Get message "Unauthorized" when trying out Server storage (Volt)

StefanL 2017-09-15 13:16:48 UTC #1

Trying out the Server storage feature (Volt), but get a message "Unauthorized". Is there something i missed here?

The code is simple

serverStorage.getItem("test", getItemCallback);
function getItemCallback(error, data) {
    if (error) {
        if (data == undefined) {
            data = {
                message: "Network Error"
            };
        }
        NSB.MsgBox(data.message);
    } else {
        NSB.MsgBox(data);
    }
}

AppStudioSupport 2017-09-15 13:55:32 UTC #2

Is your user logged into your app on Volt?

StefanL 2017-09-15 14:07:37 UTC #3

No, i only need to store/get values for anonymous users

AppStudioSupport 2017-09-15 15:02:41 UTC #4

That's not something that is allowed. You can imagine the potential for abuse!

cayocoder 2017-09-15 15:52:21 UTC #5

From what I understand, Volt requires some level of auth in order to use it for items such as storage. Maybe you can create a proxy login for anonymous users?

StefanL 2017-09-16 13:14:53 UTC #6

Ok, maybe I was unclear regarding storage. I will have a secure environment (with login to a WordPress website, membership) where the values will be stored with PHP code (need to log in programmatically to Volt).

The web app will only read(Get) the values and they are not sensitive in any way (some Url:s).

ok, I can wrap this in my PHP code (some API calls with API key to my own API Rest services) and return the result to the nsbasic web app. But I thought that Volt would be a preferred solution for storing and retrieving these values.

Is there a potential for abuse in this scenario?

What I have tried (working fine) is to call my Rest API from Javascript inside the web app with my API key exposed (that's not good), but i want to avoid that.

james 2017-09-17 07:13:39 UTC #7

If I understand you correctly, it sounds like you are already authenticating users on your end. If that's the case and you trust your users not to get up to any mischief, you can have you app login to Volt programmatically using a single user.

In essence, create your app, then create a user for that app. Once your user is created, you should be able to login with a call to $volt.auth.login - see http://wiki.nsbasic.com/Log_in

Once you've logged in with your user, you can store whatever you'd like. Keep in mind that the user's password will be stored in the source code for your application - so any of your users will be able to see it if they look hard enough.

Let me know if this makes sense. Thanks for your question!

cayocoder 2017-09-18 11:02:06 UTC #8

Regarding the information the web app will read (or Get), does it have to live on the Volt server?

Would this be something that can actually be added to database table or even as a flat file? I mean, you've already authenticated a user(s) on your app and that should give them access to the information or even if they are anonymous and they are a member, they would still already be authenticated.

As for exposing your API key in Javascript, that should never happen. You should use a wrapper that gets called from JS.

StefanL 2017-09-18 11:16:18 UTC #9

Thanks for your answers. I will see if I go for the Volt solution or a database.