Posts

Advanced OpenResty Reverse Proxy Configuration with GeoIP, ModSecurity, and Lua Load Balancing

Copy Code Example OpenResty Reverse Proxy Features This is an OpenResty (Nginx with Lua scripting capabilities) configuration for a reverse proxy that performs several advanced functions, including: HTTP to HTTPS redirection. SSL/TLS termination. Web Application Firewall (WAF) using ModSecurity. GeoIP-based routing: Directing users to different backend server pools based on their country. Custom Lua-based load balancing: Health checks for backend servers. Least connections algorithm (weighted) to select a backend. Custom logging including GeoIP data and selected backend. Let's break down each file and its components: nginx.conf (Main OpenResty Configuration) This file sets up the global Nginx/OpenResty environment. Copy Code worker_processes 1; worker_processes 1;: Configures Nginx to use a single worker process. For production, this is usually set to auto or the...
Post a Comment
Read more

JWT Structure

  JWT Structure The token is composed of three parts, separated by dots: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VybmFtZSI6Im9wZW5zb3VyY2VqZWdhbkBnbWFpbC5jb20iLCJyb2xlcyI6WyJ1c2VyIl0sImV4cCI6MTczMzU3MzA2MX0.nxBknSlySJ0JQIFg5BpmnZhZV6VZ0Mshu7opFFgPLSc 1. First Part (Header): eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9 When decoded (base64), it reveals: { "typ" : "JWT" , "alg" : "HS256" } JSON Copy typ : Type of token (JSON Web Token) alg : Algorithm used (HMAC SHA256) 2. Second Part (Payload): eyJ1c2VybmFtZSI6Im9wZW5zb3VyY2VqZWdhbkBnbWFpbC5jb20iLCJyb2xlcyI6WyJ1c2VyIl0sImV4cCI6MTczMzU3MzA2MX0 When decoded, it reveals: { "username" : "opensourcejegan@gmail.com" , "roles" : [ "user" ] , "exp" : 1733573061 } JSON Copy username : User's email roles : User's roles (in this case, "user") exp : Expiration timestamp (Unix timestamp) 3. Third Part (Signature): nxBknSlySJ...
Post a Comment
Read more

Jegan's SSO Auth System Code Explanation

  https://docs.google.com/document/d/1tVIsBVRwF9cESAvhBLbqwJftuJtXcx8t-fO4KmB1QaQ/edit?usp=sharing API Routes /api/signup : Handles user signup. Validates email and password, checks if the email is allowed, hashes the password, stores user data in the database, and sends a welcome email. /api/enroll : Handles TOTP enrollment. Generates a TOTP secret, stores it, and returns a QR code for 2FA setup. /api/login : Handles user login. Validates credentials, checks account lock status, generates tokens, and sets them as cookies. /api/validate : Validates the access token and returns user information if valid. /api/token/refresh : Refreshes the access token using a valid refresh token. /api/update_role : Updates the role of a user. /api/logout : Logs out the user by revoking tokens and clearing cookies. /api/request_reset : Initiates a password reset by generating a reset token and sending it via email. /api/reset_password/ : Resets the user's password using a valid reset token.
Post a Comment
Read more

Mermaid diagram syntax for Token-based authentication system

 sequenceDiagram     participant User     participant Browser     participant AuthServer     participant Database     % Login Flow     User->>Browser: Enter Credentials     Browser->>AuthServer: POST /api/login     AuthServer->>Database: Validate Credentials     alt Credentials Valid         Database-->>AuthServer: User Found         AuthServer->>AuthServer: Generate Access Token         AuthServer->>AuthServer: Generate Refresh Token         AuthServer->>Database: Store Refresh Token         AuthServer-->>Browser: Return Tokens         Browser->>Browser: Store Tokens in HTTP-only Cookies         Browser-->>User: Login Successful     else Credentials Invalid         D...
Post a Comment
Read more

Enhancing Flask SSO with Role-Based Access Control (RBAC)

Enhancing Flask SSO with Role-Based Access Control (RBAC) Enhancing Flask SSO with Role-Based Access Control (RBAC) To enhance your Single Sign-On (SSO) application with Role-Based Access Control (RBAC), you need to implement a mechanism to assign roles to users and control access to different routes or resources based on those roles. Here's how you can do it step by step: 1. Extend the Database Schema You'll need to add a role column to the users table so that each user can be assigned a role, such as "admin," "user," or any other custom role. def init_db(): try: with sqlite3.connect('sso_service.db') as conn: c = conn.cursor() c.execute('''CREATE TABLE IF NOT EXISTS tokens (token TEXT PRIMARY KEY, username TEXT, token_type TEXT, expiration DATETIME)''') c.execute('''CREATE TABLE IF NOT EXISTS totp_secrets (username TEXT ...
Post a Comment
Read more

Concept of WSL (Windows Subsystem for Linux) in Windows 2022 Server

Image
 
Post a Comment
Read more

Poll-monitor/SSH remote access to WSL (Windows Subsystem for Linux) Windows 2022 server and enable wsl.exe automatically during Windows 2022 server restart/reboot from remote Ubuntu 22.04 LTS

Poll-monitor/SSH remote access to WSL (Windows Subsystem for Linux) Windows 2022 server and enable wsl.exe automatically during Windows 2022 server restart/reboot from remote Ubuntu 22.04 LTS Shell Script Copy Code #!/bin/bash # Log file location LOG_FILE="/var/log/ping_monitor.log" SERVICE_NAME="ping_monitor.service" # Function to log messages with timestamps log_message() { echo "$(date +"%Y-%m-%d %H:%M:%S") - $1" >> $LOG_FILE } # IP address to ping IP_ADDRESS="A.B.C.D" # Number of timeouts and replies to check TIMEOUT_COUNT=2 # Adjust this as needed REPLY_COUNT=4 # Initialize counters timeout_counter=0 reply_counter=0 # Infinite loop to monitor the ping status while true; do # Ping the IP address once ping -c 1 $IP_ADDRESS > /dev/null 2>&1 # Check the exit status of the ping command if [ $? -ne 0 ]; then # Increment the timeout counter if the pi...
Post a Comment
Read more