Skip to content

Instantly share code, notes, and snippets.

View HosMercury's full-sized avatar

Hos.Mercury HosMercury

5 followers · 3 following
View GitHub Profile
@alexedwards
alexedwards / _tree
Last active April 23, 2024 20:05
.
├── books
│   ├── handlers.go
│   └── models.go
├── config
│   └── db.go
└── main.go
@LukeMathWalker
LukeMathWalker / audit.yml
Last active April 23, 2024 08:29
GitHub Actions - Rust setup
name: Security audit
on:
schedule:
- cron: '0 0 * * *'
push:
paths:
- '**/Cargo.toml'
- '**/Cargo.lock'
jobs:
security_audit:
@samsch
samsch / stop-using-jwts.md
Last active April 23, 2024 05:47
Stop using JWTs

Stop using JWTs!

TLDR: JWTs should not be used for keeping your user logged in. They are not designed for this purpose, they are not secure, and there is a much better tool which is designed for it: regular cookie sessions.

If you've got a bit of time to watch a presentation on it, I highly recommend this talk: https://www.youtube.com/watch?v=pYeekwv3vC4 (Note that other topics are largely skimmed over, such as CSRF protection. You should learn about other topics from other sources. Also note that "valid" usecases for JWTs at the end of the video can also be easily handled by other, better, and more secure tools. Specifically, PASETO.)

A related topic: Don't use localStorage (or sessionStorage) for authentication credentials, including JWT tokens: https://www.rdegges.com/2018/please-stop-using-local-storage/

The reason to avoid JWTs comes down to a couple different points:

  • The JWT specification is specifically designed only for very short-live tokens (~5 minute or less). Sessions
@rylev
rylev / learn.md
Created March 5, 2019 10:50
How to Learn Rust

Learning Rust

The following is a list of resources for learning Rust as well as tips and tricks for learning the language faster.

Warning

Rust is not C or C++ so the way your accustomed to do things in those languages might not work in Rust. The best way to learn Rust is to embrace its best practices and see where that takes you.

The generally recommended path is to start by reading the books, and doing small coding exercises until the rules around borrow checking become intuitive. Once this happens, then you can expand to more real world projects. If you find yourself struggling hard with the borrow checker, seek help. It very well could be that you're trying to solve your problem in a way that goes against how Rust wants you to work.

@nikhita
nikhita / update-golang.md
Last active April 20, 2024 20:38
How to update the Go version

How to update the Go version

System: Debian/Ubuntu/Fedora. Might work for others as well.

1. Uninstall the exisiting version

As mentioned here, to update a go version you will first need to uninstall the original version.

To uninstall, delete the /usr/local/go directory by:

@igorjs
igorjs / rest-api-response-format.md
Last active April 19, 2024 09:38
REST API response format based on some of the best practices
@joepie91
joepie91 / sessions.md
Last active April 13, 2024 03:38
Introduction to sessions

While a lot of Node.js guides recommend using JWT as an alternative to session cookies (sometimes even mistakenly calling it "more secure than cookies"), this is a terrible idea. JWTs are absolutely not a secure way to deal with user authentication/sessions, and this article goes into more detail about that.

Secure user authentication requires the use of session cookies.

Cookies are small key/value pairs that are usually sent by a server, and stored on the client (often a browser). The client then sends this key/value pair back with every request, in a HTTP header. This way, unique clients can be identified between requests, and client-side settings can be stored and used by the server.

Session cookies are cookies containing a unique session ID that is generated by the server. This session ID is used by the server to identify the client whenever it makes a request, and to associate session data with that request.

*S

@alexedwards
alexedwards / gist:dc3145c8e2e6d2fd6cd9
Last active April 9, 2024 05:30
Example of working with Go's database/sql and NULL fields
CREATE TABLE books (
isbn char(14) NOT NULL,
title varchar(255),
author varchar(255),
price decimal(5,2)
);
INSERT INTO books (isbn, title, author, price) VALUES
('978-1503261969', 'Emma', 'Jayne Austen', 9.44),
('978-1514274873', 'Journal of a Soldier', NULL, 5.49),
@jonhoo
jonhoo / strsplit.rs
Created April 22, 2020 22:08
#![warn(rust_2018_idioms)]
#[derive(Debug)]
pub struct StrSplit<'haystack, D> {
remainder: Option<&'haystack str>,
delimiter: D,
}
impl<'haystack, D> StrSplit<'haystack, D> {
pub fn new(haystack: &'haystack str, delimiter: D) -> Self {
@jeremychone
jeremychone / rust-xp-02-postgresql-sqlx.rs
Created May 11, 2021 05:48
Rust to PostgreSQL with SQLX | Rust By Example
#![allow(unused)] // silence unused warnings while exploring (to comment out)
use sqlx::postgres::{PgPoolOptions, PgRow};
use sqlx::{FromRow, Row};
// Youtube episode: https://youtu.be/VuVOyUbFSI0
// region: Section
// Start postgresql server docker image: