投稿時間:2022-12-04 18:08:09 RSSフィード2022-12-04 18:00 分まとめ(11件)
| カテゴリー等 | サイト名等 | 記事タイトル・トレンドワード等 | リンクURL | 頻出ワード・要約等/検索ボリューム | 登録日 |
|---|---|---|---|---|---|
| python | Pythonタグが付けられた新着投稿 - Qiita | [AWS] Pythonを使ってAWSの不安(コスト)を取り除く!! | https://qiita.com/yukiaprogramming/items/00c8ea29bcddad841834 | awspython | 2022-12-04 17:40:06 |
| python | Pythonタグが付けられた新着投稿 - Qiita | pythonの浮動小数点について(備忘録) | https://qiita.com/1023shogo2013/items/456391cf028c31255f6b | gtgtgtgtgtgtgtgtgt | 2022-12-04 17:11:24 |
| Ruby | Rubyタグが付けられた新着投稿 - Qiita | Rails 7にOmniAuthでTwitterログイン機能を搭載 | https://qiita.com/kaorumori/items/449c0eef54d46bafeb74 | omniauth | 2022-12-04 18:00:03 |
| Ruby | Rubyタグが付けられた新着投稿 - Qiita | 【Ruby】Fizzbuzzプログラムを作成しよう! | https://qiita.com/so__hei__/items/4f58abfc5ca061659e24 | fizzbuzz | 2022-12-04 17:26:54 |
| AWS | AWSタグが付けられた新着投稿 - Qiita | [AWS] Pythonを使ってAWSの不安(コスト)を取り除く!! | https://qiita.com/yukiaprogramming/items/00c8ea29bcddad841834 | awspython | 2022-12-04 17:40:06 |
| Docker | dockerタグが付けられた新着投稿 - Qiita | 形態素解析ツールMecabをNode + Typescriptで実装してみた | https://qiita.com/yaki-sa/items/c2bad44f3e94f71c093c | mecab | 2022-12-04 17:19:57 |
| Ruby | Railsタグが付けられた新着投稿 - Qiita | Rails 7にOmniAuthでTwitterログイン機能を搭載 | https://qiita.com/kaorumori/items/449c0eef54d46bafeb74 | omniauth | 2022-12-04 18:00:03 |
| 技術ブログ | Developers.IO | [レポート]Get the most out of your data with ML-powered search #AIM304 #reinvent | https://dev.classmethod.jp/articles/reinvent-report-aim304/ | hemostoutofyourdatawith | 2022-12-04 08:47:49 |
| 技術ブログ | Developers.IO | [レポート] COP201 How Discovery increased operational efficiency with AWS observability #reinvent #reinvent2022 | https://dev.classmethod.jp/articles/cop201-how-discovery-increased-operational-efficiency-with-aws-observability-reinvent-reinvent2022/ | howdiscoveryin | 2022-12-04 08:42:12 |
| 海外TECH | DEV Community | Golang CSRF Defense in Practice | https://dev.to/llance_24/golang-csrf-defense-in-practice-10k | Golang CSRF Defense in Practice HertzHertz is an ultra large scale enterprise level microservice HTTP framework featuring high ease of use easy expansion and low latency etc Hertz uses the self developed high performance network library Netpoll by default In some special scenarios Hertz has certain advantages in QPS and latency compared to go net In internal practice some typical services such as services with a high proportion of frameworks gateways and other services after migrating Hertz compared to the Gin framework the resource usage is significantly reduced CPU usage is reduced by with the size of the traffic For more details see cloudwego hertz CSRFCross site request forgery English Cross site request forgery also known as one click attack or session riding usually abbreviated as CSRF or XSRF is an attack method that coerces users to perform unintended operations on the currently logged in web application Compared with cross site scripting XSS XSS utilizes the user s trust in the specified website and CSRF utilizes the website s trust in the user s web browser Hertz CSRF in actionUsing a reverse proxy in Hertz requires pulling the CSRF extension provided by the community go get github com hertz contrib csrf Basic usepackage mainimport context github com cloudwego hertz pkg app github com cloudwego hertz pkg app server github com hertz contrib csrf github com hertz contrib sessions github com hertz contrib sessions cookie func main h server Default store cookie NewStore byte secret h Use sessions Sessions session store h Use csrf New h GET protected func c context Context ctx app RequestContext ctx String csrf GetToken ctx h POST protected func c context Context ctx app RequestContext ctx String CSRF token is valid h Spin First we call sessions to expand and customize a session for testing because subsequent tokens are generated through sessions Then use the CSRF middleware directly We register two routes for testing first use the GET method to call the GetToken function to obtain the token generated by the CSRF middleware Since we did not customize the KeyLookup option the default value is header X CSRF TOKEN we put the obtained token into the header whose Key is X CSRF TOKEN if If the token is invalid or the Key value is set incorrectly calling ErrorFunc will return an error Test curl protectedUMhM eqBCYjeuZOo wJsQhbKLQUpcRlYQnYagT curl X POST protected H X CSRF TOKEN UMhM eqBCYjeuZOo wJsQhbKLQUpcRlYQnYagT CSRF token is valid Custom configurationConfiguration ItemDefaultDescriptionSecret csrfSecret Used to generate tokens required configuration IgnoreMethods GET HEAD OPTIONS TRACE Ignored methods will be treated as not requiring CSRF protectionNextnilNext defines a function that when true skips the CSRF middleware KeyLookupheader X CSRF TOKENKeyLookup is a string of the form used to create an Extractor that extracts the token from the request ErrorFuncfunc ctx context Context c app RequestContext panic c Errors Last ErrorFunc is executed when app HandlerFunc returns an errorExtractorCreated based on KeyLookupExtractor returns csrf token If set it will be used instead of KeyLookup based Extractor WithSecretpackage mainimport context github com cloudwego hertz pkg app github com cloudwego hertz pkg app server github com hertz contrib csrf github com hertz contrib sessions github com hertz contrib sessions cookie func main h server Default store cookie NewStore byte store h Use sessions Sessions csrf session store h Use csrf New csrf WithSecret your secret h GET protected func c context Context ctx app RequestContext ctx String csrf GetToken ctx h POST protected func c context Context ctx app RequestContext ctx String CSRF token is valid h Spin WithSecret is used to help users set a custom secret for issuing tokens The security of token generation can be improved by customizing the secret WithIgnoredMethodspackage mainimport context github com cloudwego hertz pkg app github com cloudwego hertz pkg app server github com hertz contrib csrf github com hertz contrib sessions github com hertz contrib sessions cookie func main h server Default store cookie NewStore byte secret h Use sessions Sessions session store h Use csrf New csrf WithIgnoredMethods string GET HEAD TRACE h GET protected func c context Context ctx app RequestContext ctx String csrf GetToken ctx h OPTIONS protected func c context Context ctx app RequestContext ctx String success h Spin In RFC GET HEAD OPTIONS and TRACE methods are recognized as safe methods so CSRF middleware is not used in these four methods by default If you have other requirements during use you can configure the ignored method In the above code the ignore of the OPTIONS method is canceled so direct access to this interface through the OPTIONS method is not allowed WithErrorFuncpackage mainimport context fmt net http github com cloudwego hertz pkg app github com cloudwego hertz pkg app server github com hertz contrib csrf github com hertz contrib sessions github com hertz contrib sessions cookie func myErrFunc c context Context ctx app RequestContext if ctx Errors Last nil fmt Errorf myErrFunc called when no error occurs ctx AbortWithMsg ctx Errors Last Error http StatusBadRequest func main h server Default store cookie NewStore byte store h Use sessions Sessions csrf session store h Use csrf New csrf WithErrorFunc myErrFunc h GET protected func c context Context ctx app RequestContext ctx String csrf GetToken ctx h POST protected func c context Context ctx app RequestContext ctx String CSRF token is valid h Spin The middleware provides WithErrorFunc to facilitate user defined error handling logic This configuration can be used when users need to have their own error handling logic When an error occurs after configuration it will enter the logic of its own configuration WithKeyLookuppackage mainimport context github com cloudwego hertz pkg app github com cloudwego hertz pkg app server github com hertz contrib csrf github com hertz contrib sessions github com hertz contrib sessions cookie func main h server Default store cookie NewStore byte store h Use sessions Sessions csrf session store h Use csrf New csrf WithKeyLookUp form csrf h GET protected func c context Context ctx app RequestContext ctx String csrf GetToken ctx h POST protected func c context Context ctx app RequestContext ctx String CSRF token is valid h Spin CSRF middleware provides WithKeyLookUp to help users set keyLookup The middleware will extract the token from the source supported sources include header param query form The format is lt source gt lt key gt and the default value is header X CSRF TOKEN WithNextpackage mainimport context github com cloudwego hertz pkg app github com cloudwego hertz pkg app server github com hertz contrib csrf github com hertz contrib sessions github com hertz contrib sessions cookie func isPostMethod context Context ctx app RequestContext bool if string ctx Method POST return true else return false func main h server Default store cookie NewStore byte store h Use sessions Sessions csrf session store skip csrf middleware when request method is post h Use csrf New csrf WithNext isPostMethod h POST protected func c context Context ctx app RequestContext ctx String success even no csrf token in header h Spin When using this configuration the use of this middleware can be skipped under certain conditions set by the user WithExtractorpackage mainimport context errors github com cloudwego hertz pkg app github com cloudwego hertz pkg app server github com hertz contrib csrf github com hertz contrib sessions github com hertz contrib sessions cookie func myExtractor c context Context ctx app RequestContext string error token ctx FormValue csrf token if token nil return errors New missing token in form data return string token nil func main h server Default store cookie NewStore byte secret h Use sessions Sessions csrf session store h Use csrf New csrf WithExtractor myExtractor h GET protected func c context Context ctx app RequestContext ctx String csrf GetToken ctx h POST protected func c context Context ctx app RequestContext ctx String CSRF token is valid h Spin The default Extractor is obtained through KeyLookup if the user wants to configure other logic is also supported NotesThis intermediate price needs to be used with sessions middleware and the underlying logic implementation is highly dependent on sessions Referencecloudwego hertzhertz contrib csrfhertz contrib sessions | 2022-12-04 08:17:14 |
| 海外TECH | DEV Community | December goals | https://dev.to/batunpc/december-goals-1cpa | December goalsAttaining mastery of any skill means we need to learn practice fail and iterate in the learning process many times I can say the same for my open source development journey Being able to contribute to open source projects has been a highlight of this year and in the last month of I plan on continuing my open source development to keep up the momentum I built over the last two months I have a few goals outlined for this month that I would like to accomplish by the end of the year Improve on code reviews Earlier I wrote a blog about my code reviewing process and how it did not go too well I want to practice doing some more code reviews throughout this month and get better at giving constructive and effective feedback More open source project contributions Honestly I should have started this task a couple of days ago however life happened and I got into a late start I found a couple of potential repositories I would like to contribute to over the next week My Photohub I have already contributed to this project a few weeks ago where I created the UI of the progressive web app PWA using React I plan on working on the other issues filed for this project and try to get closer to the finished product of this project Intel cve bin tool There are several issues in this repository that are interesting to me particularly the ones about creating checkers I would say it is not very coding heavy but it needs a lot of research before doing it Some other interesting repositories I came across while looking for some projects were dFreeCodeCampVueReactBokehRefactor improve and package palpatineI have been working on building my static site generator palpatine for the last two months However I have not had the chance yet to package it up to create my first release yet When I attempted to package it up a few days ago I ended up with a lot of errors and bugs that would require lots of time to debug I plan on sitting with it next week again Solve Advent of Code problems This year I am also challenging myself to keep up with solving the Advent of Code challenges Try out Advent of Cyber I also found out about this amazing challenge from a classmate and would love to give it a try Fun fact This year my classmates and I started building a browser based cybersecurity game with three js When I found out about Advent of Cyber I knew I had to give the challenges a try to learn different cybersecurity concepts in a fun and engaging way This year I am also challenging myself to keep up with solving the Advent of Code challenges | 2022-12-04 08:08:09 |
コメント
コメントを投稿