With the purpose of learning about endpoints I'm building an app called "Where Are You?". The app lets users request the location of other users. The idea is that it does so by letting the user select a contact, lookup the contact by phone number in my endpoint. If found it means that the contact have the app and GCM is sent requesting the location. If the contact isn't found a SMS is sent with an url which will request the location through a browser, perform a http post of said location and have the server GCM it back to the person requesting the location.
I need to authenticate users of the app and store phone numbers of several contacts as well as users of the app. As of now I'll mainly focus on the server side of things.
How can I archive the above in a safe manner?
So far I'm enabling OAuth 2.0 for my API and passing the user_required=True as argument to my Model.method decorator. Resulting in the following code:
from google.appengine.ext import endpoints
from google.appengine.ext import ndb
from protorpc import remote
from endpoints_proto_datastore.ndb import EndpointsModel
class User(EndpointsModel):
owner = ndb.UserProperty()
phone_number = ndb.StringProperty()
reg_id = ndb.StringProperty()
created = ndb.DateTimeProperty(auto_now_add=True)
@endpoints.api(name='whereareyoudroid', version='v1',
description='Where Are You Users')
class UserApi(remote.Service):
@User.method(user_required=True,
response_fields=('id',),
path='user')
def insert(self, user):
user.owner = endpoints.get_current_user()
user.put()
return user
@User.method(user_required=True,
request_fields=('id',),
path='user/{id}',
http_method='GET')
def get(self, user):
if not user.from_datastore:
raise endpoints.NotFoundException('User not found.')
return user
But the above code only requires a valid gmail account. I'm thinking something where you only can access a user if you already have the phone number? Which would be the case if I limit the response fields on the get method to exclude the phone number... unless someone decides to brute force the service. Suggestions? Comments?
From this I gather that I can configure my endpoint to only accept requests from my apps. Is that right? And if so, couldn't someone extract the need information from the apk or modify it to perform... evil? :)
Update:
A makes a request for B's location
Querys endpoint by phone number if not found simply send a request per SMS if found... go to 2.
Request is forwarded to GAE app
This is done by inserting a Location endpoint whoes id is a UUID and sends a GCM to B about the request
GAE app verifies that A's secret ID is on B's whitelist
There is no whitelist and the secret id is the UUID so this step is eliminated
The app then queries for B's location
If B decides to grant access to it's location B simply updates the Location endpoint based on the UUID
Once the app retrieves this information, it then verifies that it is only sending this information to the user identified by A's secret ID
When B updates it's location GAE sends a GCM to A informing about the update
The info is then sent securely to A's client
Done! GCM and SMS (and HTTPS) can be considered secure... right?
Update: GCM isn't secure... but does it really matter that much?