netsh interface portproxy add v4tov4 listenport=8443 listenaddress=0.0.0.0 connectport=8443 connectaddress=172.25.104.186 netsh interface portproxy show v4tov4
01 January 2024
Port-forwarding from Host to WSL:
netsh interface portproxy add v4tov4 listenport=8443 listenaddress=0.0.0.0 connectport=8443 connectaddress=172.25.104.186 netsh interface portproxy show v4tov4
Auto-explain of query plans on Postgres logs.
LOAD 'auto_explain'; SET auto_explain.log_min_duration = '0.1ms'; SET auto_explain.log_analyze = true;
# Run tests jmeter.sh -Jthreads=1000 -n -l result.jtl -t testplan.jmx # Generate repo from test results jmeter.sh -Jjmeter.reportgenerator.overall_granularity=1000 -g result.jtl -o report
In the test plan specify the number of threads as ${__P(threads,10)} to be able to pass it on the CLI.
Ctrl+B: Show/Hide sidebar
Ctrl+Shift+E: Go to explorer view
Ctrl+Shift+F: Find View
Ctrl+K Z: Zen mode
Ctrl+PageUp/Down: Tab-left/right / Also cycle terminals
Ctrl+K W: Close all tabs
Ctrl+Up/Down: Focus terminal/other
Ctrl+Shift+Q: Maximize Window
Shift+F12: Find usages
Ctrl+D: Edit all occurences
F2: Change name of variable
Alt+Down: Move line down
Alt+Shift+Down: Duplicate line below
npm create vite@latest my-lit-app -- --template lit
export BUCKET_NAME=my-bucket
aws s3api create-bucket --bucket $BUCKET_NAME --create-bucket-configuration LocationConstraint=eu-central-1
aws s3api delete-bucket-ownership-controls --bucket $BUCKET_NAME
aws s3api delete-public-access-block --bucket $BUCKET_NAME
echo '{"Version":"2012-10-17","Statement":[{"Sid": "PublicReadGetObject","Effect": "Allow","Principal": "*","Action": "s3:GetObject","Resource": "arn:aws:s3:::'${BUCKET_NAME}'/*"}]}' > policy_s3.json
aws s3api put-bucket-policy --bucket $BUCKET_NAME --policy file://policy_s3.json
echo "<html><head><title>Hello World!</title></head><body>Hello World!</body></html>" > index.html
aws s3 cp index.html s3://$BUCKET_NAME
aws s3 website s3://$BUCKET_NAME --index-document index.html
# no need to provide index.html
curl http://$BUCKET_NAME.s3-website.eu-central-1.amazonaws.com
# needs index.html
curl https://s3-eu-central-1.amazonaws.com/$BUCKET_NAME/index.html
Bucket name needs to be CNAME if you want to use custom domain.
Delete the bucket:
aws s3 rm s3://$BUCKET_NAME --recursive aws s3api delete-bucket --bucket $BUCKET_NAME
Great overall resource for Dev UI: https://quarkus.io/guides/dev-ui
Opening IDE:
https://github.com/quarkusio/quarkus/tree/8fc3e7cad51664070de784864bb18caf1d6b248b/extensions/vertx-http/dev-ui-resources/src/main/resources/dev-ui/controller https://github.com/quarkusio/quarkus/blob/7cdfd744b65d703aa5b50040ae2c9963bd01bc4d/extensions/vertx-http/deployment/src/main/java/io/quarkus/devui/deployment/ide/IdeProcessor.java#L48 https://github.com/quarkusio/quarkus/blob/main/core/deployment/src/main/java/io/quarkus/deployment/ide/Ide.java#L32
Implicit flow is deprected. Use Authorization Code Flow. Returning token in redirect url, exposes it to browser history etc.. Duing explicit call is using backchannel and not exposing it that easily. But still, is in browser and thus inherently exposed to code injection attacks that could gain access to the tokens still.
same site policy in browsers secures against CSRF. But site is only *.google.com. Not subdomain, not port.
origin is protocol + dns-name + port. Site is less strict
access code is still exposed to browser but not issue because BFF will do the token exchange (exchange code for token).
access code is short lived and usually only valid for seconds and single use.
BFF can use a client secret. So, even if code is leaked, you cannot exchange it for a token if you dont have the client secret
BFF should implement, login, logout, user
IdPs have backchannel notifications to BFF. BFF can send notification (e.g websocket) to the SPA then. If this is not available → UI needs to poll
Can we implemnt this pattern in AWS Lambda? We can have cookies in lambda. We cannot have server-side session. Put all tokens in the cookie and encrypt!?