shobrook / typesense Goto Github PK

https://stackoverflow.com/questions/31151644/using-pymongo-with-public-ssl-key

Back End

Add to the messages list as if it were the last real message, and then only have 19 "real" messages to display + the predictive one?

Front End

Button inside the extension popup somewhere. Disappears once clicked.
When clicked, slide all messages up by one message slot.
Add in new message blob, opacity 50%.
Reset when they close the popup

Write a GET request function (like the post request already written) in background.js. It should take in a URL (the endpoint), the payload (messages/credentials), and a callback (a function that does something w/ the response).

After that, write the analyzeSentiment() function that takes in a list of message objects assigns a sign (+/-1) to each emotion category and then sums all the valences. It should return an ordered list of sentiment objects, where each sentiment score is scaled between -100 and 100. Each sentiment object is structured as such: {"sentiment": int(), "message": str(), "received": bool(), "id": int()}

Needed to be in this ridiculous format for the Hackathon but we're scrapping that

From {"hash": {"sentiment" : int(), "author" : bool()}, ...} to [{"hash": str(), "sentiment": int(), "author": bool()}, ...].

Button inside the extension popup somewhere. Disappears once clicked.

When clicked, slide all messages up by one message slot.

Add in new message blob, opacity 50%.

Reset when they close the popup

Add Chrome Webstore badges: https://shields.io/

"Help, I forgot my password."

Most websites use an email loop to authenticate users who have forgotten their password.

To do this, generate a random single-use token that is strongly tied to the account. Include it in a password reset link sent to the user's email address. When the user clicks a password reset link containing a valid token, prompt them for a new password. Be sure that the token is strongly tied to the user account so that an attacker can't use a token sent to his own email address to reset a different user's password.

The token should expire in 24 hours after it's created OR when it's used.

Expire any existing password tokens when the user logs in (if they remembered their password) or requests another reset token.

Attackers will be able to modify the tokens, so don't store the user account information or timeout information in them. They should be an unpredictable random binary blob used only to identify a record in a database table.

Remember to pick a new random salt when the user resets their password. Don't re-use the one that was used to hash their old password.

Hash + Salt

Package options:

• Argon
• Bcrypt
• password-hash-and-salt
• scrypt

Salt client side hashes

DO NOT make the client-side script ask the server for the user's salt because it lets bad guys check if a username is valid without knowing the password.

flask-bcrypt takes care of salts.

Resources

• https://www.abeautifulsite.net/hashing-passwords-with-nodejs-and-bcrypt
• https://crackstation.net/hashing-security.htm

When an account is registered, the account is not valid until a confirmation link sent to the user's email account is clicked. Pop-up on the front end letting the user know to check their email is also important.

File "/Users/alichtman/Desktop/Projects/TypeSense/server/server.py", line 194, in change_conversation
    {"$push": {"connections": ObjectId(str(connection))}}
TypeError: unhashable type: 'dict'

Curl Request:

curl -X POST -H "Content-Type: application/json" -d '{"email": "[email protected]", "fb_id": "shobrookj", "messages": [{"author": true, "message": "Test 1"}, {"author": true, "message": "Test 2"}, {"author": true, "message": "Test 3"}, {"author": true, "message": "Test 4"}, {"author": true, "message": "Test 5"}, {"author": true, "message": "Test 6"}, {"author": true, "message": "Test 7"}, {"author": true, "message": "Test 8"}, {"author": true, "message": "Test 9"}, {"author": true, "message": "Test 10"}, {"author": true, "message": "Test 11"}, {"author": true, "message": "Test 12"}, {"author": true, "message": "Test 13"}, {"author": true, "message": "Test 14"}, {"author": true, "message": "Test 15"}, {"author": true, "message": "Test 16"}, {"author": true, "message": "Test 17"}, {"author": true, "message": "Test 18"}, {"author": true, "message": "Test 19"}, {"author": true, "message": "Test 20"}]}' http://localhost:5000/TypeSense/api/change_conversation

https://docs.mongodb.com/manual/administration/security-checklist/

"Once people are logged in, you also need to give them a way to log out, disconnect their account, or delete it all together. In addition to being a courtesy, this is also a requirement of our Facebook Platform Policy."

https://developers.facebook.com/docs/facebook-login/userexperience/

https://softwareengineering.stackexchange.com/a/212459

Incredibly crude mock up: https://www.figma.com/file/Bk5uT8lir6YRk2JwtxkFF5Nl/Display

Do we want to analyze the sentiment of each message individually (out of context) or in sets of 3-4 messages (in context)?

ABABA? ABA? Sets of 3/4/5 messages, regardless of who sent them? What if all of the last messages are all sent by one person?

Azure forces sentiment analysis of only one string at a time, so we can't do contextualized sentiment scores unless we join them into one string.

Opinions on what we should do?

No point in designing a secure registration system only to switch to FB auth later.

• https://stackoverflow.com/a/12538742/8740440
• https://github.com/blackgirl/Facebook_Oauth2_sample_for_extensions
• https://medium.com/@evangow/truly-serverless-build-an-mvp-using-the-facebook-groups-api-deploy-as-a-browser-extension-1c66d4fa256f

^^ This looks promising, maybe. @shobrook, read step 3 and lmk if this is applicable. I understand Step 1, but I don't know where the rest of the code goes.

• https://developer.chrome.com/apps/app_identity

This is used to get Oauth2 keys. Need to add "identity" permission in manifest.json

We could do Google Auth pretty easily, but it makes a ton more sense to do FB auth. It's a pain, but...

Nice.

The sentiment bars are incorrectly offset on the X-axis. They all need to be pushed to the left somehow.

First Category: Walking Your Dog Food to Market by Fulcrum
Create the best open source contribution with commercial viability.

Second Category: Fund Your Dreamscape by 1517
Innovate and extend an existing open source project in an entrepreneurial way.

Once everything else is taken care of:

1. Create developer account for TypeSense (should not be one of our personal accounts)
2. $5 one-time set up fee
3. Release extension in webstore

I don't know why you would really care about 2FA on this extension, as we've done a good job of storing no private data on the server un-hashed (no passwords/messages), but it would make me happy so...

@shobrook just need you to proof my work. I have this done. PR open

Due to the structure of server.py, we need 23 messages before we can display any sentiment data. We need a front end notification letting people know the extension isn't broken (completely), and that they need more messages before we can do anything.

https://github.com/vaderSentiment/vaderSentiment-js

I know "spaced out" isn't the right terminology but I couldn't improve it any further