j4w8n

Implement user API keys with Supabase

Rationale

JWTs are at the heart of Supabase authorization, but sometimes we wanna build an app that also gives users access via API keys; or perhaps only exclusively via API keys. As you may know, using JWTs as API keys makes them difficult to revoke and therefore a security issue.

We also want to ensure this doesn't significantly add to RLS polices, if at all.

Finally, we'd love to have this handled by Supabase and do as little as possible in our framework. This simplifies our code and reduces third-party libraries.

Solution

FelixZY

-- Token Based API Access for Supabase
--
-- How to configure Supabase (https://supabase.com/) to generate and accept API tokens.
--
-- (c) 2022 Felix Zedén Yverås
-- Provided under the MIT license (https://spdx.org/licenses/MIT.html)
--
-- Disclaimer: This file is formatted using pg_format. I'm not happy with the result but
-- prefer to follow a tool over going by personal taste.
--

Brainiarc7

Information

• Xubuntu 16.04

Repositories

natemccurdy

#!/bin/bash
# GIST_URL: https://gist.github.com/natemccurdy/797fa9128b7eef1f07be
# This script can be run to manually trigger Code Manager to deploy code from your control-repo. This sort of
# thing is neccesary when, for example:
#   - You've turned on Code Manager but have not yet made an RBAC token.
#   - You want to pull down the latest version of a Puppetfile module without pushing to your GMS.
#   - Something has broken the post-receive hook on your GMS that would've triggered Code Manager.
#   - Syntax errors in your Puppetfile prevent you from retrieving those fixes to that Puppetfile.
#   - Puppetserver has crashed due to file-sync issues between code and code-staging.
#   - Code Manager can't deploy your code for various reasons that are hard to track down.

tam7t

Are your Ruby HTTPS API calls secure?

Let's check:

2.0.0-p481 :001 > OpenSSL::SSL::SSLContext::DEFAULT_PARAMS
 => {:ssl_version=>"SSLv23", :verify_mode=>1, :ciphers=>"ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW", :options=>-2147482625}
2.0.0-p481 :002 > rating = JSON.parse(RestClient::Resource.new("https://www.howsmyssl.com/a/check" ).get)['rating']
 => "Bad"

itskingori

# As used with CanCan and Devise
class ApplicationController < ActionController::Base
  protect_from_forgery

  include ErrorResponseActions

  rescue_from CanCan::AccessDenied, :with => :authorization_error
  rescue_from ActiveRecord::RecordNotFound, :with => :resource_not_found

  before_filter :authenticate!

raphink

 +-------------------------------------+           +-------------------------------------+
 |      Client                         |           |        Server                       |
 |-------------------------------------|           |-------------------------------------|
 |                                     |           |                                     |
 |     mco spec                        |           |      Serverspec                     |
 |       +                             |           |           ^                         |
 |       |                             |           |           |                         |
 |       v                             |           |           +                         |
 |  MCollective::Application           |           |    RSpec::Core::Runner#run          |
 |       |                             |           |           ^                         |

crazed

#!/bin/bash
MPATH=$1
BETCDIR='/etc/mcollective'
BRUBYDIR='/Library/Ruby/Site/1.8'
BSBINDIR='/usr/sbin'
BBINDIR='/usr/bin'
BLIBEXECDIR='/usr/libexec/mcollective'
BDOCDIR='/usr/share/doc/mcollective'
BLAUNCHDIR='/Library/LaunchDaemons'
BLOGDIR='/var/log/mcollective'