I have an address, I need to get the coordinates of it, then retrieve some PDF based on that.
For the coordinates, I’m using GMaps. If the address is unambigous, then it’s easy.
But if the address is ambigous (not found or more than one coordinate is returned), then I show a static html with gmaps json, and allow the use to choose a coordinate. The clicked coordinate is returned to me as a GET request on a specific URL. This is the async part.
Now I put every needed data in that callbak URL, protecting it with a MAC, but the data flow is disrupted here.
To get the PDF, I check the address, possibly serve the static HTML for clicking the coordinates, and “get back to work” in a separate handler, for a separate (hopefully not forged) request, continuing the flow.
This continuation disturbs me. Is there a better way for doing this, or a better way to think about it, to avoid the uneasiness?
Maybe I was naive when said that I can secure the staticHTML -> gmaps js -> service chain, as after serving the staticHTML, a malevolent client can do anything with it. Only an asymmetric crypto could help, but I don’t know whether this really needs it.
Just having a quick look at the project I see a big issue. You are storing state in the backend in memory: the Interactive's content and the mac’s key are the first things that I saw.
That’s very problematic:
If your server is restarted in the middle of a user’s session, their session will be broken.
You can just have one server process running rather than having more than one behind a load balancer.
My first tip would be to keep all that state out of memory.
With regards to what you want to do. Why do you need to generate the coordinates in the server? If you are gong to be showing a webpage to the user anyway you could simply use google maps javascript to let the user enter the address and pick the coordinates.
Also, keep in mind that assigning a user the coordinates based on the geocoding of the address without having the user be able to confirm that might produce the wrong result. Geocoders are not perfect and there are cases where you might be given the wrong set of coordinates.
You’re right, thant Interactive is not usable ATM. I’m trying to translate a service written in Python, which has a handler which gets an ID, fetches the address from the database, calls gmaps api to get the coordinates for it. If it returns exactly one coordinate, then updates the db with that and uses those coordinates to fetch the PDF from another service, and both store it in another service and serve it to the user.
If it returns zero or more than one answert to that address, then serves that html page with gmaps javascript, to let the user choose a coordinate. When the user double clicks somewhere, then that javascript calls another service, which stores the coordinates in the db and calls the other service for the PDF…
This “serve the html, and that may call the ‘set’ service someday” is what bothers me a little bit. But I see no other solution.
I’ve tried to protect the “set” service with a MAC, but now I’m confused, is it possible at all?
As far as I see, I can only assume “this set ID transaction was started by my service” if that MAC is ok, but cannot say that “the client HTML wasn’t forged and this request is made by that javascript as the benevolent user wanted”, as it could be forged.
That’s why I think now that this whole MAC protection is uneffective and too much complexity for nothing.