Getting start with eBay API Tokens (Oauth) with PHP

Official Guide: http://developer.ebay.com/devzone/rest/ebay-rest/content/oauth-gen-user-token.html

I’ll also cover some mistakes I made.

  1.  Signup at https://developer.ebay.com
  2. Create an App and get the App ID (Client ID) and Cert ID (Client Secret)
  3. Click ‘User Tokens‘ (either from sandbox or production, depend on you)
  4. Click “Get a Token from eBay via Your Application” then “Add eBay Redirect URL
  5. Fill in the form, the only important thing is the “Your auth accepted URL“, it should be under your domain. (You should able to extract the auth code from the call back later, for example $_GET[‘code’] in PHP),  let’s assume this  https://yourdomain.com/accept.php
  6. Take down the value of “RuName (eBay Redirect URL name)” and “Your branded eBay Production Sign In (OAuth)

So far, we’ve done our preparation at developer.ebay.com

Then, on you local developing environment or you production server,:

  1. Set user login you own website
  2. put a hyperlink pointing to the URL of “Your branded eBay Production Sign In (OAuth)
  3. visitor click on that link, and login with their ebay account.
  4. ebay will make a callback redirect to “Your auth accepted URL” if success.

On the “Your auth accepted URL“, prepare a PHP script that get the value of $_GET[‘code’] and save it in sessions. It starts with ‘v%5E1’. this is called “Authorization Code

Next, get an “Access Token” with this “Authorization Code” 

Craft a HTTP Request with whatever you like with PHP.

HTTP headers:
Content-Type = application/x-www-form-urlencoded
Authorization = Basic <B64-encoded-oauth-credentials>

HTTP method: POST

URL: https://api.sandbox.ebay.com/identity/v1/oauth2/token

Request body (wrapped for readability):
grant_type=authorization_code&
code=<authorization-code-value>&
redirect_uri=<redirect_URI>

We have three ‘Variables’ here.

<B64-encoded-oauth-credentials>: Use a Chrome Browser, Right click, Inspect, Console
Then type: btoa(‘APP_ID:CERT_ID‘);
We did take down these two values earlier. and there is a : between.
Hit ENTER, the value inside the double quotes is <B64-encoded-oauth-credentials>

<authorization-code>: the ‘Authorization Code‘ we got in the callback redirect.

<redirect_URI>: This is the tricky part. This can’t be ignored or filled with random things, it’s the value of “RuName (eBay Redirect URL name)

Send the request, and you’ll get the access token and the refresh token.
Follow the official guide to refresh the token if expired.

We are basically finished here, If you wanna call an API, ‘List orders as a seller’ for instance:

GET https://api.ebay.com/sell/fulfillment/v1/order

Headers:
Authorization: Bearer <YOUR_ACCESS_TOKEN>
It’s Bearer this time :), don’t use Basic by mistake.

Remove the Loop Icon for VOX

VOX is the best music players on OSX I’ve ever used.

The Loop becomes one of it’s features to store unlimited music on it’s platform. It’s a good feature, and the only way for the developer to get some pay back for the wonderful applet.

I just don’t need it, and try to save some space for my menu bar.

On the VOX’s preference page, uncheck “Keep Loop Agent Running when” just doesn’t make any sense. Neither for “launchctl remove com.coppertino.VOXCloud” as the developer mentioned.

My way to close that:

Finder – Application – VOX – right click – Show package contents – Contents – Library – LoginItems

You can find the Loop.app here, but things like deleting/renaming/[removing permission] will all prevent VOX from launching.

 

Loop.app – Show package contents – Contents – Resources – Base.lproj

Then rename “MainMenu.nib” to something else for example: “MainMenu.nib.bye”

Quit Loop and restart VOX, Done.

Install PHP7 on Debian 8 Jessie (with Apache)

Important:

Double check your operate system: ONLY  Debian 8 (Jessie) works with this instruction

Apache version: 2.4 which is the default version comes with Debian 8 (Not working with Apache 2.2 or lower)

Install Apache2:

Update package list and upgrade outdated packages:

sudo apt-get update && sudo apt-get upgrade

Install Apache2:

sudo apt-get install apache2

Install PHP7:

Since PHP7 is not included in any Debian official source list, we gonna use the version compiled by Dotdeb.org, which is pretty widely used.

Add source:

sudo nano /etc/apt/sources.list

Add the following two lines to the end of the file:

deb http://packages.dotdeb.org jessie all
deb-src http://packages.dotdeb.org jessie all

If you server is far from US, try find the nearest mirror: https://www.dotdeb.org/mirrors/

Get and Install GnuPG key:

wget https://www.dotdeb.org/dotdeb.gpg
sudo apt-key add dotdeb.gpg

Update packages again

sudo apt-get update

Install PHP7:

here is a list of available packages currently: (By the way, Swoole also work with php7, use ‘pecl install swoole to install’)

php7.0-apcu       php7.0-dbg        php7.0-imagick    php7.0-memcached  php7.0-phpdbg     php7.0-sybase
php7.0-apcu-bc    php7.0-dev        php7.0-imap       php7.0-mongodb    php7.0-pspell     php7.0-tidy
php7.0-bz2        php7.0-enchant    php7.0-interbase  php7.0-msgpack    php7.0-readline   php7.0-xdebug
php7.0-cgi        php7.0-fpm        php7.0-intl       php7.0-mysql      php7.0-recode     php7.0-xmlrpc
php7.0-cli        php7.0-gd         php7.0-json       php7.0-odbc       php7.0-redis      php7.0-xsl
php7.0-common     php7.0-gmp        php7.0-ldap       php7.0-opcache    php7.0-snmp
php7.0-curl       php7.0-igbinary   php7.0-mcrypt     php7.0-pgsql      php7.0-sqlite3

Choose your list of mod, install with php

sudo apt-get install php7.0 php7.0-common php-pear #add your list of mods here

Install mod_php7 for Apache 2.4 and restart apache:

sudo apt-get install libapache2-mod-php7.0
sudo service apache2 restart

That’s it! Done!

 

From Home Router to Business Router

Last month, I got a Ubnt EdgeRouter Pro. It’s my first time dealing with this kind of router.

Most home routers have two interfaces, WAN and LAN. There is usually a 4 port switch for the LAN, and also a wireless AP connected to the LAN.

For the business router, there is no WAN or LAN, just many interfaces, and you define them, and setup their relations and connections.

 

Demo 1: A basic SOHO setup (WAN and LAN)

Here is how the interface dashboard looks like:

Screen Shot 2016-02-25 at 11.55.59

Follow this example from UBNT:

https://help.ubnt.com/hc/en-us/articles/205197660-EdgeMAX-SOHO-Example

remember, if you WAN  is using a public IP without DHCP, you should setup the system gateway [System(lower-left-corner) -> System gateway address:]

Demo 2: Setup Routed Native /48 IPv6

Assume you’ve already have an IPv6 allocation:
/64 Allocation :2001:64:64:64::/64

/64 Gateway:  2001:64:64:64::1

 

Now, you need a /48 IPv6 routed to 2001:64:64:64::2 (It could be any non-gateway address under your /64 assignment)

/48 Allocation:    2001:48:48::0/48

/48 Gateway defined by yourself: 2001:64:64:64::2

/48 LAN interface address: 2001:48:48::1/48

Your ISP will route 2001:48:48::0/48  to  2001:64:64:64::2 by your request.

 

(I searched over the Internet, only tunneled IPv6 setup instructions was found)

 

Here is my instruction:

  1. Set the /48 gateway [2001:64:64:64::2] as one of the WAN’s addresses.
  2. Set [2001:48:48::1/48] as the address for LAN (pickup the one you prefer, this is the LAN address,  just like 192.168.1.1 for you home router)
  3. ConfigTree – protocols – static – router6 [For step 4 and 5]
  4. add route to [0::0/0] update-list then set it’s next-hop to [2001:64:64:64::1] This will define the default route for /64
  5. Goto interface-route6 add route  [2001:48:48::0/48] next hop interface should be your LAN interface
  6. Move to interfaces – ethernet – eth0[depends on your WAN] – ipv6 – router-advert – prefix
  7. add perfix [2001:64:64:64::1] – update-list
  8. Move to firewall – ipv6-name add some rule sets on your demand
  9. Preview and Apply setting
  10. Setup your client’s (a server connected to LAN for example) IPv6 address.

 

 

Note on sshd_config Setup

What’s sshd_config?

It’s “OpenSSH SSH daemon configuration file”

Simply means the config file for OpenSSH Server.

Located at /etc/ssh/sshd_config

My reference

http://www.freebsd.org/cgi/man.cgi?query=sshd_config

ListenAddress and Port

By default, OpenSSH will listen on port 22 for all address(0.0.0.0 and ::)

There can be multiple Port defined, for example:

Port 22
Port 622

OpenSSH will listen on both ports

ListenAddress specify the address to listen, the address can be hostname, ipv4 or ipv6

You may also add an optional port number, for example:

ListenAddress 192.168.1.120
ListenAddress 1.2.3.4:922
ListenAddress ddns.example.com

OpenSSH will listen on 192.168.1.120 and ddns.example.com at port 22, plus 1.2.3.4 port 922

If there are multiple “Port” specified:

Port 22
Port 622
ListenAddress 192.168.1.120
ListenAddress 1.2.3.4:922
ListenAddress ddns.example.com

Then 192.168.1.120:22   192.168.1.120:622   1.2.3.4:922  ddns.example.com:22  ddns.example.com:622 are listened

 

If port is not specified, sshd will listen on the address and all prior Port options specified.

Access Control:

Process order: DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups.

If none of the four is defined, login is allowed fro all users.

If Allow* is defined, login is only allowed to declared users and groups.

Only username and groupname are accepted, UID and GID are NOT.

In the following example, only ‘root’ and ‘user’ are allowed

PermitRootLogin yes
AllowUsers root user

In the following example, only ‘user2’ is denied.

DenyUsers user2

Limit user to specified destination address and port

Supposed the OpenSSH server is listening to multiple IPs (1.1.1.1 and 2.2.2.2)

At the end of sshd_config file: add:

# Only user'git' can access to server address 2.2.2.2
Match LocalAddress 2.2.2.2
AllowUsers git

You may also specify port

# Only user'git' can access to server at port 622
Match LocalPort 622
AllowUsers git

You may also specify address and port

# Only user'git' can access to server 2.2.2.2:622
Match LocalAddress 2.2.2.2 LocalPort 622
AllowUsers git

Note:

Match Introduces a conditional block. If all of the criteria on the Match line are satisfied, the keywords on the following lines override those set in the global section of the config file, until either another Match line or the end of the file. If a keyword appears in multiple Match blocks that are satisfied, only the first instance of the keyword is applied.

 

Limit user from specified source address

# Allow root only from client_ddns.example.com and Allow 'user from' 67.67.67.0/24
# Allow user2 from any host 
AllowUsers root@client_ddns.example.com user@67.67.67.* user2

More details on HOST:

Host: Restricts the following declarations (up to the next Host or Match keyword) to be only for those hosts that match one of the patterns given after the keyword. If more than one pattern is provided, they should be separated by whitespace. A single `*’ as a pattern can be used to provide global defaults for all hosts. The host is the hostname argument given on the command line (i.e. the name is not converted to a canonicalized host name before matching). A pattern entry may be negated by prefixing it with an exclama- tion mark (`!’). If a negated entry is matched, then the Host entry is ignored, regardless of whether any other patterns on the line match. Negated matches are therefore useful to provide exceptions for wildcard matches.

Here is another approach using Match:

At the end of sshd_config file: add:

# Only user'git' can access to server address 2.2.2.2
Match Address 67.67.67.0/24 User user
AllowUsers user

Bugs and Tips found recently

1: Teensy as a keyboard does not work properly in GRUB.

Solution: break your long input into parts (<=3 chars) and add delays (50ms is enough) between them.

 

2: In Debian and Ubuntu, your may install some PHP PECL modules just by using

sudo apt-get install php5-pecl-http php5-propro php5-raphf

(PHP run as an apache mod)

Restart Apache, php -m does not show any new module installed.

Try add ini files(propro.ini File Content: extension=propro.so) to /etc/php5/mod-available and make link (15-propro.ini for example) at /etc/php5/apache/conf.d pointing to /etc/php5/mod-available/propro.ini

restart Apache again, php module still not loading.

The solution:

use php5enmod propro instead :)
3: Dell PowerEdge RAID Controller (PERC) H730 and SSD.
Unable to build raid for Samsung 850 EVO SSD in the Lifecycle Manager.

Solution: goto BIOS and find device management- raid controller then build your RAID there.

My note on Installing OpenWRT on Banana Pi R1 (BPi-R1)

Today, I just got my Banana Pi R1.  Here is a simple guide to set it up as an OpenWRT router.

Step 1: Flash the TF(microSD) card.

  • Goto the download page of BPi-R1 (http://www.bananapi.com/index.php/download?layout=edit&id=65)
  • Find and download the latest OpenWRT Image, which is version 4.0 (01/09/2015) as I write this.
  • Write the OpenWRT image to the TF card. I use OS X, here is the code I used in Terminal:
  • Find the disk number of your TF card. Mine is disk2[Bold number may varies on your computer, wrong number will cause serious problem, you will lose your data on the wrong disk]:
    diskutil list

    Unmount it:

    diskutil unmountDisk /dev/disk<strong>2</strong>

    Write the image:

    sudo dd bs=1m if=~/Downloads/BPI-R1_OpenWrt_V4.0.img of=/dev/rdisk<strong>2</strong>
  • If you are using other OS, follow the guide here (From Raspberry Pi, their are all the same except the image)
  • Eject the TF card  from your computer and insert it into Banana Pi.

Step 2: Power On your Banana Pi R1.

  • Plug in the 5V power cord to the correct port, it will power on by itself.
  • HDMI is not working on OpenWRT(only works few seconds while booting)
  • Connect the BPI-R1’s WAN to your home router/switch’s LAN (Assume DHCP is enabled )
  • Find the BPI-R1’s IP address. You may find it in the web management interface of your home router. Scan port 80 and 22 for the whole subnet other wise.
  • use root/admin to login BPI-R1
  • Mostly Done.

After that, I found only 80M(VFAT) + 150M(EXT4) was used on BPI-R1, which waste pretty much space on my 32GB TF card.

Extra Step: Expand the ext4 partition. (Inspired by SaruMaaz)

  • Download Gparted Live
  • Write Image to a Flash Drive (Assume the flash drive is disk2)
    sudo dd bs=4m if=~/Downloads/gparted-live-0.24.0-2-i586.iso of=/dev/rdisk<strong>2</strong>;sync
  • Restart OS X and hold Option key while booting,
  • Chooes ‘EFI Disk’
  • Enter your language code
  • Enter 0 and get to the GUI
  • Plug in the TF card, Find the TF card (mine is sdd)
  • Find the 150M partition, right click, change the size…
  • Apply
  • Done

How to get a certification to sign PDFs

I’m trying to get a certification to sign my PDF files these days.

My Goal:

  1. It is a certification signed by a trusted CA in Adobe Acrobat (of course it can’t be self-signed)
  2. It is cheap

What I did:

Check the current list of Adobe Approved  Trusted CA (http://helpx.adobe.com/acrobat/kb/approved-trust-list1.html)

Check those CA’s website.

Many of those CA are used inside their company/organization only, Some “Widely known CA” like DigiCert, GlobalSign, Entrust cost a lot(200-800 USD/year) for the certification, and you maybe asked for purchasing a USB device for the cert, PLUS, some of them limit the number of files you signed.

Finally I found “CERTUM (Unizeto Technologies)” in Porland, they supply a certification for a low cost(~10USD/year)  https://en.sklep.unizeto.pl/data-safety/id-certificates/certyfikat-professional-id.html

(更多…)