Month: 2020-03


mofas 16:13:17


Bringing full-stack to the JAMstack

An opinionated Javascript framework that combines React, GraphQL, Prisma2, SQL, and lots more out of the box.

👍 1
mofas 16:13:28
mofas 16:13:35
Sibce 16:25:31
@sibce002 has joined the channel


Ricky Chiang 15:46:27
@metavige_g0v has joined the channel


JiaPing 22:12:33
@jumpping4 has joined the channel


mofas 02:15:57
serie posts


mofas 02:17:19
The VB is dead, long live the VB.
mrorz 02:29:13
Visual basics ㄇ
jihchi 08:05:17
The npm Blog — Next Phase Montage

> npm, Inc., is being purchased by GitHub.
嘖嘖,OP 了

The npm Blog

Next Phase Montage

tl;dr -- Good news! npm, Inc., is being purchased by GitHub. The public registry remains public, free, and as available as ever. npm as you know it continues, and in fact, there is good reason to...

😮 1


ronnywang 21:42:07
我想要幫 加上 API ,讓大家都可以幫忙設計頁面,不過因為裡面也有使用者登入功能,為了防止會被人跨網域透過 API 做惡意行為,所以可能 API 我也要加驗證機制,OAuth 2.0 在這個情境下是適用的嗎?
kelvinho84 2020-03-20 09:48:53
是開放的人對你的API 做 OAuth ?
OAuth 應該是我這邊實作,想要用這個 API 在自己界面上開發東西的人要跟我這邊申請 OAuth 。這邊應該會有三個角色,一個是我 (線上揪松 API 提供服務) ,一個是開發者(想要自行開發界面的人),一個是使用者(任何一個 g0ver 想要參加線上大松的人)

要透過 OAuth 讓使用者可以授權給開發者,在開發者的界面上可以用到使用者登入後完整的功能
要做登入的話,其實 open-id connect 比較符合用途 (?)

其實也可以把整個 authentication 推出去變成一個 SaaS 如 keycloak 或 Auth0,登入是在 keycloak / auth0 上完成,然後你的 API 與第三方開發的介面都只是 client。

第三方開發的介面要把使用者導向到 keycloak / auth0 登入、取得 keycloak / auth0 發的 id token 之後,持該 id token 向你的 API 發 request;你的 API 只要驗證 signature 是否符合,以確定此 token 是由 keycloak / auth0 發送。
架一個 keycloak 的好處是,其他 g0v 服務也可以成為這個服務的 client,然後可以做 g0v single-sign-on⋯⋯ XD
keycloak 也可以當 identity broker,跟 Google, Facebook, Twitter, GitHub, LinkedIn, Microsoft and Stack Overflow 等 social identity provider 接起來~
(但 keycloak 沒有 slack,PR 被關了 GG / auth0 則有: )



mofas 13:58:09

CS253 - Web Security

Principles of web security. The fundamentals and state-of-the-art in web security. Attacks and countermeasures. Topics include: the browser security model, web app vulnerabilities, injection, denial-of-service, TLS attacks, privacy, fingerprinting, same-origin policy, cross site scripting, authentication, JavaScript security, emerging threats, defense-in-depth, and techniques for writing secure code. Course projects include writing security exploits, defending insecure web apps, and implementing emerging web standards.

👍 1


mehmetoguzderin 10:24:42
@mehmetoguzderin has joined the channel


tyl 23:09:48
@taiyinglee has joined the channel


mofas 00:57:24

Margin considered harmful

We should ban margin from our React components. Hear me out.