Topics

user

Varnish with secure AWS S3 bucket as backend

Serving static contents from S3 is common, but using Varnish in front is a bit tricky. Especially if you want to keep the bucket secure and only serve from Varnish, here is a simple Varnish file to solve this problem.

First secure your bucket via IP policy:

{
  "Version": "2012-10-17",
  "Id": "S3PolicyId1",
  "Statement": [
    {
      "Sid": "IPAllow",
      "Effect": "Allow",
      "Principal": "*",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::example.bucket/*",
      "Condition": {
        "IpAddress": {
          "aws:SourceIp": [
            "5.6.7.8/32"  //varnish ip
          ]
        }
      }
    },
    {
      "Sid": "Explicit deny to ensure requests are allowed only from specific referer.",
      "Effect": "Deny",
      "Principal": "*",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::example.bucket/*",
      "Condition": {
        "StringNotLike": {
          "aws:Referer": [
            "https://example.com/*"
          ]
        }
      }
    }
  ]
}

Setup postgreSQL RDS using Ansible

Setting up PostgreSQL on RDS using ansible is a bit tricky because the main user on RDS is not a SUPERUSER and roles membership is not automatically granted for ex: “ERROR: must be member of role ..” is quite common. Here is a working solution:

Fix W3 Total Cache W3_Plugin_TotalCache::ob_callback() expected to be a reference

Around a year ago I was playing with W3 Total Cache plugin on HHVM while I got an annoying warning

Warning: Parameter 1 to W3_Plugin_TotalCache::ob_callback() expected to be a reference, value given in /wp-includes/functions.php on line 3269

The funny part is that one of the functions was passing by reference which I still could not find the reason for it, maybe it was a limitation in PHP 4.3. Removing one character “&” fixed the issue so I submitted a pull request to the author although the repository currently does not accept pull request. Later on as PHP 7.0 was released, the issue started to show on PHP as well which brought more attention to this small fix. The users comments included anger such as user @kmob2 who said

this is becoming a running gag

Even more user @pratham2003 proposed a one line bash command to solve the problem

sed -i.bak 's/function ob_callback(&/function ob_callback(/g' /path/to/public_html/wp-content/plugins/w3-total-cache/lib/W3/Plugin/TotalCache.php

I hope that the developers will finally listen to the users and fix it soon!

Custom validation messages for sails js

//in api/models/User.js
function validationError(invalidAttributes, status, message) {
  var WLValidationError = require('../../node_modules/sails/node_modules/waterline/lib/waterline/error/WLValidationError.js');
  return new WLValidationError({
      invalidAttributes: invalidAttributes,
      status: status,
      message: message
    }
  );
}
var User = {
  attributes: {
    //...
  },
  ownValidate:: function (values, update, cb) {
    //example of not allowed param on update
    //if it is an update then do not allow email param
    if (update && values.email) {
      return cb(validationError({
        email: [
          {
            message: 'Email is not allowed for updates.'
          }
        ]
      }, 400 /*status*/));
    }
    sails.models['user'].findOne(values.email).exec(function (err, user) {
      if (err) return cb(err);
      if (user) {
        return cb(validationError({
          email: [
            {
              value: values.email,
              rule: 'E_UNIQUE'
              /* unique validation message is left for the default one here */
            }
          ]
        }, 409));
      }
    });
  },
  beforeCreate: function (values, cb) {
    return sails.models['user'].ownValidate(values, false, cb);
  },
  beforeUpdate: function (values, cb) {
    return sails.models['user'].ownValidate(values, true, cb);
  }
}

For blueprint custom messages validation

Use mysqldump to create separate files and directories for databases and tables

The script creates separate directory for every database and bz2 files for every table inside that database.

#!/bin/sh

#edit these
USER=""
PASSWORD=""
MYSQLDIR="/path/to/backupdir"

MYSQLDUMP="/usr/bin/mysqldump"
MYSQL="/usr/bin/mysql"

echo - Dumping DB structure "$MYSQLDIR"/all.bz2 
$MYSQLDUMP --user=$USER --password=$PASSWORD -d --all-databases | bzip2 > "$MYSQLDIR"/all.bz2 

echo - Dumping tables for each DB
databases=`$MYSQL --user=$USER --password=$PASSWORD -e "SHOW DATABASES;" | grep -Ev "(Database|information_schema)"`
for db in $databases; do
    echo - Creating "$db" DB
	mkdir $MYSQLDIR/$db
	chmod -R 777 $MYSQLDIR/$db
	for tb in `$MYSQL  --user=$USER --password=$PASSWORD -N -B -e "use $db ;show tables"`
		do 
			echo -- Creating table $tb
			$MYSQLDUMP --opt  --delayed-insert --insert-ignore --user=$USER --password=$PASSWORD $db $tb | bzip2 -c > $MYSQLDIR/$db/$tb.sql.bz2
	done
	echo
done