Skip to content

Instantly share code, notes, and snippets.

View cristipufu's full-sized avatar

Cristi Pufu cristipufu

View GitHub Profile
@davidfowl
davidfowl / .NET6Migration.md
Last active June 16, 2024 05:29
.NET 6 ASP.NET Core Migration
@samsch
samsch / stop-using-jwts.md
Last active May 26, 2024 19:07
Stop using JWTs

Stop using JWTs!

TLDR: JWTs should not be used for keeping your user logged in. They are not designed for this purpose, they are not secure, and there is a much better tool which is designed for it: regular cookie sessions.

If you've got a bit of time to watch a presentation on it, I highly recommend this talk: https://www.youtube.com/watch?v=pYeekwv3vC4 (Note that other topics are largely skimmed over, such as CSRF protection. You should learn about other topics from other sources. Also note that "valid" usecases for JWTs at the end of the video can also be easily handled by other, better, and more secure tools. Specifically, PASETO.)

A related topic: Don't use localStorage (or sessionStorage) for authentication credentials, including JWT tokens: https://www.rdegges.com/2018/please-stop-using-local-storage/

The reason to avoid JWTs comes down to a couple different points:

  • The JWT specification is specifically designed only for very short-live tokens (~5 minute or less). Sessions
@pierrejoubert73
pierrejoubert73 / markdown-details-collapsible.md
Last active June 14, 2024 05:57
How to add a collapsible section in markdown.

How to add a collapsible section in markdown

1. Example

Click me

Heading

  1. Foo
  2. Bar
    • Baz
  • Qux

Scaling your API with rate limiters

The following are examples of the four types rate limiters discussed in the accompanying blog post. In the examples below I've used pseudocode-like Ruby, so if you're unfamiliar with Ruby you should be able to easily translate this approach to other languages. Complete examples in Ruby are also provided later in this gist.

In most cases you'll want all these examples to be classes, but I've used simple functions here to keep the code samples brief.

Request rate limiter

This uses a basic token bucket algorithm and relies on the fact that Redis scripts execute atomically. No other operations can run between fetching the count and writing the new count.

@DanielSWolf
DanielSWolf / Program.cs
Last active June 13, 2024 17:26
Console progress bar. Code is under the MIT License: http://opensource.org/licenses/MIT
using System;
using System.Threading;
static class Program {
static void Main() {
Console.Write("Performing some task... ");
using (var progress = new ProgressBar()) {
for (int i = 0; i <= 100; i++) {
progress.Report((double) i / 100);
@darylteo
darylteo / NinjectWebCommon.cs
Created July 5, 2014 08:04
Ninject injection into Signalr Hubs with ninject.mvc5.
[assembly: WebActivatorEx.PreApplicationStartMethod(typeof(Ascend.Core.Application.App_Start.NinjectWebCommon), "Start")]
[assembly: WebActivatorEx.ApplicationShutdownMethodAttribute(typeof(Ascend.Core.Application.App_Start.NinjectWebCommon), "Stop")]
namespace Ascend.Core.Application.App_Start
{
using System;
using System.Linq;
using System.Web;
using Microsoft.Web.Infrastructure.DynamicModuleHelper;
@gsherman
gsherman / IIS7: rewrite cookies to be httponly
Created January 20, 2011 22:40
a rewriting rule that adds "HttpOnly" to any out going "Set-Cookie" headers
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<!--
Rewrite any outgoing "Set-Cookie" headers to be "HttpOnly"
Requires the IIS7 URL Rewrite Module, available from: http://www.iis.net/download/urlrewrite
-->
<rewrite>
<outboundRules>
<rule name="Add HttpOnly" preCondition="No HttpOnly">