Hacks

Mehul Patel,@rowdymehul

*

Reference : @f_jimenez

Let's introduce each other

my name is _ and I am fro_.

I am at #TRU and it feels _.

I like the language because of _.

About Me

Mehul Patel

* Engineer @ Zimbra

* Technical Evangelist

* Auth0 Ambassador

* Mozilla Reps Mentor
* CAC @ Mozilla

* GDG Nashik Organizer

* Rust Hacks @rusthack

 

 

@rowdymehul

 

Let's do a small activity together

WHAT
WHY
HOW

where are we with Rust?

2018-19

Rust is the Most Loved Language by Developers

friends of rust

Organizations running Rust in production.

(https://www.rust-lang.org/en-US/friends.html)

WHAT

System programming language that has great control like C/C++, delivers productivity like in Python and is super safe

Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety.

Graydon Hoare's personal project started in 2005

-

Sponsored (not owned) by Mozilla since 2009

-

Rust 1.0 since May 2015

-

Current stable version 1.35

-

6 weeks release cycle

COMMUNITY

WHY

Must be this tall to write multi-threaded code

Why should one consider Rust?

  • State of art programming language

  • Solves a lot of common system programming bugs

  • Cargo: Rust Package manager

  • Improving your toolkit

  • Self-learning

  • It's FUN ...

the reason that I’ve looked into Rust at first.

  • Rust is new enough that you can write useful stuff that would have already existed in other languages

  • It gives a relatively familiar tool to the modern C++ developers, but in the much more consistent and reliable ways.

  • It is low-level enough that you take account of most resources.

  • It's more like C++ and Go, less like Node and Ruby

  • cargo is awesome. Managing crates just works as intended, which makes a whole lot of troubles you may have in other languages just vanish with a satisfying poof.

my own definition: Rust

Rust is a good choice when you’d choose C++. You can also say, “Rust is a systems programming language that pursuing the trifecta: safe, concurrent, and fast.” I would say, Rust is an ownership-oriented programming language.

Just follow these rules perfectly,

you’re smart.

C/C++

Inspired by @qedunham

Wait a minute,

I’ll take care of it.

Java and others

Hack without fear!

Rust

Speed
Safety
PARALELLISM

Choose all three!

Zero-cost abstractions

-

Memory safety without garbage collector

-

Threads without data races

OWNERSHIP and Borrowing

Ownership

Mutable borrow

Immutable borrow

fn f(x: Type) {...}
fn f(x: &mut Type) {...}
fn f(x: &Type) {...}
  • Total control
  • read-write
  • one at a time
  • read-write
  • Share as you like
  • read-only

Inspired by Jeena Lee and @lastontheboat 

HOW

ONLINE

RUSTUP

curl https://sh.rustup.rs -sSf | sh

Features of rustup tool

-> Update to latest version:

rustup update stable

-> Update the rustup tool to the latest version

rustup self update

-> Install the nightly toolkit version of the Rust compiler:

rustup install nightly

-> Change the default version of the Rust compiler to nightly version:

rustup default nightly

CARGO

TESTING

pub fn add_two(a: i32) -> i32 {
    a + 2
}
#[test]
fn it_works() {
    assert_eq!(add_two(2), 4);
}

IDE

RUSTLANG NURSERY

COMMUNITY CHANNELS

Users discourse forum

Internals discourse forum

r/rust on Reddit

Rust StackOverflow tag

#rust-beginners

LEARN

Serverless Authentication with JWT

Agenda

1. Serverless

2. Authentication & Authorization

3. JWT

4. Deployment

Serverless

Serverless

What is Serverless?

Serverless, is an execution model where the cloud provider is responsible for executing a piece of code by dynamically allocating the resources. The code is typically run inside stateless containers that can be triggered by a variety of events including http requests, database events, queuing services, monitoring alerts, file uploads, scheduled events (cron jobs), etc. The code that is sent to the cloud provider for execution is usually in the form of a function. Hence serverless is sometimes referred to as “Functions as a Service” or “FaaS”.

Serverless

What is Serverless?

Serverless

What is Serverless?

Let me break it down!

Serverless

What is Serverless?

- Serverless is an execution model

- Cloud providers execute the code

- by allocating resources dynamically

- the code runs inside Stateless containers

- triggered by event(  http request, cron job)

- code sent to cloud providers are in the form of functions

- hence "Function as a Service" or "Fass"

credits: DZone

credits: DZone

Serverless

Traditional Architecture

- we are charged for keeping the server up

   even when we are not using

- responsible for uptime and maintenance of the server and all its resources.

- responsible for applying the appropriate security updates

- we need to manage scaling

Serverless

in Serverless?

Serverless

Why Serverless?

Just like wireless internet has wires somewhere, serverless architectures still have servers somewhere.

What ‘serverless’ really means is that, as a developer, you don’t have to think about those servers.

You just focus on code.

Serverless

Serverless Cloud Providers

Serverless

What you can do with serverless application

- Build APIs

- Data processing

- Custom automation

Serverless

Core Concepts

- Functions

- Services

- Events

Authentication & Authorization

Authentication & Authorization

Difference

Difference

Authentication & Authorization

Serverless

Authentication

 Serverless Authentication

Authentication & Authorization

source: dadario.com.br

Serverless

Authorization

 Serverless Authorization

Authentication & Authorization

source: dadario.com.br

JSON Web Token

JWT

What is JSON Web Tokens?

- A way to encode information

- Securely communicate JSON Objects

- Secret-based Verification

- Consists of a header, payload and signature

- Self-contained

JWT

JSON Web Token

JWT

The JWT Header

The header is a JSON Object usually consisting of the type( typ ) , which is JWT, and the algorithm used for encrypting the JWT (alg ):

{
  "alg": "HS256",
  "typ": "JWT"
}

JWT

The JWT Payload

The Payload is a JSON object that consists of user defined attributes ( called public claims ) . Some attributes are defined in the standard ( these are called reserved claims ).

{
    // reserved claim
    "iss": "https://myapi.com", 
    // public claim
    "user": "rowdymehul" 
}

JWT

The JWT Signature

The Signature is the encoded header and payload, signed with a secret.

HMACSHA256(
  base64UrlEncode(header) + "." +
  base64UrlEncode(payload),
  secret
)

This accomplishes several tasks at once, including:

  • Proves the identity of the sender
  • Ensures the message has not changed

JWT

The JWT Token

A finished token looks like [encoded header].[encoded payload].[signature] :

JWT

The JWT Token

Authentication Flow

Image Source: StackOverflow

How an application uses JWT to verify the authenticity of a user.

Image source: medium.com

OAuth

OAuth 2.0

An open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords.

OAuth 2.0 roles

 

 

 

  • Resource Owner: the entity that can grant access to a protected resource. Typically this is the end-user.

  • Resource Server: the server hosting the protected resources. This is the API you want to access.

  • Client: the app requesting access to a protected resource on behalf of the Resource Owner.

  • Authorization Server: the server that authenticates the Resource Owner, and issues Access Tokens after getting proper authorization. In this case, Auth0.

 

Protocol flow

Deployment

Demo

webtask.io

Demo

Demo

Demo

/**
* @tru context {WebtaskContext}
*/
module.exports = function(context, cb) {
  cb(null, { hello: context.query.name || 'TRU , Open Source Club' });
};

Resources

General JWT Resources

jwt.io 

JWT Handbook

http://bit.ly/jwt-book

WebTask

webtask.io 

Connect with me

Facebook

facebook.com/therowdymehul

Twitter

@rowdymehul

Instagram

@rowdymehul

LinkedIn

https://in.linkedin.com/in/rowdymehul

E-mail

way2mehul@gmail.com

Source: giphy.com

THANK YOU!

TRU_OpensoureClub

By Mehul Patel

TRU_OpensoureClub

Rust Programming workshop for beginners. #rusthacks #rustlang Also, adding the serverless authentication with JWT

  • 628