Code Chronicles (mostly)

I have been thinking a bit about git and the tools that help us with it.

Git is a super powerful tool, but with quite complicated ways of working.

And to most of the developers, the interface in the command line is hard.

That usually leads them to using some UI which claims to make things easier by abstracting details away (that is, the UI claims to do the magic).

I blog directly from Emacs (Org mode), using hugo-markdown export, and easy hugo.

Org mode capture allows me to directly write to my entries.org file, which I then export the usual way (C-c C-e), but into the markdown file in the posts folder in my hugo website.

And with easy-hugo, I just publish it. That’s it :)

What I shall not forget is giving a proper name in the entries.org so that all is kept in order.

#include <stdio.h>
int main() {
   printf("Hello World!\n");
   return 0;
}

– sillyfellow @ [2022-01-03 Mon 09:14]

• Do not use JWT (Just DON’T)
• Always have a sessions table
  • Which belongs to the USER
    • i.e., sessions table has a user_id column
  • Have access_token and refresh_token
    • ideally as varchar(256), not text
    • do not allow them to grow
    • security shall be mostly based on rotation, not purely on length
  • Must have access_token_expires_at and refresh_token_expires at columns (both datetime, and keep them as UTC)
    • make sure to have these columns calculated during the creation of the session. Do not think of doing “time-math” for calculating expiry.
      • Because, you may login with one server, but the next server you have the auth checked might have a different time stamp/zone
  • access/refresh tokens shall be unique
• From the above, it becomes possible to have multiple active sessions for one user.
  • If that is not desired, restrict that at code level, not at DB level
• Generate random strings for access token and refresh token
  • keep them URLsafe (you’ll thank me when you have a mobile app)
  • Keep them about 256 char long
    • no longer
    • no shorter
• Make access_expiry in a few minutes, and refresh_expiry in a few days
• Standard auth is having authorisation header
  • Authorisation: Bearer <access-token>
• Refresh token will require
  • Authorisation: Bearer <refresh-token>
• Deal with Auth always in a middleware and keep the logged in user, or the session found by looking up the access_token (or refresh_token) in the sessions table
• On refresh, delete the current session object, and create a new one with new
  • access_token, and new expiry in a few minutes
  • refresh_token, with new expiry in a few days
• Disallow refresh if the refresh token is already expired
• So, if a user logs in and is inactive for a few days, the refresh token expires, and they will have to login fresh again
• But as long as the user does a “refresh” before the refresh-token is expired, they will have sessions alive always.

2023

2023-08 August

2023-08-21 Monday

• PlantUML and GraphViz (DOT)

  • PlantUML

    It is a tool (Java library/package) that helps one to create UML diagrams with ease.

    For the full details of it, one should look at https://plantuml.com/.

    The basic idea is that you write the diagram you need in plain text, and then using java + plantuml.jar (downloaded from the website above), generate a nice diagram.

    Your steps

    1. Setup java on your machine