Re: Existing javascript SDK for predicitonIO (0.10) ?

17 views
Skip to first unread message

Marius Rabenarivo

unread,
Apr 10, 2017, 8:23:59 AM4/10/17
to us...@predictionio.incubator.apache.org, Mohamed Zouga, actionml-user
Hello,

The NodeJS SDK has the following dependencies :

lodash
request
bluebird

You can download them if you want.

Regards,

Marius

2017-04-10 16:18 GMT+04:00 Mohamed Zouga <moh...@wizacha.com>:
I'am using PredictionIO in a web site, and i want to send the event using Javascript (instead of PHP) is there any know SDK JS for PredictionIO (lastest) ? 
i found some outdated ones in Github, i didn't want to rush into coding one from scratch until i'am sure there is no existing ones, thank you  
P.S : I know there is a NodeJS SDK, i don't have npm and i don't want any dependencies.
--
Mohamed ZOUGA
Stagiaire Data Scientist, Wizaplace
https://www.linkedin.com/in/zouga-mohamed-44b02974/

Mohamed Zouga

unread,
Apr 10, 2017, 8:29:03 AM4/10/17
to Marius Rabenarivo, us...@predictionio.incubator.apache.org, actionml-user
@vaghawan : i don't want to go posting my accessKey allover my requests and writing verbose code when all i might use is a function with one parameter or so.
@ Marius : Why have 3 dependencies (3 more files, supposing those files don't have additional dependencies...) when i can use just Ajax to send my events and requests 
so any JS SDK out there ? 

Vaghawan Ojha

unread,
Apr 10, 2017, 8:31:24 AM4/10/17
to us...@predictionio.incubator.apache.org, Marius Rabenarivo, actionml-user
Hi, 

Ok, in  that case I am currently not aware of any js SDK like you wanted. Someone else may help. 

Thanks

Gustavo Frederico

unread,
Apr 10, 2017, 8:32:38 AM4/10/17
to us...@predictionio.incubator.apache.org, Marius Rabenarivo, actionml-user
You can use this as a starting point.

Gustavo


var _recommendationInner = {
    baseAjaxPromise: function (theData, url) {
        return new Promise(function (resolve, reject) {
            $.ajax({
                type: 'POST',
                url: url,
                data: JSON.stringify(theData),
                contentType: 'text/plain',
                xhrFields: {
                    withCredentials: false
                },
                dataType: "json",
                success: function(data) {
                    resolve(data);
                },
                failure: function(errorMsg) {
                    console.error('Error ' + errorMsg);
                    reject();
                }
            })
                .done(function(data) {
                    resolve(data);
                })
                .fail(function(jqXHR, textStatus) {
                    console.error("error : " + textStatus);
                    console.error("error status text: " + jqXHR.statusText);
                    console.error("error status: " + jqXHR.status);
                    reject();
                });
        });
    }

};

var Recommendations = new function() {

    this.set = function(accessKey, eventsUrl, queriesUrl) {
        Recommendations.eventsUrl = eventsUrl + '/events.json?accessKey=' + accessKey;
        Recommendations.queriesUrl = queriesUrl + '/queries.json?accessKey=' + accessKey;
    };

    /** Events **/
    var viewProductPromise = function(user,product) {
        var data = {
            "event": 'view',
            "entityType": "user",
            "entityId": user,
            "targetEntityType": "item",
            "targetEntityId": product,
            "eventTime" : new Date().toISOString()
        };
        return _recommendationInner.baseAjaxPromise(data, Recommendations.eventsUrl);
    };

    var purchaseProductPromise = function (user,product) {
        var data = {
            "event": "purchase",
            "entityType": "user",
            "entityId": user,
            "targetEntityType": "item",
            "targetEntityId": product,
            "eventTime" : new Date().toISOString()
        };
        return _recommendationInner.baseAjaxPromise(data, Recommendations.eventsUrl);
    };

    /** Queries **/
    var getGeneralRecommendationsPromise = function (number) {
        var data = {
            "num" : number
        };
        return _recommendationInner.baseAjaxPromise(data, Recommendations.queriesUrl);
    };

    var getRecommendationsForUserPromise = function (user) {
        var data = {
            "user" : user
        };
        return _recommendationInner.baseAjaxPromise(data, Recommendations.queriesUrl);
    };

    var getRecommendationsPromise = function (user,contextProduct,category) {
        var fields = [];

        if (category) {
            fields.push({
                "name": "category",
                "values": [category],
                "bias": -1
            });
        }

        var data = {
            "user" : user,
            "item" :  contextProduct,
            "fields" : fields
        };
        return _recommendationInner.baseAjaxPromise(data, Recommendations.queriesUrl);
    };


    /** Events **/
    this.purchase = function (user,product,quantity,amount) {
        return purchaseProductPromise(user,product,quantity,amount)
            .then(nil => { return nil; })
            .catch(error => { throw error; });
    };

    this.viewProduct = function (user,product, isStrong = false) {
        return viewProductPromise(user, product, isStrong);
    };

    /** Queries **/
    this.getGeneralRecommendations = function (number) {
        return getGeneralRecommendationsPromise(number);
    };

    this.getRecommendationsForUser = function (user) {
        return getRecommendationsForUserPromise(user);
    };

    this.getRecommendations = function (user,contextProduct,category) {
        return getRecommendationsPromise(user,contextProduct,category);
    };

};

Mohamed Zouga

unread,
Apr 10, 2017, 8:43:59 AM4/10/17
to Gustavo Frederico, us...@predictionio.incubator.apache.org, Marius Rabenarivo, actionml-user
This code seems as a good start indeed, is this somewhere on GitHub ? so i could put some additional stuff or even some modifications !

--
You received this message because you are subscribed to the Google Groups "actionml-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email to actionml-user+unsubscribe@googlegroups.com.
To post to this group, send email to action...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/actionml-user/CAGRFSSOcpSctEN5up894VAbG_qorUOpUFE5FtA9ZTLFMdyXwGA%40mail.gmail.com.

For more options, visit https://groups.google.com/d/optout.

Pat Ferrel

unread,
Apr 10, 2017, 11:13:26 AM4/10/17
to Mohamed Zouga, Gustavo Frederico, us...@predictionio.incubator.apache.org, Marius Rabenarivo, actionml-user
using Javascript from the client is a problem because you will make it possible for some malicious agent to see your access key by examining your client code. Although PIO support SSL it does not have an authentication mechanism so a malicious agent could use this access key to screw up your data.

It is only safe to have PredictionIO accessed from a trusted application server, not a client. So though there may be android (Java), iOS, and Javascript SDKs please be aware of the security implications of connecting from mobile devices or browsers.



To unsubscribe from this group and stop receiving emails from it, send an email to actionml-use...@googlegroups.com.

To post to this group, send email to action...@googlegroups.com.

Donald Szeto

unread,
Apr 10, 2017, 11:32:52 AM4/10/17
to Mohamed Zouga, us...@predictionio.incubator.apache.org, Gustavo Frederico, Marius Rabenarivo, actionml-user
You can also create access keys for existing apps that have write permissions to certain event names only. It is useful for client side event collection, and is how some major analytics vendor JS SDKs limit client side keys from polluting your event log.

Please take a look at `pio help accesskey` for details.

To unsubscribe from this group and stop receiving emails from it, send an email to actionml-use...@googlegroups.com.
To post to this group, send email to action...@googlegroups.com.



--
Mohamed ZOUGA
Stagiaire Data Scientist, Wizaplace
https://www.linkedin.com/in/zouga-mohamed-44b02974/

--
You received this message because you are subscribed to the Google Groups "actionml-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email to actionml-use...@googlegroups.com.
To post to this group, send email to action...@googlegroups.com.

Pat Ferrel

unread,
Apr 10, 2017, 11:50:30 AM4/10/17
to Donald Szeto, Mohamed Zouga, us...@predictionio.incubator.apache.org, Gustavo Frederico, Marius Rabenarivo, actionml-user
Yes, this will limit what the malicious agent can do. They can only write certain spurious event types to your EventServer. So basically anything the client can write, a malicious agent can write. We rely on this being highly unlikely. It is a type of “security by obscurity”

When using PIO from an application server there is no way for a malicious agent to get your access key and the client does not need to provide it, only your app server. So I always recommend this approach where possible.


Gustavo Frederico

unread,
Apr 10, 2017, 11:55:57 AM4/10/17
to Pat Ferrel, Donald Szeto, Mohamed Zouga, us...@predictionio.incubator.apache.org, Marius Rabenarivo, actionml-user
I understand the concern. I suppose back-end integration will be more expensive in general, and that can also be taken into account. Chapter 25 of the Recommender System Handbook edited by Ricci, Rokach, Shapira and Kantor is about security. I didn't have a chance to read it yet.

Gustavo


On Mon, Apr 10, 2017 at 11:50 AM, Pat Ferrel <p...@occamsmachete.com> wrote:
Yes, this will limit what the malicious agent can do. They can only write certain spurious event types to your EventServer. So basically anything the client can write, a malicious agent can write. We rely on this being highly unlikely. It is a type of “security by obscurity”

When using PIO from an application server there is no way for a malicious agent to get your access key and the client does not need to provide it, only your app server. So I always recommend this approach where possible.

On Apr 10, 2017, at 8:32 AM, Donald Szeto <don...@apache.org> wrote:

You can also create access keys for existing apps that have write permissions to certain event names only. It is useful for client side event collection, and is how some major analytics vendor JS SDKs limit client side keys from polluting your event log.

Please take a look at `pio help accesskey` for details.
On Mon, Apr 10, 2017 at 8:13 AM Pat Ferrel <p...@occamsmachete.com> wrote:
using Javascript from the client is a problem because you will make it possible for some malicious agent to see your access key by examining your client code. Although PIO support SSL it does not have an authentication mechanism so a malicious agent could use this access key to screw up your data.

It is only safe to have PredictionIO accessed from a trusted application server, not a client. So though there may be android (Java), iOS, and Javascript SDKs please be aware of the security implications of connecting from mobile devices or browsers.



On Apr 10, 2017, at 5:43 AM, Mohamed Zouga <moh...@wizacha.com> wrote:

This code seems as a good start indeed, is this somewhere on GitHub ? so i could put some additional stuff or even some modifications !

2017-04-10 14:32 GMT+02:00 Gustavo Frederico <gustavo.frederico@thinkwrap.com>:
You can use this as a starting point.

Gustavo

[...] 
Reply all
Reply to author
Forward
0 new messages