Is there any built in functions or methods to create a Fab2Fab com ?

lcollong

lcollong

FabriKant d'applications web
Hi,

I need to display a fabrik list on a public site which data come from another fabrik site (private). Initially the 2 databases were on the same network and I used a second connection in the first site to open the other DB and display the list : quick'n easy !

It's no longer possible ; mainly for security reasons.
So, each time a record is updated in the site A, I need to call an url/API which will send these data to the site B. This means site B needs to have a kind of web service listening for that and making the update of the local table. The same for insert and delete. It's only one way.

The data themselves are public. The exchange does not need to be highly secured. However the webService listening on site B has to be bullet-proof in case of external hack attempts (php or sql injection). Also, I'd like site B being sure that the request is coming for the known site A.

Is there already such a mechanism inside Fabrik ? Or some part of it I may use ?

Thanks for any ideas.
 
Fabrik connection can connect to an external DB also (if this server/DB does allow it)
 
There really isn't anything built in to do that, no. That was one of the reasons we created the "Connections" feature, so you could use external databases.

It might be possible to write a couple of PHP form submission scripts which do CURL calls, one for 'onAfterProcess' which posts all the data from the form to your other server, and one which runs 'onDeleteRows' to post a row deletion. But even then you've got problems, because we rely on J! authentication, we don't have anything like OAuth for Fabrik to Fabrik authentication. And the CURL calls won't have the authentication credentials.

Really, the only way to do this is to open up a pinhole in the firewall on the second server to allow connections from the other one.

-- hugh
 
The CURL stuff isn't that hard, just a case of grabbing the posted form data and sticking it into the CURL post data, but the problem will be authentication. Unless your list ACLs on the private site are set to Public, you won't be able to post. You might be able to use a basic auth header, base64 encoding a pre-set username and password, but you won't be able to carry over the user from the public session. And you wouldn't be able to use form security tokens.

We did consider a while ago writing a REST API for Fabrik, but it's an awful lot of work, and just not enough "win" for us to justify the time ... not many people would use it, wouldn't generate much interest or extra subscriptions.

-- hugh
 
I finally went to a very simple solution. The site A has a script which dump the target table in a json format without any parameters while being run from the site B. This later get the JSon, delete all rows from the local table and, finally, insert all the data from the JSON into the table. A cron does that each day. There is no security issue as the data themselves are public and the "web service" does not accept any parameter. It produces always the same result.
 
You must log in or register to reply here.

Useful links

  • Create a Fabrik Account (Downloads)
  • Create a Forum Account
  • Fabrik Wiki
  • Fabrik 4 Changelog /Install /Upgrade
    • We are in need of some funding.
    More details.

    Thank you.

    Members online

    Total: 131 (members: 1, guests: 130)
    Back
    Top