to our customers is to always enable that at the end. It is very easy to enable or disable this feature however it is much easier to debug something with it off :)

You can find some more info about it here: https://ziggeo.com/docs/api/authorization-tokens and https://ziggeo.com/docs/api/authorization-tokens/create-and-use

For server side you can use any of our server side SDKs such as: https://github.com/Ziggeo/ZiggeoJavaSdk/ or https://github.com/Ziggeo/ZiggeoPhpSdk or any other

https://ziggeo.com/docs/sdks/server-side/

PS: When using the keys, make sure to add underscore before the name when calling it. For example if you have a video key (or any key) named as "my_video" then in the call you would use it as "_my_video" otherwise it will not work.

jessypouliot98 commented 3 years ago

Thank you, it worked :)