DEV Community: Bahadir Balban The latest articles on DEV Community by Bahadir Balban (@bahadirbalban). https://dev.to/bahadirbalban https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F31435%2F3892ab80-7a64-409b-91e6-3eb3619b3a0e.jpg DEV Community: Bahadir Balban https://dev.to/bahadirbalban en Introduction to RISC V and Assembly Language for Beginners Bahadir Balban Wed, 11 Mar 2020 17:40:18 +0000 https://dev.to/bahadirbalban/beginner-s-introduction-to-risc-v-and-assembly-language-1m4a https://dev.to/bahadirbalban/beginner-s-introduction-to-risc-v-and-assembly-language-1m4a <p><iframe width="710" height="399" src="https://www.youtube.com/embed/KBvAKHsHBW4"> </iframe> </p> <h2> Learn what RISC V is, and basic assembly language in 15 minutes </h2> <p>This is a gentle introduction to the RISC V open source instruction set architecture (ISA) for beginners.</p> <p>I covered how RISC V started, what the ISA is about, how assembly instructions work.</p> <p>The 15 minute session ends with a simple applied lab that you can conduct on a PC at home.</p> <p>At Tech Buzz I share quick videos and articles that get you up to speed on a new industrial subject, and enable you to build things.</p> <p>If you are interested in industrial tutorials feel free to check out <a href="https://getbuzz.io">Tech Buzz</a></p> <p>If people are interested I will produce more of this series. Join the RISCV course community <a href="https://getbuzz.io/o/introduction-to-risc-v/u/join-open-access">here</a></p> <p>Cheers!<br> Bahadir</p> riscv beginners tutorial assembly How to divide an S3 bucket with per-customer paths and enable secure file access Bahadir Balban Thu, 20 Jun 2019 23:22:01 +0000 https://dev.to/bahadirbalban/how-to-divide-an-s3-bucket-with-per-customer-paths-and-enable-secure-file-access-5d8b https://dev.to/bahadirbalban/how-to-divide-an-s3-bucket-with-per-customer-paths-and-enable-secure-file-access-5d8b <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fbuzz-prod-photos.global.ssl.fastly.net%2Fsaasbox%2Fimg%2F47f1f1fb-d3da-47bc-8438-91beac767d44" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fbuzz-prod-photos.global.ssl.fastly.net%2Fsaasbox%2Fimg%2F47f1f1fb-d3da-47bc-8438-91beac767d44" alt="One S3 box for all customers"></a></p> <h1> Summary </h1> <p>You can divide a single S3 bucket into per-customer paths, and allow those customers to control read or write access, only to their own <code>/username</code> path. You do this by giving each customer an AWS IAM user and attaching a policy that lets them only access their <code>/username</code> path.</p> <p>Customers can do accelerated uploads using signed S3 urls, and make their files available to public temporarily and securely (e.g. behind a paywall).</p> <p>Use case: You host web apps for others, whose customers sign up to their service, and download a file they purchased from your customer’s signed S3 url. The file is hosted on your S3 bucket.</p> <p>If you want to go one step further and let users make available their files for download via a CDN, it is not instantly supported by Cloudfront. This is because each user has their own keys to their <code>/username</code> path, but Cloudfront has one master key. You can’t generate a per-user Cloudfront key for a single S3 bucket the way you generate IAM keys. There is a hack for this shared below as well, or simpler: just use signed S3 urls for downloads.</p> <h1> Details </h1> <p>While building <a href="https://saasbox.net" rel="noopener noreferrer">SaaSBox</a>, I needed to create a storage hosting solution where each customer has access to their own files, for read and write. I needed a simple solution that works well for many users. I ended up with a single S3 bucket, dividing it into customer paths starting with <code>/username</code>.</p> <h2> Here is how it works: </h2> <p>Set up a single s3 bucket. Each time a new user/customer signs up, you create a new IAM user in AWS, attaching the following policy to the user:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"Version"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2012-10-17"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Statement"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Sid"</span><span class="p">:</span><span class="w"> </span><span class="s2">"AllowGroupToSeeBucketListInTheConsole"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Action"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"s3:ListAllMyBuckets"</span><span class="p">,</span><span class="w"> </span><span class="s2">"s3:GetBucketLocation"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"Effect"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Allow"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Resource"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"arn:aws:s3:::*"</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Sid"</span><span class="p">:</span><span class="w"> </span><span class="s2">"AllowRootAndHomeListingOfCompanyBucket"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Action"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"s3:ListBucket"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"Effect"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Allow"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Resource"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"arn:aws:s3:::my-s3-bucket-name"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"Condition"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"StringEquals"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"s3:prefix"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">""</span><span class="p">,</span><span class="w"> </span><span class="s2">"/"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"s3:delimiter"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"/"</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Sid"</span><span class="p">:</span><span class="w"> </span><span class="s2">"AllowListingOfUserFolder"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Action"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"s3:ListBucket"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"Effect"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Allow"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Resource"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"arn:aws:s3:::my-s3-bucket-name"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"Condition"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"StringLike"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"s3:prefix"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"${aws:username}/*"</span><span class="p">,</span><span class="w"> </span><span class="s2">"${aws:username}"</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Sid"</span><span class="p">:</span><span class="w"> </span><span class="s2">"AllowAllS3ActionsInUserFolder"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Action"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"s3:*"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"Effect"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Allow"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Resource"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"arn:aws:s3:::my-s3-bucket-name/${aws:username}/*"</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>The policy has the <code>${aws:username}</code> placeholder, which means, it applies to each IAM user with the policy attached.</p> <p><strong>TIP:</strong> Make sure to also tag IAM users when creating them so that you know these are users of your service.</p> <p><strong>NOTE:</strong> You must attach the policy to the IAM user, not the S3 Bucket.</p> <h3> Making S3 content private and only available via signed urls </h3> <p>What you want to achieve is that your S3 bucket contents are always private, except:</p> <p>When your users want to, they should be able to write to their directory.</p> <p>They should be able to make their files public for download whenever needed (in my case right after they sell them).</p> <p>You achieve this using signed urls. S3 buckets support signed urls for upload and download. Here is the code you need in order to generate signed urls:</p> <h3> S3 Signed url for reading: </h3> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="cm">/* S3 signed url for reading */</span> <span class="nx">exports</span><span class="p">.</span><span class="nx">get_file_read_presigned_url</span> <span class="o">=</span> <span class="kd">function</span><span class="p">(</span><span class="nx">fpath</span><span class="p">,</span> <span class="nx">ftype</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">url</span> <span class="o">=</span> <span class="nx">s3</span><span class="p">.</span><span class="nf">getSignedUrl</span><span class="p">(</span><span class="dl">'</span><span class="s1">getObject</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">Bucket</span><span class="p">:</span> <span class="nx">s3bucket</span><span class="p">.</span><span class="nx">url</span><span class="p">,</span> <span class="na">Key</span><span class="p">:</span> <span class="nx">fpath</span><span class="p">,</span> <span class="na">ResponseContentType</span><span class="p">:</span> <span class="nx">ftype</span> <span class="p">});</span> <span class="k">return</span> <span class="nx">url</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <h3> S3 Signed url for writing: </h3> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="cm">/* S3 signed url for uploading files */</span> <span class="nx">exports</span><span class="p">.</span><span class="nx">get_file_upload_presigned_url</span> <span class="o">=</span> <span class="kd">function</span><span class="p">(</span><span class="nx">fpath</span><span class="p">,</span> <span class="nx">ftype</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">s3bucket.url:</span><span class="dl">"</span><span class="p">,</span> <span class="nx">s3bucket</span><span class="p">.</span><span class="nx">url</span><span class="p">)</span> <span class="kd">const</span> <span class="nx">url</span> <span class="o">=</span> <span class="nx">s3</span><span class="p">.</span><span class="nf">getSignedUrl</span><span class="p">(</span><span class="dl">'</span><span class="s1">putObject</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">Bucket</span><span class="p">:</span> <span class="nx">s3bucket</span><span class="p">.</span><span class="nx">url</span><span class="p">,</span> <span class="na">Key</span><span class="p">:</span> <span class="nx">fpath</span><span class="p">,</span> <span class="na">ACL</span><span class="p">:</span> <span class="dl">'</span><span class="s1">authenticated-read</span><span class="dl">'</span><span class="p">,</span> <span class="na">ContentType</span><span class="p">:</span> <span class="nx">ftype</span> <span class="p">});</span> <span class="k">return</span> <span class="nx">url</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <h3> Using Cloudfront CDN for caching files </h3> <p>Instead of an S3 signed url for reading, ideally you should set up cloudfront on the S3 bucket and sign urls using cloudfront. Here is how you would <strong>normally</strong> achieve this <strong>for your own files</strong>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">signer</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">AWS</span><span class="p">.</span><span class="nx">CloudFront</span><span class="p">.</span><span class="nc">Signer</span><span class="p">(</span><span class="nx">s3bucket</span><span class="p">.</span><span class="nx">cf_accessKeyId</span><span class="p">,</span> <span class="nx">s3bucket</span><span class="p">.</span><span class="nx">cf_privateKey</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">twoDays</span> <span class="o">=</span> <span class="mi">2</span><span class="o">*</span><span class="mi">24</span><span class="o">*</span><span class="mi">60</span><span class="o">*</span><span class="mi">60</span><span class="o">*</span><span class="mi">1000</span> <span class="cm">/* Cloudfront signed url for reading */</span> <span class="nx">exports</span><span class="p">.</span><span class="nx">get_file_read_presigned_url</span> <span class="o">=</span> <span class="kd">function</span><span class="p">(</span><span class="nx">fpath</span><span class="p">,</span> <span class="nx">ftype</span> <span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">signedUrl</span> <span class="o">=</span> <span class="nx">signer</span><span class="p">.</span><span class="nf">getSignedUrl</span><span class="p">({</span> <span class="na">url</span><span class="p">:</span> <span class="nx">s3bucket</span><span class="p">.</span><span class="nx">cdn_url</span> <span class="o">+</span> <span class="dl">"</span><span class="s2">/</span><span class="dl">"</span> <span class="o">+</span> <span class="nx">fpath</span><span class="p">,</span> <span class="na">expires</span><span class="p">:</span> <span class="nb">Math</span><span class="p">.</span><span class="nf">floor</span><span class="p">((</span><span class="nb">Date</span><span class="p">.</span><span class="nf">now</span><span class="p">()</span> <span class="o">+</span> <span class="nx">twoDays</span><span class="p">)</span><span class="o">/</span><span class="mi">1000</span><span class="p">),</span> <span class="c1">// Unix UTC timestamp for now + 2 days</span> <span class="p">})</span> <span class="k">return</span> <span class="nx">signedUrl</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>At this point, you can do accelerated uploads to S3 by using S3 signed urls for upload, and cloudfront for making them available for read.</p> <p>However, serving files via Cloudfront signed by your customers' keys is not an immediately possible approach.</p> <h3> Fine grain access to S3 files using per-user paths by your users with Cloudfront enabled </h3> <p>This is something I wanted to achieve, e.g. if I can create IAM users with per user directory access on the S3 bucket with their own keys, I would also want to serve their files using a CDN such as cloudfront, with <em>them</em> signing the urls using their keys.</p> <p><em>Unfortunately this is not immediately supported by Cloudfront.</em> E.g. the use case is you create some master key for Cloudfront using your AWS root account and make available all files signing with your key.</p> <p>If you want your users to make available their own directory path on the S3 bucket using their own keys, it is not possible with Cloudfront, since you have 1 master key.</p> <p>The simple solution is just use S3 signed urls without cloudfront. You can serve thousands of users on a single s3 bucket!</p> <p>There is a workaround to using Cloudfront though and it is described at this link: <a href="https://advancedweb.hu/2018/11/15/s3_signed_urls_cloudfront/" rel="noopener noreferrer">How to use S3 signed urls with Cloudfront.</a></p> <h3> CloudFront Workaround </h3> <p>By nature, S3 signed urls change each time they are generated. As a result, each new url means re-caching by Cloudfront, defeating the purpose of having a cache. Therefore what you do is, you force/hack the S3 signed url generation function to generate the same url for a period of time, fixing the time element artificially to a window. E.g. for the current hour + 1 hour, tell it to generate this specific url only. This way CF can cache the url for that period.</p> <p>If you directly generate the URL via CloudFront you don’t have this problem since Cloudfront has direct access to the file.</p> <p>But yes you can do it, by fixating the generated url by S3, and re-caching the file every few hours.</p> webdev tutorial node aws Learn back-end development with Node.js and Express with this free in-depth course (2.5 hours) Bahadir Balban Fri, 15 Feb 2019 19:54:29 +0000 https://dev.to/bahadirbalban/learn-back-end-development-with-nodejs-and-express-with-this-free-in-depth-course-25-hours-22pp https://dev.to/bahadirbalban/learn-back-end-development-with-nodejs-and-express-with-this-free-in-depth-course-25-hours-22pp <p><iframe width="710" height="399" src="https://www.youtube.com/embed/mG1L7C4y2c0"> </iframe> </p> <p><a href="https://getbuzz.io/c/learning-expressjs/stories/Learn-how-to-develop-a-NodeJS-application-4007962439">This course</a>☝️ starts from scratch and shows you how to build a landing page, collect and manage sales leads developing an application using the CRUD pattern (create, update, delete). We develop an MVC style application with models, views, routes, controllers. If you are new to backend development and Nodejs this course is made for you.</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th><a href="https://getbuzz.io/c/learning-expressjs/stories/Implement-edit-update-lead-routes-6914824963"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--Ug-z9P_D--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://thepracticaldev.s3.amazonaws.com/i/ywngi0o02oapz3ipra1h.png" alt="CRUD snippet from tutorial"></a></th> </tr> </thead> <tbody> <tr> <td><em>CRUD snippet from the tutorial</em></td> </tr> </tbody> </table></div> <p>Topics covered include user sign up, login with PassportJS, installing and creating basic tables in PostgreSQL, issuing queries using the Sequelize ORM, what a middleware is and implementing user access control using middleware, form validation, how to divide your views using pug mixins and more.</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th><a href="https://getbuzz.io/c/learning-expressjs/stories/Learn-how-to-implement-form-validation-and-re-rendering-forms-with-errors-3046248441"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s---ZARRaX1--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://thepracticaldev.s3.amazonaws.com/i/8pvryfmwtn11sxg98yx8.png" alt="Implementing form validations - snippet from tutorial"></a></th> </tr> </thead> <tbody> <tr> <td><em>Implementing form validations - snippet from the tutorial</em></td> </tr> </tbody> </table></div> <h2> Tutorial site with videos split into 28 lessons </h2> <p><a href="https://getbuzz.io/c/learning-expressjs/stories/Learn-how-to-develop-a-NodeJS-application-4007962439">Here is more content about this tutorial</a>. If you liked the tutorial, join our Learning Express group free for updates, Q&amp;A, source code and more: <a href="https://getbuzz.io/o/learning-expressjs/u/join-open-access">https://getbuzz.io/o/learning-expressjs/u/join-open-access</a></p> <h2> I believe learning should be free and fast. </h2> <p>Fast as in:</p> <ul> <li>There are no enrollment hops until you reach a course. It starts immediately, online.</li> <li>Videos make their point right away. They are short and concise.</li> <li>And Fun: Learning must be fun, e.g. not solitary but a social activity.</li> </ul> <p>For these reasons I am building <a href="https://getbuzz.io/discover">Tech Buzz</a>, a site for learning tech fast and free, - now focusing on tech areas towards building an online business.</p> <h2> Update: Launching an online software service shouldn't be hard. </h2> <p>So I took this tutorial some steps further to build <a href="https://saasbox.net">SaaSBox</a>. It lets you launch an online web application / SaaS about 4 weeks faster.</p> node beginners tutorial webdev OK we have to have a title then. Bahadir Balban Tue, 10 Oct 2017 16:25:50 +0000 https://dev.to/bahadirbalban/ok-we-have-to-have-a-title-then-6kg https://dev.to/bahadirbalban/ok-we-have-to-have-a-title-then-6kg cpp