Making apps available publicly

Emoncms
, , , ,
1

Just thought I’d share a little trick to view the emoncms apps publicly via a prettier url eg

https://server.com/emoncms/user/mysolar

rather than

https://server.com/emoncms/app/view/?name=MySolar&readkey=abcd1234abcd1234abcd1234abcd1234

this also means you are not sharing your “readkey” which is actually your readonly apikey and allows any users with access to any of your apps to repurpose that readkey and read any of your data or see any of your dash’s.

Simply create a new dashboard name it and give it an alias “MySolar” (or what ever else you wish to call it) and set it to public.

Then open that dash in edit mode and add a simple paragraph widget up into the top left corner and expand it to fill the page.

Add the following to the widget config

<object type="text/html" data="https://server.com/emoncms/app/view/?name=MySolar&readkey=abcd1234abcd1234abcd1234abcd1234&embed=1" width="100%" height="100%"></object>

replacing the url, readkey and app name as required.

you can also change the dash background to match the app background in the dash config eg the MySolar background is red:34 green:34 blue:34 in the color picker panel. Save the dash even if it says “not changed”

Now the app should be available via the short (public?) url.

I’m sure this will also work even if you don’t want public apps, but just want consistent urls, you will just need to use the apikey in the usual way.

My goal here was just to unify the url structure for one of my clients so they could access multiple dashboards and apps by just changing the name of the account or the name of the dash/app eg

https://server.com/user1/mysolar
https://server.com/user2/mysolar
https://server.com/user2/somedashboard

or for private pages

https://server.com/dashboard/view/mysolar?apikey=_user1readonlyapikey_
https://server.com/dashboard/view/mysolar?apikey=_user2readonlyapikey_
https://server.com/dashboard/view/somedashboard?apikey=_user2readonlyapikey_

it just makes it easier for the end user who doesn’t understand (or care about) the difference between an app or a dash, why the url needs to be different and how to recognize an app vs dash.

This isn’t intended to be secure, although this removes the need to have the apikey in the url for apps module just to identify the user, the readkey is still present if you “view source” the webpage. Nor have I tested extensively with other browsers, I’m using chrome.

3 Likes
2

Thanks for the share. I’ll putting this to use.

Like wish dashboards &embed=1 Is there a way to remove to heading, the bar showing the login button?

Edit: Got it, I added “&embed=1” as a suffix after the URL. Great stuff!

Edit edit: the top example doesn’t work for me. my app name is mysolar, tried exactly the format prescribed. I’ll have to stick to the apireadkey use for now.

3

@pb66 just checking that this doesn’t really improve security as you are still publically publishing your readkey (ie. if I viewed the HTML page generated the URL and key are in there ?)

4

You should be using the dashboard alias rather than the app name.

What do you mean by “doesn’t work for me”, do you get an error? A 404? An app with no data? or do you mean “doesn’t work for me” as in “I’m not keen on using that approach”?

If the dashboard is set to public and has an alias set up, then anything you embed in that dash will be available via https://server.com/emoncms/user/alias (or https://server.com/user/alias if configured as such), subject to that embeded endpoint being available and you have permissions etc, therefore if the embeded url includes the app apikey, the app will be accessible, publicly.

5

Correct. It was purely to make the urls uniform and tidier, it only adds a smidgen of security (as a bi-product) as the apikey isn’t spelled out in the urls that are passed around. In real terms it offers no real greater security as the apikey is in the page source if users are willing to dig for it. I just wanted to stop having to include it in the app url, the shorter public urls are much neater, if I was willing to share the full app url, then nothing is lost security wise by burying it in the source and removing it from the url used.

6

Hi Paul.

The dashboard shortlink works fine.

The mysolar app shortlink loads a white page with the emoncms header.

I’m on a RPi local install.
I hope that helps.

7

I’m not understanding what the 2 different “shortlink” references are. The aim of this is too use the dashboard alias to view the app. There is only one “short link” in play here.

Lets say you have an app confirmed as working at

http://server.com/app/view/?name=MyApp&amp;readkey=abcd1234abcd1234abcd1234abcd1234

You could then create a new dash with an alias of “appofmine” and make it public. That dash should be available at

https://server.com/user/appofmine

Then edit that dash to have just one widget in the top left corner, a paragraph widget with the following line in it.

<object type=“text/html” data=“http://server.com/app/view/?name=MyApp&amp;readkey=abcd1234abcd1234abcd1234abcd1234&amp;embed=1” width=“100%” height=“100%”></object>

Now that same public dashboard url (alias)

https://server.com/user/appofmine

should show the full “MyApp” app via that “appofmine” url (or shortlink).

You can of course use “myapp” as the dashboard alias so that you can see the app at

https://server.com/user/myapp

but that is possible because the dash alias is also “myapp”, it has nothing to do with the app name directly, they would just happen to be the same if you chose to do it that way.

The dashboard is only there to provide a public wrapper page to a private app by including the apikey in the embedded url. You are not accessing the app directly and none of this impacts the existing url of that app.

I have to confess I have not tried this on an emonPi/SD but I see no reason it shouldn’t work.

If you still cannot get it to work, post the details ie the url to your app and the content of your paragraph widget and your “shortlink” (obviously fudge any apikeys etc, but without altering the details too much).

On a Pi I would assume you could use

<object type=“text/html” data=“http://localhost/app/view/?name=MyApp&amp;readkey=abcd1234abcd1234abcd1234abcd1234&amp;embed=1” width=“100%” height=“100%”></object>

if you do not have a external access setup (dynamicdns and portforwarding) or possibly even something relative like

<object type=“text/html” data=“/app/view/?name=MyApp&readkey=abcd1234abcd1234abcd1234abcd1234&embed=1” width=“100%” height=“100%”></object>

8

I might read the entire message tomorrow Paul.

Suffice to say the first sentence clarified things, the shortlink are for dashboards only then, and not apps.

The original post led me to believe it worked for apps also.

9

That might help

I have to say I’m not entirely convinced

Yes and no, they are specifically part of the way dashboards work, but in this instance the dashboard content IS the embedded app

It was specifically for apps although it could work for other things too I guess.

Forget the apps module for a second. Lets say you embed a picture eg server.com/images/myimage.png by putting an image tag in the paragraph widget. When you navigate to

https://server.com/user/alias

you will see the picture.

So instead of putting the image tag and path in the paragraph, if you put the app url and apikey in the paragraph widget, you will see the app (authenticated by the apikey) in the public dashboard in place of the image. So

https://server.com/user/alias

is specifically the shortlink to the dashboard (not the app), but the dashboard is displaying the embedded app so the shortlink does in fact display the app, in-directly, using the dashboard alias rather than the app name.

As I said, I have not tried this on an emonPi/SD myself so there could be something preventing it from working that I’m not aware of, but your comments strongly suggest you might not using it as intended. If you still don’t get it working tomorrow, post the stuff I mentioned above, as I’m now intrigued as to whether there is something different with your setup (I’m assuming you are using an emonSD/Pi is that right?) that prevents this working.