These are chat archives for codefellows/sea-b15-javascript

16th
Jun 2014
Kevin Stephens
@kevinmstephens
Jun 16 2014 01:17
cfbot ping
Hailey L. Petway
@hlpetway
Jun 16 2014 01:23
cfbot ping
Kevin Stephens
@kevinmstephens
Jun 16 2014 01:24
taking the weekend off
Hailey L. Petway
@hlpetway
Jun 16 2014 01:24
Seems so
Kevin Stephens
@kevinmstephens
Jun 16 2014 03:16
cfbot ping
Kevin Stephens
@kevinmstephens
Jun 16 2014 04:49
anyone around?
Zach
@ZachBowman
Jun 16 2014 04:51
Just me.
Kevin Stephens
@kevinmstephens
Jun 16 2014 04:54
how does passport get the username and password from the get request?
in our notes app?
I think with superagent you can set the 'email' and 'password' headers in the http request
maybe that's it
Zach
@ZachBowman
Jun 16 2014 05:18
You probably understand this better than I. The notes app has grown into a monster I can no longer tame. I'm think I'm going to start over with something from scratch for learning purposes.
Kevin Stephens
@kevinmstephens
Jun 16 2014 05:24
superagent has a .auth('username','password') method to do http basic auth get requests
alright it's working!
Kevin Stephens
@kevinmstephens
Jun 16 2014 05:31
cfbot ping
CFBot is a Hubot
@cfbot-the-hubot
Jun 16 2014 05:31
PONG
Kevin Stephens
@kevinmstephens
Jun 16 2014 05:31
cfbot mustache me justin beiber
Kevin Stephens
@kevinmstephens
Jun 16 2014 05:32
cfbot mustache me obama
Kevin Stephens
@kevinmstephens
Jun 16 2014 05:33
hmm...
I made a gist with my superagent test file for the notes api, the user routes and authentication
Kevin Stephens
@kevinmstephens
Jun 16 2014 05:51
hmm, now I'm wondering why on jwtauth file we are looking at req.body.jwt_token when it's a get request, I don't think get requests have a body so it should be set as a header
@toastynerd why is the jwtauth middleware looking for jwt_token at req.body.jwt_token for a get request? Shouldn't we set the token in the header and look there for it?
Kevin Stephens
@kevinmstephens
Jun 16 2014 06:16
@toastynerd req.headers.jwt_token ???
that seems to work
Kevin Stephens
@kevinmstephens
Jun 16 2014 06:23
or even token = req.body.jwt_token || req.headers.jwt_token;
Tyler Morgan
@toastynerd
Jun 16 2014 06:23
Yeah, you can do it either way
it was easier for the demo to keep it in the body
also the easy way to do basic auth with super agent is superagent.get(‘http://username:passwored@url')
same way you specify a username with ssh
I generally prefer to set things jet_token in the body because not all rest utilities have header support or it’s more difficult than specifying a body of the request. It’s also not that hard to split up the body of the request into a note object and a token object but you do have to account for it in your server code
Tyler Morgan
@toastynerd
Jun 16 2014 06:29
It’s taking me a bit longer than I thought to get the write up done but a lot of this stuff will be in there.
Kevin Stephens
@kevinmstephens
Jun 16 2014 07:37
@toastynerd don't get requests not have a body though?
rather, they shouldn't have a meaningful body
Tyler Morgan
@toastynerd
Jun 16 2014 15:08
get requests still contain a body that can contain a token
they should have no other meaningful data
Kevin Stephens
@kevinmstephens
Jun 16 2014 15:37
ok, we can really do whatever we want because it's our client side app and our api
Tyler Morgan
@toastynerd
Jun 16 2014 16:05
Yeah, pretty much but it’s also failry standard to have an api that contains authentication info in the body of a get request.
Jeff Adelman
@jeffadelman8
Jun 16 2014 16:56
Hey guys, i was still having a hard time with recursion so I found this on CodeAcademy yesterday. It really helped me wrap my head around recursion... http://www.codecademy.com/courses/javascript-lesson-205/0/1
Ivan Storck
@ivanoats
Jun 16 2014 17:50

any objections to starting class at 12:30pm so that we can watch USA soccer at 3:00pm?

Hailey L. Petway
@hlpetway
Jun 16 2014 18:01
not at all!
Jeff Adelman
@jeffadelman8
Jun 16 2014 18:37
I'm good with that.
Tyler Morgan
@toastynerd
Jun 16 2014 20:06
Nice, here’a link to Zed Attack Proxy https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
Robert Talamantez
@Talamantez
Jun 16 2014 20:08
@toastynerd how do i know that isn't a XSS attack?
Tyler Morgan
@toastynerd
Jun 16 2014 20:08
@Talamantez you don't
=)
Robert Talamantez
@Talamantez
Jun 16 2014 20:08
reassuring
Stephen Boles
@stephenboles
Jun 16 2014 20:46
I was reading in the Socket.IO github they just fixed an XSS vulnerability in their latest commit.
Jeff Adelman
@jeffadelman8
Jun 16 2014 20:50
reassuring
Tyler Morgan
@toastynerd
Jun 16 2014 21:42
@kevinmstephens Here’s the api docks on a tcp socket http://nodejs.org/api/net.html#net_class_net_socket I’ll look for a good tutorial after I finish this auth write up or write one.
Kyle Warbis
@UWarbs
Jun 16 2014 21:54
cfbot ping
CFBot is a Hubot
@cfbot-the-hubot
Jun 16 2014 21:54
PONG
Kyle Warbis
@UWarbs
Jun 16 2014 21:54
cfbot image me 'murica
Tyler Morgan
@toastynerd
Jun 16 2014 22:00
cfbot image me freedom
Kevin Stephens
@kevinmstephens
Jun 16 2014 22:00
cfbot image me machine guns are freedom
Tyler Morgan
@toastynerd
Jun 16 2014 22:00
cfbot image me bald eagle jet freedom
Chelsea Lura
@ChelseaLura
Jun 16 2014 22:01
cfbot image me 'murica
Hailey L. Petway
@hlpetway
Jun 16 2014 22:05
cfbot image me goooooalllll
Alex Lien
@aqlien
Jun 16 2014 22:07
cfbot image me meanwhile in russia
Ivan Storck
@ivanoats
Jun 16 2014 22:31
@ZachBowman @dcorns @stephenboles I have your video recordings, come grab the usb stick from me in the nirvana conference room