Hacks
Mehul Patel,@rowdymehul
Reference : @f_jimenez
Let's introduce each other
my name is _ and I am fro_.
I am at #TRU and it feels _.
I like the language because of _.
About Me
Mehul Patel
* Engineer @ Zimbra
* Technical Evangelist
* Auth0 Ambassador
* Mozilla Reps Mentor
* CAC @ Mozilla
* GDG Nashik Organizer
* Rust Hacks @rusthack
@rowdymehul
Let's do a small activity together
WHAT
WHY
HOW
where are we with Rust?
by @linclark
2018-19
Rust is the Most Loved Language by Developers
friends of rust
Organizations running Rust in production.
WHAT
System programming language that has great control like C/C++, delivers productivity like in Python and is super safe
Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety.
Graydon Hoare's personal project started in 2005
-
Sponsored (not owned) by Mozilla since 2009
-
Rust 1.0 since May 2015
-
Current stable version 1.35
-
6 weeks release cycle
COMMUNITY
WHY
Must be this tall to write multi-threaded code
by David Baron
Why should one consider Rust?
-
State of art programming language
-
Solves a lot of common system programming bugs
-
Cargo: Rust Package manager
-
Improving your toolkit
-
Self-learning
-
It's FUN ...
the reason that I’ve looked into Rust at first.
-
Rust is new enough that you can write useful stuff that would have already existed in other languages
-
It gives a relatively familiar tool to the modern C++ developers, but in the much more consistent and reliable ways.
-
It is low-level enough that you take account of most resources.
-
It's more like C++ and
Go , less like Node and Ruby -
cargo is awesome. Managing crates just works as intended, which makes a whole lot of troubles you may have in other languages just vanish with a satisfying poof.
my own definition: Rust
Rust is a good choice when you’d choose C++. You can also say, “Rust is a systems programming language that pursuing the trifecta: safe, concurrent, and fast.” I would say, Rust is an ownership-oriented programming language.
Just follow these rules perfectly,
you’re smart.
C/C++
Inspired by @qedunham
Wait a minute,
I’ll take care of it.
Java and others
Hack without fear!
Rust
Speed
Safety
PARALELLISM
Choose all three!
Zero-cost abstractions
-
Memory safety without garbage collector
-
Threads without data races
OWNERSHIP and Borrowing
Ownership
Mutable borrow
Immutable borrow
fn f(x: Type) {...}
fn f(x: &mut Type) {...}
fn f(x: &Type) {...}
- Total control
- read-write
- one at a time
- read-write
- Share as you like
- read-only
Inspired by Jeena Lee and @lastontheboat
HOW
ONLINE
RUSTUP
curl https://sh.rustup.rs -sSf | sh
Features of rustup tool
-> Update to latest version:
rustup update stable
-> Update the rustup tool to the latest version
rustup self update
-> Install the nightly toolkit version of the Rust compiler:
rustup install nightly
-> Change the default version of the Rust compiler to nightly version:
rustup default nightly
CARGO
TESTING
pub fn add_two(a: i32) -> i32 {
a + 2
}
#[test]
fn it_works() {
assert_eq!(add_two(2), 4);
}
IDE
RUSTLANG NURSERY
COMMUNITY CHANNELS
LEARN
Serverless Authentication with JWT
Agenda
1. Serverless
2. Authentication & Authorization
3. JWT
4. Deployment
Serverless
Serverless
What is Serverless?
Serverless, is an execution model where the cloud provider is responsible for executing a piece of code by dynamically allocating the resources. The code is typically run inside stateless containers that can be triggered by a variety of events including http requests, database events, queuing services, monitoring alerts, file uploads, scheduled events (cron jobs), etc. The code that is sent to the cloud provider for execution is usually in the form of a function. Hence serverless is sometimes referred to as “Functions as a Service” or “FaaS”.
Serverless
What is Serverless?
Serverless
What is Serverless?
Let me break it down!
Serverless
What is Serverless?
- Serverless is an execution model
- Cloud providers execute the code
- by allocating resources dynamically
- the code runs inside Stateless containers
- triggered by event( http request, cron job)
- code sent to cloud providers are in the form of functions
- hence "Function as a Service" or "Fass"
credits: DZone
credits: DZone
Serverless
Traditional Architecture
- we are charged for keeping the server up
even when we are not using
- responsible for uptime and maintenance of the server and all its resources.
- responsible for applying the appropriate security updates
- we need to manage scaling
Serverless
in Serverless?
Serverless
Why Serverless?
Just like wireless internet has wires somewhere, serverless architectures still have servers somewhere.
What ‘serverless’ really means is that, as a developer, you don’t have to think about those servers.
You just focus on code.
Serverless
Serverless Cloud Providers
Serverless
What you can do with serverless application
- Build APIs
- Data processing
- Custom automation
Serverless
Core Concepts
- Functions
- Services
- Events
Authentication & Authorization
Authentication & Authorization
Difference
Difference
Authentication & Authorization
Serverless
Authentication
Serverless Authentication
Authentication & Authorization
source: dadario.com.br
Serverless
Authorization
Serverless Authorization
Authentication & Authorization
source: dadario.com.br
JSON Web Token
JWT
What is JSON Web Tokens?
- A way to encode information
- Securely communicate JSON Objects
- Secret-based Verification
- Consists of a header, payload and signature
- Self-contained
JWT
JSON Web Token
JWT
The JWT Header
The header is a JSON Object usually consisting of the type( typ ) , which is JWT, and the algorithm used for encrypting the JWT (alg ):
{
"alg": "HS256",
"typ": "JWT"
}JWT
The JWT Payload
The Payload is a JSON object that consists of user defined attributes ( called public claims ) . Some attributes are defined in the standard ( these are called reserved claims ).
{
// reserved claim
"iss": "https://myapi.com",
// public claim
"user": "rowdymehul"
}JWT
The JWT Signature
The Signature is the encoded header and payload, signed with a secret.
HMACSHA256(
base64UrlEncode(header) + "." +
base64UrlEncode(payload),
secret
)
This accomplishes several tasks at once, including:
- Proves the identity of the sender
- Ensures the message has not changed
JWT
The JWT Token
A finished token looks like [encoded header].[encoded payload].[signature] :
JWT
The JWT Token
Authentication Flow
Image Source: StackOverflow
How an application uses JWT to verify the authenticity of a user.
Image source: medium.com
OAuth
OAuth 2.0
An open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords.
OAuth 2.0 roles
-
Resource Owner: the entity that can grant access to a protected resource. Typically this is the end-user.
-
Resource Server: the server hosting the protected resources. This is the API you want to access.
-
Client: the app requesting access to a protected resource on behalf of the Resource Owner.
- Authorization Server: the server that authenticates the Resource Owner, and issues Access Tokens after getting proper authorization. In this case, Auth0.
Protocol flow
Deployment
Demo
webtask.io
Demo
Demo
Demo
/**
* @tru context {WebtaskContext}
*/
module.exports = function(context, cb) {
cb(null, { hello: context.query.name || 'TRU , Open Source Club' });
};Resources
General JWT Resources
jwt.io
JWT Handbook
http://bit.ly/jwt-book
WebTask
webtask.io
Connect with me
facebook.com/therowdymehul
@rowdymehul
@rowdymehul
https://in.linkedin.com/in/rowdymehul
way2mehul@gmail.com
Source: giphy.com
THANK YOU!
