Jump to content

Wenlue Zhang

Members
  • Content Count

    13
  • Joined

  • Last visited

Posts posted by Wenlue Zhang

  1. On 11/15/2020 at 12:03 AM, Ryan Bentley said:

    Yes, certain endpoints are public and do not require token authentication.

    But now we can't just call public endpoints from a browser because of CORS issue. Instead, we have to write backend code acting as a "proxy" to expose the data to the front end. Just for confirmation, is it also a expected behaviour?

  2. 3 hours ago, Nestor Perez said:

    Why would you make a request to an API requiring a token from a browser? You'd be leaking your token.

    For sure we won't put the token in our front end code 😂 But currently there are some endpoints (e.g. /rating/{cid}/rating_times) which are accessible without a token. Just assuming they are open to public and does not require the token... Isn't it intended?

  3. Hi,

    Just wondering if it is an intended behaviour for the API disallowing cross-origin requests? It seems to miss "Access-Control-Allow-Origin" and all other related headers in the response.

  4. I am wondering if an application separates front-end and back-end, how do we integrate VATSIM Connect into it? 

    I did some searching for this and inspired by a question on StackOverflow (I like the flowchart! Re-post it below). Now my guess is that the whole process of the authorization will be divided into these steps below. Please correct me if I am wrong.

    1. User clicks the "Login" button on the front-end. The application redirects the user to /authorize endpoint.
    2. VATSIM Connect returns an authorization code.
    3. The front-end sends the authorization code to the backend.
    4. The backend uses the code and sends a POST request to VATSIM for access_token and refresh_token
    5. VATSIM responses with access_token and refresh_token
    6. The backend uses access_token and gets user information from VATSIM, then generate a token, which is used to communicate with the front-end.
    7. The backend returns the token to the front-end.

    But then here comes the questions. Note that there may be more than one versions of front-end (e.g. Web App, iOS app, Android App, etc.) for the backend, and the front-end may not be under the same domain as the backend (CORS issue).

    1. What credentials should be included as parameters in the requests for each step above? I would put my guess here.
      1. From the documentation, for /authorize, at least "response_type", "client_id", "redirect_uri" and "scope" are needed.
      2. VATSIM Connect returns as with "code" for authorization code.
      3. For the communication between front-end and backend, at least "code" is required. It also needs to send "client_id" to the backend.
      4. To use /token endpoint, "client_id", "client_serect", "code" are needed.
      5. VATSIM Connect returns "access_token" and "refresh_token" in the response
      6. To use /user endpoint, "access_token" is required
      7. The backend returns "token" to the front-end.
    2. Where should the "client_id" get stored? Or use different "client_id" for each version of front-end? This may lead to a different answer to 1.3 above.
    3. Where should the "client_secret" get stored? This may also affect the answers above.
      1. If the front-end is a web application, apparently storing it there is not a safe option.
      2. If storing it in the backend, what should the "redirect_uri" be set to? (front-end/backend)

    The question appears as in the OAuth 2 standard (RFC6749), the authorization server should also support "response_type=token", allowing a client can directly get a short-lived access_token to gain user data, while VATSIM Connect only supports for "response_type=code". This requires the usage of "client_secret", which is not suitable to be exposed in a web application. But I think the process above should (almost!) solve the problem, except that there may still be some security issues existing. 

    spacer.png

  5. spacer.png

    Dear all pilots:

    VATPRC invited your join to Tour of China 2020 events! We started our Tour of China (ToC) event series again 4 years since the last ToC. Started from Beijing, the 13-leg event has gone across China mainland in 3 months. This is the last leg of this series event! We can't wait to see you. Let's have a special Tour of China this summer!

    Since the default sceneries may not reflexing the most up-to-date airport facilities for most of our featuring airports, for the sake of making our controllers' lives easier, please make sure you have installed recommended sceneries. Thank you for your cooperation!

     

    Leg 13 | Harbin Taiping [ZYHB] >>> Beijing Capital [ZBAA]

    Event Date and time

    Saturday, Sept. 5th, 2020, 1200z – 1600z, 2000CST – 2400CST

    Featuring Airports

    • Harbin Taipin International Airport (ZYHB)
    • Beijing Capital International Airport (ZBAA)

    Route

    • ZYHB – ZBAA (AIRAC2001 and above)
      • RUSBO G212 UKDUM W49 OSUBA

    Charts

    [VATPRC-Pilot Center] (Needs login via VATSIM Connect)

    Sceneries

    [VATPRC-Pilot Center]

    RVSM Rules

    China has implemented RVSM in Metric level system. For details, Please visit Chinese RVSM

     

    VATPRC有你,更精彩
    You Make the Difference

  6. [2020-08-29] Tour Of China 2020 Leg 12 | Hulunbuir – Harbin

    Dear all pilots:

    VATPRC invited your join to Tour of China 2020 events! We are going to start our Tour of China (ToC) event series again 4 years since the last ToC. Started from Beijing, the 13-leg event will go across China mainland in the following 3 months. We can't wait to see you,Let's have a special Tour of China this summer!

    Since the default sceneries may not reflexing the most up-to-date airport facilities for most of our featuring airports, for the sake of making our controllers' lives easier, please make sure you have installed recommended sceneries. Thank you for your cooperation!

     

    Leg 12 | Hulunbuir Hailar [ZBLA] >>> Harbin Taiping [ZYHB]

    Event Date and time

    Saturday, August 29th, 2020, 1200z – 1600z, 2000CST – 2400CST

    Featuring Airports

    • Hulunbuir Hailar International Airport (ZBLA)
    • Harbin Taipin International Airport (ZYHB)

    Route

    • ZBLA – ZYHB (AIRAC2001 and above)
      • TEPOD B451 ONINA

    Charts

    [VATPRC-Pilot Center] (Needs login via VATSIM Connect)

    Sceneries

    [VATPRC-Pilot Center]

    RVSM Rules

    China has implemented RVSM in Metric level system. For details, Please visit Chinese RVSM

     

    VATPRC有你,更精彩
    You Make the Difference

  7. I have just tested the API endpoint /ratings/{id}/atcsessions/. I found that it is working correctly when a user is not currently on any ATC position. Otherwise, the API will return a server error. So I guess it may not handle an incomplete session well. Is it possible to use an object with some null properties to represent the user is currently still in a session?

    Error.thumb.png.9aec57fabf6aae04a6b9467db173242b.png

     

  8. 13 minutes ago, Nick Harasym said:

    Hey there,

    This user looks to have been missed in the last run of the CIDs. I've ran this one and the hours now reflect properly. 

    My data has not been updated as well... I gained 96h of flying and 20h of controlling time in the last two months and they didn't get added. Seems many users have been missed in the run.

  9. 26 minutes ago, Nick Harasym said:

    Hey there!

    This issue has been resolved either way. Legacy code was using poor calculations. The new method is more accurate. If any major discrepancies are found we will review them.

    Hi Nick,

    Not sure if this API is using the new method to calculate time, but I found the API seems tend to delay calculating the time. We have just found an example for this by chance just yesterday.  The user applied for ATC training so we tried to see if the pilot has met the requirement of online flying hours. When we compare the time from this API and the stats website, we noticed the API returned 5h and the stats returned 51h. We almost rejected the application if we were not use the stats website for a double check.

    Then, we tried to dig down into the statistics. We found the pilot gained 6h in 2017, 45h on the past 2 months. What the API returned is exactly what the pilot previously gained in 2017. By this observation, I guess the API here failed/delayed to count the time that a user recently gained. 

    If there is another API using the new method you mentioned, is it possible to integrate it into this API here? Thanks in advance.

    api.thumb.jpg.9a2a86d4e0ae9b133c74afe73e5cfb58.jpgstats.jpg.6f7c0cb02a9bcab79aa2f1458fa5f200.jpg 

  10. Hi,

     

    I am the Webmaster of VATPRC. Our voice server stopped working a few weeks ago for some unidentified reasons. I would like to ask if anyone has the source code of the "voiced" program, which hosts the voice server, or the latest version of that program so that we can try to debug that program on our machine.

     

    Basically now what we got is when we execute the program, we get these messages:

     

    UDP bind to 3782 failed: 99. 
    TCP port bind failed for port 3723. 
    TCP port bind failed for port 3782. 
    TCP port bind failed for port 22001.
    

     

    We couldn't find any log file that is related to this issue except these messages above. We have tried to run the program on another fresh-installed Linux machine and change the ports used for binding, but neither of these work. We [Mod - Happy Thoughts]ume that 99 is the error code for socket binding. However, without the source code, we are not likely to determine where the program went wrong.

     

    We also checked our config.ini file, but it seems to be making sense, as it was working fine in the past few years and the configuration file was remaining the same for these years.

     

    I sent an email to VATSIM3 & VATSIM5 but I didn't get any reply... Does anyone have suggestions on what we suppose to do to resolve these problems? Thanks!

  11. Hi guys,

     

    We are also experiencing exactly the same problem starting from about 1 week ago. The server is set up similarly to Or's. An email with client key and ip address has been sent to Aidan's email address.

×
×
  • Create New...