DEV Community: Ayin Kim

Will I be safe to edit pg_hba.conf METHOD?

Ayin Kim — Wed, 09 Aug 2023 08:46:16 +0000

Background
All I wanted to do with pgadmin 4 and DBeaver were obvious: create a new server/DB.

But when I fill the password form in process, it kept throwing an error message.

FATAL: password authentication failed for user "postgres" (postgresql 11 with pgAdmin 4)

Unfortunately, the error message was shown with alien language(literally, with symbolic charcater. This might be due to different OS language setting). So I had to guess.

This must be authentication or password thing to consider. I even doubt my antivirus software, bitdefender. And reinstalled postgresql, pgadmin, even DBeaver itself.

The problem persists even on 'safe mode' on Windows 11.

Debugging
And found a clue here.
Changing the setting of postgresql must be the solution.

Although the answer stated that 'once you changed that password you wish to create or change the DB, you need to revert it to initial Method.' But this only revived the error message I encountered.

# IPv4 local connections:
host    all             all             127.0.0.1/32            trust
# IPv6 local connections:
host    all             all             ::1/128                 trust

Leaving METHOD as trust will not cause any problem if this is not your production purpose. But if you do use your DB on production level, then you must find alternative to figure out this authentication method problem.

So I searched bit more,** [here]**(https://www.postgresql.org/docs/current/auth-pg-hba-conf.html).

Tip

To connect to a particular database, a user must not only pass the pg_hba.conf checks, but must have the CONNECT privilege for the database. If you wish to restrict which users can connect to which databases, it's usually easier to control this by granting/revoking CONNECT privilege than to put the rules in pg_hba.conf entries.

Go to that link and see Example 21.1. Example pg_hba.conf Entries. That's what the document stated.

Let's break down. According to ChatGPT:


- Unix Domain Socket Connections: The line local all all scram-sha-256 means that all local Unix domain socket connections (not applicable on Windows) will use scram-sha-256 authentication. This requires a password encrypted with scram-sha-256.
- IPv4 Local Connections: The line host all all 127.0.0.1/32 trust means that all IPv4 connections from the localhost (127.0.0.1) will be allowed without a password (using the trust method).
- IPv6 Local Connections: The line host all all ::1/128 trust has the same effect as the IPv4 line but applies to IPv6 connections from the localhost.
- Replication Connections: The replication lines are set to use scram-sha-256, meaning that replication connections will require a password encrypted with scram-sha-256.
- With this configuration:

So, with this configuration of pg_hba.conf:

Local connections (from the same machine where PostgreSQL is running) will be able to connect without a password.
Any connections from other machines will not be allowed, as there are no host lines for other addresses.
Replication connections will require a scram-sha-256 encrypted password.

Conclusion
Only modify METHOD to trust for the local connections.

*Disclaimer: *
Just in case, I recommend you consult with a cyber security expert if you are applying this to your production one.

Crash note - how to efficiently do the project?

Ayin Kim — Thu, 03 Aug 2023 02:52:47 +0000

You set a goal, and you started. First, you should plan for deadline and when to finish off some feature till 18th of this month. And when to complete the login feature etc etc.

But in my experience, none of my neighbour senior software developers or engineers ever shown/told such know-how or manual.

And I met a mentor, and thanks to him: this is how I defined my manual to do the project.

Disclaimer:

This cannot be like an absolute answer. We all have a unique style.
this may be full-stack version.

When I start developing a project (Version August 2023):

1. Define a topic.

It will motivate you, and it is your ultimate goal.

2. Scan/define list of features

This does not have to be tech related words to describe. In my case, I define a list of features (e.g., authentication (signin, signup, remove account).

3. Scan for tech lists to achieve its feature.

This step, I matched up with #2. For authentication: https://stackoverflow.com/questions/38635092/how-to-create-json-web-token-to-user-login-in-django-rest-framework

4. But choosing an 'easy to understand/apply on your project/code' is always good.

Mistake I made. To make a decision at this point, this is the time to search for some similar examples. At least how someone used it.

For example, rest_framework_jwt.views.obtain_jwt_token.
You got the keyword. First, search exactly how it shows. Then from the url I mentioned at #3, one of respondent emphasised 'token'.

rest_framework, jwt, token = User/Authentications

Be patient: To make this, I should understand how token works and so how it allowed sign-in feature to work.

5. Searching for some similar instance that someone already did.

Mistake I made. From non-CS degree's perspective(?), I still have some paranoia that 'copying is not good'. I often start on my own, and did not really searching for other's work. Or I could say: I had no clear insight like how/what to search for.

Although you can do so, but still referring other's work first will protect you to get stuck at some point.

One more thing, I will mention this at #9 but I recommend you save some 'easy to achieve blueprint' if some feature looks challenging. I am not sure how other senior level software engineer would comment about this line, but still: I would have some insurance - just in case.

6. Use draw.io to organise your plan.

Mistake I made. This is my thought but I would not start making this unless you have done the step #5. Once you have some vision to remind them of, then you may do this step.

7. Make a simple EDR.

Mistake I made. This is the step I often felt hardness. But now, I can say: this should be the last step to make it in your planning. As drawing diagram was also to have some insight about the project (when it gets bigger scale), this clearly define you what to create.

I always feared to make this. To do this, I believe I should do this when I am still planning on it. This doesn't look like the phase to make it once you finished the project.

8. Keep checking your progression speed with Kanban.

This one does not have to be special or professional. But I used Kanban management tool on github's project tab. You may not believe 'do I need it?' but my answer is yes. This will help you much especially when the project scale or its length is larger or limited.

9. Try not take longer than a week.

Mistake I made. In my case, I already feel exhausted when I get stuck at some point. But as a non-degree developer, I realised one fact. This software development as a business is more like time.

Still, I strongly believe that I should NEVER give up the quality. In the end, it would work like karma. However, you should equip one confident blueprint to achieve a feature - this is for your worst-case scenario. You should at least have one insurance.

10. Finally, if you stuck longer than an hour, then searching for another example.

As a junior level, I do not think I ever attempted using Rust language all of sudden to my project. It may look amazing but what is the point if you cannot make that feature in the end?

I believe these are the most stable step-by-step manual.

Extra.

Mistake I made. This is quite a personal issue but I finally decided 'I should have separate repositories for client and server'.

https://security.stackexchange.com/questions/225455/should-repositories-with-server-code-and-client-code-be-separate

In my recommendation, just go for a split-version.

For example, if you have both client and server folder in the same root folder - this may look stable. To describe, some people hate using styled-components and rather using a separate css file instead. Yes, this is where I made a mistake. I believed that 'not using a popular stack to achieve a feature' may look like I am staying behind the industry(?) standard.

Not always. So now I always searching for 'if I do not use styled-components, will I be seen as out of date(...) developer'? At least for this client and server repository issue, the conclusion was 'it really depending on your preference'.

It is really your choice. But personally, I would say just don't work on a single repository. Unless you do that for learning purpose, don't.

Personal guideline - docker & django

Ayin Kim — Wed, 05 Jul 2023 08:53:36 +0000

Abstract.
This post will be updated whenever I have an update regarding the contents here. The post is written by junior level developer. So please, read at your own risk :)

[First guide found]
Dockerizing a python Django Web Application
https://semaphoreci.com/community/tutorials/dockerizing-a-python-django-web-application

And here is template like.
https://github.com/agusmakmun/django-markdown-editor

What Docker is
prerequisite to use the template above (forking)
Create a Python virtual environment
Gunicorn(HTTP server) and Martor (markdown plugin)
Then, makemigrations, migrate etc.
Testing code (TDD)
Static vs Dynamic Files
About nature of Django explanation. Know the difference.
Style Checker (Flake8)
Additional integration, github Note: you may manually setup this part from docker hub and github (settings, Secrets, Actions Secrets -> Repo secrets). This part is one of important setup with docker.
Now Docker. Writing the Dockerfile
Building and running the container.
CI/CD (achieve this with github actions as well)
About dockerizing pipeline

Comment:
Some part offers advanced platform service to use. This guide does not have an example of setting up github actions.

[Second guide found] - docker & github actions
https://stackoverflow.com/questions/57549439/how-do-i-use-docker-with-github-actions

To setup Github Actions in your project:

Set up checks.yml The contents of code in this file will be shown in Github Actions once it is pushed in git via your VSCode.

Django - Official Documentation

https://docs.djangoproject.com/en/4.2/topics/testing/overview/ TDD guideline. How to use django.test and TestCase in a nutshell.

1.04
https://docs.djangoproject.com/en/4.2/ref/models/querysets/

1.05
https://docs.djangoproject.com/en/4.2/topics/testing/tools/#django.test.Client.post
Testing tools. Recommended for any django user if you need:
(1) simulate GET and POST requests on a URL and observer response
(2) check the URL and all chain of redirects occur
(3) Test that a given request is rendered by django template (with context), which contains certain value.
There is API that only has access to the HTTP methods (e.g. RequestFactory)

1.1 https://docs.djangoproject.com/en/4.2/topics/testing/advanced/#testing-reusable-applications
Unlike the description in url, this is must-read if you plan to test out each feature you were going to build.

https://docs.djangoproject.com/en/4.2/intro/overview/
Recommended for initial setup.
https://docs.djangoproject.com/en/4.2/topics/auth/
Authentication. (users, permissions, group, config password in hash, forms and view for logging in or blocking content.) Literally all about user account feature. Try navigating other links on this page - those will guide you how to achieve your plan.

3.1 https://docs.djangoproject.com/en/4.2/topics/auth/default/#user-objects
A related link from authentication : username, password, email, first_name, last_name. And you know what these are.

3.2
https://docs.djangoproject.com/en/4.2/ref/contrib/auth/#django.contrib.auth.models.User
An API reference, for authentication part.

Learning Svelte - Intro

Ayin Kim — Sun, 02 Jul 2023 07:41:27 +0000

[This is my learning log. Some of the contents here may be incorrect.]

Abstract

Svelte is a **compiler **not a framework.
It compiles the code for production at build time into a single, vanilla, JS bundle.
No extra scripts or libraries are shipped to production.
Often results in a faster running website.

Prerequisite

knowledge of HTML&CSS, JS
Node.js v8+ must be installed.

Guide Reference
https://learn.svelte.dev/tutorial/welcome-to-svelte
https://www.youtube.com/watch?v=UGBJHYpHPvA

Note 1

just installed svelte template.
npm run dev

As a previous react user, this feels like more closer to Vanilla JS + styled components. Somehow it offers component feature. Script tag may only be used once per file. HTML base compiler like django's template? This seems intuitive.

Note 2
Component✅ (next post topic)
state management✅

https://blog.devgenius.io/state-management-in-svelte-b045213c9138

Looks like simpler than react.js. Called Svelte Context API and Svelte stores.

May use context here to let it available anywhere within an app.

import { setContext } from 'svelte'
const thisObject = {}
setContext('thisKey', thisObject)

`
To allow thisKey available in a different component within the app, import it by using the getContext function.

<script> import { getContext } from 'svelte' const thisObject = getContext('thisKey') </script>
And here may be the spot. Svelte handles state management via stores(an objects that hold a value and can let developer know when the value changes). There are 2 kinds of stores : '(1)writable' and '(2)readable' stores.

import writable from 'svelte/store'
export const city writable('millennium school club')

URLs of state management in svelte
https://blog.logrocket.com/application-state-management-svelte/
https://www.koderhq.com/tutorial/svelte/store-state-management/
https://auth0.com/blog/state-management-in-svelte-applications/