This is an open web app that provides you with a virtual private yacht. Set sail!
This is a demo of how to create a paid app for the Firefox Marketplace and how to use the JavaScript receipt checking library to verify the receipt. Check out the receipt verifier library for more info on how to use it. This app invokes the library in www/js/app.js. This same JavaScript library can also be used server side via NodeJS. See below for instructions on how to set that up.
The app is hosted right here on github pages (see manifest.webapp) but you must pay for it on the Firefox Marketplace dev site (no real money is used on the dev site). In order to actually make a payment on the dev server you have to apply some webpay settings to your B2G device.
In a popular paid app you'd probably want to use a server side receipt checker.
In the Dev section below you'll find instructions for how to verify the receipts
in NodeJS from this repository.
There is also a
Python library.
If you aren't using server side receipt checking
an attacker can run your app in an apps-enabled browser
(such as the nightly build of Firefox) and fiddle with the JavaScript
using the console to gain access to the app. This would be harder to do
on Android, a B2G phone, or similar open web device.
For full protection, you'd want to define installs_allowed_from
in server.js
which will limit which stores can claim to issue a receipt for your
app.
There is an open bug (770666)
that will make the server whitelist more effective when fixed.
First, make sure you clone the repo with all submodules:
git clone --recursive git://github.com/kumar303/yacht.git
If you want to install the app to github pages, you can deploy it easily using volo. Install the executable:
npm install -g volo
Build the app like:
volo build
Deploy it to github pages like:
volo ghdeploy
This just automates the process of copying all your static files to the gh-pages branch and pushing to github. You could also do that manually without volo.
You can run the Private Yacht app from NodeJS to boost security with server side receipt checks.
Set up your node environment:
npm install
Start the dev server like this:
npm start
Now you'll see the app running at http://localhost:3000/ and you can find the manifest at http://localhost:3000/yacht/manifest.webapp.
The Private Yacht was built with Mortar.
"Mortar" is a code name for an Open Web App Bootstrap. This project aims to make it easy and quick to start writing Open Wep Apps.
It's a combination of HTML5 tricks (HTML/CSS), js libraries, and a little bit of management commands that make it really easy to write and deploy apps.
This should just be a template: you should download this and hack it up to be whatever you like. You can delete or add as much stuff as you want.
View the official site here.
This is a fork from the html5boilerplate project, and many of the HTML5 tricks come from there, so the appropriate authors deserve credit for those.
We don't need to target older browsers, however, so a bunch of IE 6/7 stuff has been removed and we've added things like marketplace libraries, require.js, and volo. Any of those things can be simply ignored though.
h1. Back-end server
This is just a front-end template, but you'll most likely need to set up a server for your app. I highly recommend the server-configs project from the h5b crew which provides really helpful templates for server configurations. That should help you get set up quickly.
Apache's .htaccess
file is already included here since that's the most popular.