Categories
Software Development Web Development Web Security

Authentication vs Authorization what is the difference?

Authentication/Authorization these terms are often confused. Here I will clarify them.

Authentication — Login, proving who a user is one way or another. After a user is logged into a system a session cookie is usually created to re-authenticate the user so they don’t have to login every single page view.

Authorization — Can a user view or access something once Authenticated? Authorization includes things like administration panel access, viewing a users profile or post or media etc.

Categories
Resources Software Development

Ethereum Solidity programming links and resources.

Links and resources about Ethereum Solidity programming language.

Videos

Categories
Software Development Web Development

How to remove unused or broken docker container images.

Sometimes we make mistakes. When first learning docker we probably make many mistakes and end up with tons of unused docker images.

If you are on Linux like me, you won’t have a desktop dashboard like Mac and Windows get, so things are harder. To see a list of what images you have created you use the following command

docker ps -a

That command will output something like this.
It will show the CONTAINER ID, IMAGE, COMMAND etc. as you can see. To delete an image you use the container id with docker rm like this.

docker rm b5f8fae52bce

I’ve seen older internet posts using the IMAGE value but I had no success with that method. I am guessing something changed. I didn’t even see an example of this I just tried it. I don’t see any mention of this in the docs either. But it works. This part in the getting started intro actually explains it. I think something did change.

Docker container rm documentation.

Docker rm documentation.

Categories
Resources Software Development Web Development

HTTP headers and caching resources.

Resources all about HTTP headers and caching.

Caching tutorial -> great article to start with, explains all the basics of caching.

Hypertext Transfer Protocol (HTTP/1.1): Caching  rfc spec

Categories
Software Development Web Development Web Security

How to create ssh keys for admin user login without passwords

The idea is to have a way for an admins to SSH into a server without having to use passwords. This adds a level of security to your server setup. Without private keys you have to enter your user name and password. This can be less secure than generating SSH keys and adding your public key to SSH, plus with keys you don’t have to remember passwords.

First you need to generate the SSH keys. I prefer the ed25519 algorithm which is a newer one. You can get more info here.  

The code to create an ed25519 ssh key in the current users .ssh directory will look like this.


ssh-keygen -f ~/.ssh/key-name -t ed25519  

The -f flag tells ssh-keygen the name of the files you want to create. The above command would create key-name(private key) and key-name.pub(public) key, in the current users .ssh directory. The ~ is a Linux shortcut meaning /home/current_user/ so you don’t have to type all that.

The -t flag tells ssh-keygen what type of algorithm to use. If you don’t specify the -f flag and give the file a name, then both files are output in the current users .ssh directory as ed25519 and ed25519.pub

Categories
Software Development

Why doesn’t bash script recognize aliases

Here I won’t be doing much explaining, just listing links so people can read about this befuddling issue.

It often boggles my mind how differently you must write shell scripts vs the command line commands. It is often very inconsistent, I hate inconsistencies.

Basically Aliases within Linux shell are not recognized without some fancy hacky code, WOOHOO. So you will lose your mind if you are trying to set and use aliases in shell scripts.

You can set aliases all day long, but your scripts wont use them.

Yes you read that correctly. You can set aliases in your script, even right before you want to use it and Linux is like GTFO, I have no idea what that is. It even fails without a notice/error most times. What you can do is set a normal variable and use it in place of an alias though.

Say you had a script named do-this-thing.sh  and it was located deep in a directory like /etc/directory/directory/directory/directory/do-echo “$yarnBin” > /etc/profile.d/server-alias.shthis-thing.sh
You could do the following in BASH


not_alias=/etc/directory/directory/directory/directory/do-this-thing.shalias not working inside bash shell script

bash not_alias

The above would execute the do-this-thing.sh file. You can also permanently set aliases in your Shell script. This is handy even if you can’t use the aliases in your script directly, you can use them in the terminal command line later.

To permanently set aliases alias when not working inside bash shell script place them in your .bashrc file for the user you are logged in   This is usually located in /home/username/.bashrc  or you can put it in the user profile .profile file or other places.
How you do this varies by Linux shell.

Links to more info

Why doesn’t my Bash script recognize aliases?

Alias not working inside bash shell script

Creating permanent executable aliases

How to create permanent Linux Aliases

How to create a permanent Bash alias on Linux/Unix 

Categories
Resources Software Development Web Security

Stupid linux issues.

This is my collection of stupid.

Top of the list Debian/Ubuntu removes apt-key support and doesn’t tell anyone they did it, doesn’t give anyone a single hint as to what to do. No just remove/deprecate shit and don’t tell a single soul on earth. This kind of stupid makes me want to leave the industry entirely. I get so tired of messed up  and undocumented shit that wastes hours and hours and hours of my time. Someone needs kicked for this.

More info and links about the above issue or removing apt-key support. Yarn suggests using apt-key so this means hundreds of millions of people are having this issue or will or could.
Even more info about the stupid ideas from above.

Categories
Software Development Web Development

Where does symfony php framework hide the errors?

I kept saying this over and over and looking everywhere for answers. I finally found this page through googling tons of terms and combos until I found it. I kept thinking my errors would be in the logs I set in my Nginx configs, or even in my PHP configs. But they were continually empty, I was going insane. I seriously blew up on twitter.

BLOWING UP

I thought Symfony was simply suppressing or not passing the errors to Nginx. So the logs are located at the place in the link above from documentation and not in the location you set in the Nginx configs or PHP configs.

By default, log entries are written to the var/log/dev.log file when you’re in the dev environment. In the prod environment, logs are written to var/log/prod.log

What made this confusing was, the docs don’t have a logical link flow when you are reading them trying to learn Symfony. You later find the SymfonyCasts which are better. But what makes it  most confusing is in the docs about configuring Nginx, it even shows the following.

    error_log /var/log/nginx/project_error.log;
    access_log /var/log/nginx/project_access.log;

To me this was showing how to set the error log. This does nothing by the way, not unless nginx itself has an error I guess.

For months I’ve wondered WTF, where are my error logs. I kept putting my app in dev mode so I could debug it via the browser.

Don’t do that!!!!!

To be honest getting Symfony working with Nginx is a pain in the ballsocks. The reason is, Nginx doesn’t pass environmental variables through to php scripts like Apache does/can. If you want that kind of fancy feature you must hack nginx up and use some perl script or something similar. Otherwise with Nginx you must set the environment variables twice, once in nginx and once in shell.

Why would you do that?

Why two locations? Yeah this really angered me and blew my mind at first too. As mentioned above Nginx doesn’t have any easy way to pass the environment variables you set at the Linux server level. This is important with Symfony because you often need to run things like Doctrine on the command line.

So I was setting my Nginx Environmental variables, the app would see them just fine. I’d go to run doctrine or tests and BOOM missing environmental variables like WTF? Or I would set them in the Linux environment, view them with printenv load the app in the browser and Nginx didn’t pass the values to my script. It took a lot of googling to figure that out with lots of trial and failure. To make matters worse, you have to change the environmental variable names in order to run tests so that symfony loads them, otherwise it hides the values.

WTF is happening?

I then found out through experimenting that you had to set the variables for the command line in the Linux environment too. How to permanently set Linux environmental variablees covers how to do that. It’s easier to just Bash script or ansible the entire process with Hashicorp packer than to try to manually maintain it all, setting vars in two different places etc.

So for months I’ve been going insane trying to find my error logs. Today I found the error logs.

Problem solved

 

Categories
Software Development Web Development

How to switch users in Linux Bash Shell script and execute multiple commands as different user

If you search you will find different answers to this. You can do this in multiple ways, here I will talk about 2 ways, single command and multiple commands.

First the idea is to switch from say root user to a named user you created or was created for you on your Linux server to run commands as not the root user. The reason you want to do this is so that everything isn’t owned by the root user. Or you are installing something like PHP Composer which barfs on you if you run it as root user.

You will see some saying to use su others saying to use sudo (some bs options etc.) You will also see really wrong answers on Stack. I have no idea why you would use sudo over su, you can google that. But I do know that su switches users. Here is an article goes into more detail of su vs sudo and when you use both.

Single command syntax

So the first way is to run a single command directly inline. If you are the root user you simply use su The syntax to do so is as follows:


su - username "commandToExecute [command options and arguments]"

It has been my experience that the Double ” Quotes are required or else the shell gets confused. You may be able to use single quotes if you don’t use any variables within the quotes.

Multiple commands syntax

To more easily issue multiple commands or long commands you need to use Linux heredoc syntax.
Heredoc uses <


su - $username <<SHT
     cd $serverDir
     php $composerFile install
SHT

Like I said you can use any Delimiter you want. It is tradition to use all caps for the word, it makes it easier to spot. The ending word (EOF here) has to have no spaces or words before it. You can list any number of commands within that syntax and all will be executed by the user.

NOTE: After the ending EOF the shell returns the user to whatever user you were/are logged in as before the lines of code. If you are logged in as root, you are returned to root. Also when you issue the su command you are moved out of the directory you are in. That is why I used cd to move back to the directory I needed to be in.

More links

More info about changing users on stack here.

Here is a link to heredoc syntax explanation and examples

More information and examples about heredoc in bash

Bash how write large amounts of text to a file

Categories
Software Development Web Development

What does prototypical Javascript look like?

Way back before modern times, like 10 years ago. Javascript had a much funkier way of defining objects. It was called prototypical inheritance. This is still how Javascript works, the classes, modules etc. were all recent additions to the language to make it easier to work with. It is not a very fun way to program because it is like looking at a GIANT JSON more than a class with methods.

So what did/does prototype inheritance look like? Well this…



function JsCollection() {
    this.jsObject = new Object();

}
JsCollection.prototype = {
    constructor: JsCollection,
    addNamedProperty: function (property, value) {
        // only add the property if it doesn't exist, return true if it was created
        //return false if it was not, to allow for testing before adding a new property
        var returnBool = false;
        if (!this.jsObject.hasOwnProperty(property)) {
            returnBool = true;
            this.jsObject[property] = value;
        }
        return returnBool;
    },
    getElementCount: function () {
        var elementCount = 0;
        //loop through the object and add to the count
        for (var elem in this.jsObject) {
            //only add to the value if it is part of collection
            //https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Working_with_Objects
            if(this.jsObject.hasOwnProperty(elem)){
                     elementCount++;
            }
           
        }
        return elementCount;
    },
    getElementValue: function (property) {
        var returnProp = null;

        if (this.jsObject.hasOwnProperty(property)) {

            returnProp = this.jsObject[property];
        }
        return returnProp;
    },
    removeNamedProperty: function (property) {

        if (this.jsObject.hasOwnProperty(property)) {
            delete this.jsObject[property];
        }
    },
    changePropertyValue: function (property, value) {

        if (this.jsObject.hasOwnProperty(property)) {
            this.jsObject[property] = value;
        }
    },
    getAllNamedProperties: function () {
        return this.jsObject;
    },
    namedPropertyExists: function (property) {
        var propExists = false;
        if (this.jsObject.hasOwnProperty(property)) {
            propExists = true;
        }
        return propExists;
    }
};

//var objProps = obj1.getAllNamedProperties();
// how to loop through object properties 
//for(var prop in objProps){
//    console.log("Property is " + prop + ' Property value is ' + objProps[prop]);
//}

As you can see this is an object with functions in old fashioned Javascript syntax. This was too confusing of a syntax for most people, plus you had to learn the inner workings of Javascript and how prototypical inheritance works.

I won’t try  to explain it here as it is pretty complicated to wrap your head around. Some videos may help better than an article.