Topics

file

Varnish with secure AWS S3 bucket as backend

Serving static contents from S3 is common, but using Varnish in front is a bit tricky. Especially if you want to keep the bucket secure and only serve from Varnish, here is a simple Varnish file to solve this problem.

First secure your bucket via IP policy:

{
  "Version": "2012-10-17",
  "Id": "S3PolicyId1",
  "Statement": [
    {
      "Sid": "IPAllow",
      "Effect": "Allow",
      "Principal": "*",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::example.bucket/*",
      "Condition": {
        "IpAddress": {
          "aws:SourceIp": [
            "5.6.7.8/32"  //varnish ip
          ]
        }
      }
    },
    {
      "Sid": "Explicit deny to ensure requests are allowed only from specific referer.",
      "Effect": "Deny",
      "Principal": "*",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::example.bucket/*",
      "Condition": {
        "StringNotLike": {
          "aws:Referer": [
            "https://example.com/*"
          ]
        }
      }
    }
  ]
}

Setup postgreSQL RDS using Ansible

Setting up PostgreSQL on RDS using ansible is a bit tricky because the main user on RDS is not a SUPERUSER and roles membership is not automatically granted for ex: “ERROR: must be member of role ..” is quite common. Here is a working solution:

Cachita is a golang file and memory cache library

Cachita

Cachita is a golang file and memory cache library

Build Status
GoDoc

  • Simple caching with auto type assertion included.
  • In memory file cache index to avoid unneeded I/O.
  • Msgpack based binary serialization using msgpack library for file caching.

API docs: https://godoc.org/github.com/gadelkareem/cachita.

Examples: https://godoc.org/github.com/gadelkareem/cachita#pkg-examples.

Installation

Install:

go get -u github.com/gadelkareem/cachita

Ansible vault encrypt/decrypt shell script

#!/usr/bin/env bash

####Usage
# ./vault.sh encrypt
# ./vault.sh dencrypt
# ./vault.sh encrypt /full/path/to/file.yml
######

set -euo pipefail

cd `dirname $0`



if [ -z "$PASSWORD" ]; then
    read -s -p "Enter Password: " PASSWORD
fi

VAULT_FILE=vault_key
echo "${PASSWORD}" > "${VAULT_FILE}"

ACTION=decrypt
if [ "$1" != "" ]; then
    ACTION="$1"
fi

FILES=(group_vars/prod/*.yml)
if [ ! -z "${2-}" ]; then
    FILES=("$2")
fi


for FILE in "${FILES[@]}"
do
    if [ "${ACTION}" = "encrypt" ]; then
        echo "Encrypting ${FILE}"
        ansible-vault encrypt "${FILE}.decrypted" --output=$FILE --vault-password-file "${VAULT_FILE}"
    else
        echo "Decrypting ${FILE}"
        ansible-vault decrypt $FILE --output="${FILE}.decrypted" --vault-password-file "${VAULT_FILE}"
    fi
done

rm -rf "${VAULT_FILE}"

Custom validation messages for sails js

//in api/models/User.js
function validationError(invalidAttributes, status, message) {
  var WLValidationError = require('../../node_modules/sails/node_modules/waterline/lib/waterline/error/WLValidationError.js');
  return new WLValidationError({
      invalidAttributes: invalidAttributes,
      status: status,
      message: message
    }
  );
}
var User = {
  attributes: {
    //...
  },
  ownValidate:: function (values, update, cb) {
    //example of not allowed param on update
    //if it is an update then do not allow email param
    if (update && values.email) {
      return cb(validationError({
        email: [
          {
            message: 'Email is not allowed for updates.'
          }
        ]
      }, 400 /*status*/));
    }
    sails.models['user'].findOne(values.email).exec(function (err, user) {
      if (err) return cb(err);
      if (user) {
        return cb(validationError({
          email: [
            {
              value: values.email,
              rule: 'E_UNIQUE'
              /* unique validation message is left for the default one here */
            }
          ]
        }, 409));
      }
    });
  },
  beforeCreate: function (values, cb) {
    return sails.models['user'].ownValidate(values, false, cb);
  },
  beforeUpdate: function (values, cb) {
    return sails.models['user'].ownValidate(values, true, cb);
  }
}

For blueprint custom messages validation