node-config

This will allow to set a security operation mode and configure the channels. I chose to use the config package as I had good experience with it and it supports cascading config options.

Tailwind CSS v3.2.4 includes a new @config directive that lets you specify which Tailwind CSS config to use for that file.

Use https://www.npmjs.com/package/config so you can have runtime variables accessible based on provided json's

I am using this node-config package (https://github.com/node-config/node-config) in my project. I feel like I am brute-forcing my way, is there a better way to do this? Any hint would be appreciated or just point me in a direction that would be great. Thank you!

In this article, I'm going to demonstrate how the dotenv and node-config NPM packages can be used together to keep your Node.js application code organized across environments.

#3 Environment-specific config files with Config package

I always disliked the .env file. Almost every time I was forced to place it on the top level of my app directory. At some point i started to use the npm config package. This gives the application a consistent configuration interface and there is a formidable way to implement it into the NextJS environment. For people which prefer code over text, feel free to checkout the finished implementation.

How do I handle configs? In our Node APIs we use this config package, which allows us to override default configs on a per-environment basis. What's the standard way of doing this in Go?

import { useEffect, useState } from "react"; import "./App.css"; import Profile from "./components/profile/Profile"; function App() { // Extracting the 'code' parameter from the URL query string (used for authorization) const urlParams = new URLSearchParams(window.location.search); const code = urlParams.get("code"); // State to store the retrieved user data const [data, setData] = useState(null); // State to indicate if data is being fetched const [loading, setLoading] = useState(false); // Runs whenever the 'code' variable changes (likely on authorization flow) useEffect(() => { const token = localStorage.getItem("token"); if (token) { setLoading(true); // Set loading to true while fetching data fetch("https://api.github.com/user", { headers: { Authorization: token }, }) .then((res) => res.json()) // Parse the response as JSON .then((data) => { setData(data); // Update state with fetched user data setLoading(false); // Set loading to false when done fetching }); } else if (code) { // If no token but 'code' is available (GitHub OAuth flow) setLoading(true); // Set loading to true while fetching data fetch( `http://localhost:8589/oauth/redirect?code=${code}&state=YOUR_RANDOMLY_GENERATED_STATE` ) .then((res) => res.json()) // Parse the response as JSON .then((data) => { setData(data.userData); // Update state with user data from response localStorage.setItem( "token", `${data.tokenType} ${data.token}` ); // Store access token in local storage setLoading(false); // Set loading to false when done fetching }); } }, [code]); // Function to redirect the user to the GitHub OAuth authorization page function redirectToGitHub() { const client_id = "blah blah"; const redirect_uri = "http://localhost:5173/"; const scope = "read:user"; const authUrl = `https://github.com/login/oauth/authorize?client_id=${client_id}&redirect_uri=${redirect_uri}&scope=${scope}`; window.location.href = authUrl; } // Conditionally render content based on loading state and data availability if (loading) { return

Loading...h4>; } if (data) { return ; } return ( <>

Login to MyApph1> Login with GitHub button> div> ); } export default App;

import hashlib from datetime import datetime import httpx from fastapi import APIRouter, HTTPException, Query from app.config import settings from app.utilities.db import db from .models import OauthException, OauthToken router = APIRouter() @router.get( "/callback", response_model=OauthToken, responses={ 400: {"description": "Oauth Error", "model": OauthException}, }, ) async def oauth_callback( code: str = Query(description="Authorization Code"), ) -> OauthToken: """ GitHub Oauth Integration Callback """ async with httpx.AsyncClient() as client: token_result = await client.post( "https://github.com/login/oauth/access_token", json={ "client_id": settings.github_oauth_client_id, "client_secret": settings.github_oauth_client_secret, "code": code, "redirect_uri": "http://localhost:8000/v1/auth/callback", }, headers={"Accept": "application/json"}, ) data = token_result.json() error = data.get("error") if error: raise HTTPException( status_code=400, detail=f"{data.get('error')}: {data.get('error_description')}", ) access_token: str = data.get("access_token") user_result = await client.get( "https://api.github.com/user", headers={"Authorization": f"Bearer {access_token}"}, ) user_data = user_result.json() user = user_data.get("login") await db.tokens.insert_one( { "user": user, "access_token_hash": hashlib.sha256(access_token.encode()).hexdigest(), "created_date": datetime.utcnow(), }, ) return OauthToken(access_token=access_token)

The actual URL is https://github.com/login/oauth/authorize?client_id=bbb58b28cdd98636e3e2&redirect_uri=http%3A%2F%2F127.0.0.1%3A8000%2Fcallback&scope=user%3Aemail&response_type=code

GOOGLE_CLIENT_ID = os.environ["GOOGLE_CLIENT_ID"] GOOGLE_CLIENT_SECRET = os.environ["GOOGLE_CLIENT_SECRET"] GOOGLE_TOKEN_URL = "https://www.googleapis.com/oauth2/v4/token" GOOGLE_AUTH_URL = "https://accounts.google.com/o/oauth2/v2/auth" GITHUB_CLIENT_ID = os.environ["GITHUB_CLIENT_ID"] GITHUB_CLIENT_SECRET = os.environ["GITHUB_CLIENT_SECRET"] GITHUB_TOKEN_URL = "https://github.com/login/oauth/access_token" GITHUB_AUTH_URL = "https://github.com/login/oauth/authorize"

export const GET = async ({ cookies }) => { const state = generateRandomString(40); // I recommend using nanoid cookies.set("github_oauth_state", state, { httpOnly: true, secure: !dev, // disable when using localhost maxAge: 60 * 60 // 1 hour expiry, path: "/" }); const authorizationUrlSearchParams = new URLSearchParams({ client_id: GITHUB_CLIENT_ID, state }); const authorizationUrl = https://github.com/login/oauth/authorize?${authorizationUrlSearchParams}; // redirect to authorization url return new Response(null, { status: 302, headers: { Location: authorizationUrl } }); } ```

services.AddCookie("Google-Cookie") .AddOAuth("Google", options => { options.SignInScheme = "Google-Cookie"; options.ClientId = configuration["ClientId"]>; options.ClientSecret = configuration["ClientSecret"]; options.AuthorizationEndpoint = "https://github.com/login/oauth/authorize"; options.TokenEndpoint = "https://github.com/login/oauth/access_token"; options.UserInformationEndpoint = "https://api.github.com/user"; options.CallbackPath = "/api/Google-Redirect"; options.Scope.Clear(); options.Scope.Add("read:user"); options.SaveTokens = true; // Not sure what does this do options.Events.OnCreatingTicket = async context => { using var request = new HttpRequestMessage(HttpMethod.Get, options.UserInformationEndpoint); request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", context.AccessToken); using var result = await context.Backchannel.SendAsync(request); var user = await result?.Content?.ReadFromJsonAsync(); context.RunClaimActions(user); // I don't think this is needed // Create claims for the token var claims = new Claim[] { new Claim(ClaimTypes.Name, user.Name), new Claim(ClaimTypes.Email, user.Email) }; // Create the token var token = new JwtSecurityToken( issuer: configuration["JWT_Issuer"], audience: configuration["JWT_Audience"], claims: claims, expires: DateTime.UtcNow.AddHours(1);, signingCredentials: new SigningCredentials(new SymmetricSecurityKey(Encoding.UTF8.GetBytes(configuration["JWT_Secret"]));, SecurityAlgorithms.HmacSha256) ); // Generate the token string var tokenString = new JwtSecurityTokenHandler().WriteToken(token); context.Response.Cookies.Append("X-Access-Token", tokenString, new CookieOptions() { HttpOnly = true, SameSite = SameSiteMode.Strict }); }; } );

# Verify the content of the artifact at the given digest, as well as the fact # that the signature has been created by a GitHub actor with the given email. $ cosign verify ghcr.io/radu-matei/hello-spin@sha256:6f886e428152a32ada6303e825975e1a9798de86977e532991a352d02c98f62c \ --certificate-oidc-issuer https://github.com/login/oauth \ --certificate-identity [email protected] Verification for ghcr.io/radu-matei/hello-spin@sha256:6f886e428152a32ada6303e825975e1a9798de86977e532991a352d02c98f62c -- The following checks were performed on each of these signatures: - The cosign claims were validated - Existence of the claims in the transparency log was verified offline - The code-signing certificate was verified using trusted certificate authority certificates

@Bean ClientRegistrationRepository clientRegistrationRepository(JdbcTemplate jdbcTemplate) { JdbcClientRegistrationRepository jdbcClientRegistrationRepository = new JdbcClientRegistrationRepository(jdbcTemplate); ClientRegistration clientRegistration = ClientRegistration.withRegistrationId("github") .clientId("123456") .clientSecret("123456") .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC) .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE) .redirectUri("{baseUrl}/{action}/oauth2/code/{registrationId}") .scope(new String[]{"read:user"}) .authorizationUri("https://github.com/login/oauth/authorize") .tokenUri("https://github.com/login/oauth/access_token") .userInfoUri("https://api.github.com/user") .userNameAttributeName("login") .clientName("GitHub").build(); jdbcClientRegistrationRepository.save(clientRegistration); return jdbcClientRegistrationRepository; }

const oauthUri = `https://github.com/login/oauth/authorize?client_id=${process.env.NEXT_PUBLIC_GH_CLIENT_ID}&scope=user:email,read:user&redirect_uri=http://localhost:3000/api/auth`

var builder = WebApplication.CreateBuilder(args); builder.Services.AddAuthentication() .AddOAuth("github", o => { o.ClientId = "###"; o.ClientSecret = "###"; o.AuthorizationEndpoint = "https://github.com/login/oauth/authorize"; o.TokenEndpoint = "https://github.com/login/oauth/access_token"; o.CallbackPath = "/oauth/github-cb"; o.UserInformationEndpoint = "https://api.github.com/user"; }); var app = builder.Build(); app.MapGet("/", (HttpContext context) => { return context.User.Claims.Select(x => new { x.Type, x.Value }).ToList(); }); app.MapGet("/login", () => { return Results.Challenge(authenticationSchemes: new List() { "github" }); }); app.Run(); --------------------------------------------- dotnet : Stack overflow. At line:1 char:1 + dotnet watch --no-hot-reload 2> output.txt + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (Stack overflow.:String) [], RemoteException + FullyQualifiedErrorId : NativeCommandError at System.Collections.Generic.Dictionary`2[[Microsoft.Extensions.DependencyInjection.Servi ceLookup.ServiceCacheKey, Microsoft.Extensions.DependencyInjection, ...Goes on for an other 60.000 lines