DEV Community: David The latest articles on DEV Community by David (@daviidy). https://dev.to/daviidy https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F67976%2F21c74755-166c-4d30-b776-8c6064bc387d.jpg DEV Community: David https://dev.to/daviidy en 3 Ways to Stop Feeling Like an Imposter in Tech — Even If You’re the Only One Who Looks or Sounds Different David Fri, 13 Mar 2026 12:25:30 +0000 https://dev.to/daviidy/3-ways-to-stop-feeling-like-an-imposter-in-tech-even-if-youre-the-only-one-who-looks-or-sounds-54il https://dev.to/daviidy/3-ways-to-stop-feeling-like-an-imposter-in-tech-even-if-youre-the-only-one-who-looks-or-sounds-54il <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fls653pg04hwsr8dp6l6q.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fls653pg04hwsr8dp6l6q.png" alt="EN3O5SHBUpk30DgupgOYT\_aLnCLE0j.png" width="800" height="446"></a></p> <p>I'll never forget that day. During my first job in the United States. First engineering standup.</p> <p>The team was going around the circle giving updates. One by one, everyone spoke clearly and confidently with their beautiful American accent. When it was my turn, before introducing myself, I didn't know what made me do it, but I felt the need to say something I still remember today:</p> <p><em>"I'm sorry for my accent."</em></p> <p>Later that day, my manager scheduled a 1:1 with me. And he told me something simple that is with me til this day.</p> <p>He said:</p> <p><em>"Never apologize for your accent or your background, David. Never again."</em></p> <p>I said earlier, I didn’t know what made me say that stupid thing. But now I know.</p> <p>What I was feeling had nothing to do with my engineering ability.</p> <p>It was <strong>imposter syndrome</strong>.</p> <p>As I did, many engineers experience this feeling at some point in their careers. But it becomes even more common when you are different from the majority in the room.</p> <p>Maybe it's because of your accent.\<br> Maybe it's the color of your skin.\<br> Maybe it's your background, your country, or your culture.</p> <p>You begin to feel like you don't truly belong.</p> <p>And this feeling shows up in subtle ways.</p> <p>You hesitate to speak up during meetings.</p> <p>You overthink every comment during code reviews.</p> <p>You second-guess your ideas before sharing them.</p> <p>You stay quiet when your team starts talking about cultural references you don't understand.</p> <p>You start shrinking yourself without even realizing it.</p> <p>You have 2 options generally when that happens. You keep going downhill and crash very badly: complete loss of confidence, complete isolation from the rest of the team and organization, and a PIP. Or you don’t make excuses and start attacking the real problem behind that situation.</p> <p>First, think about what imposter syndrome really costs you.</p> <p>It costs you opportunities.</p> <p>It costs you moments where you had the answer but stayed silent.</p> <p>It costs you visibility.</p> <p>It costs you energy to constantly try to perform “belonging.”</p> <p>And over time, that performance becomes exhausting.</p> <p>The worst part is that imposter syndrome doesn't just affect how you feel.</p> <p>It affects how much of your potential you actually use.</p> <p>How many ideas never get shared?</p> <p>How many leadership opportunities never happen?</p> <p>How many times do you hold back when you should have stepped forward?</p> <p>When you think about it, the real danger of imposter syndrome is not that you feel like an imposter.</p> <p>The danger is that <strong>you start acting like one</strong>. Because let me be clear with you, whatever you believe in, life will do whatever it takes to prove you right. You believe your accent is an issue; life will agree. You believe you don’t belong to this team, and life will also agree.</p> <p>But there is some good news: I once heard two powerful ideas that completely changed the way I think about imposter syndrome.</p> <p>The first comes from Professor Jeffrey Pfeffer.</p> <p>He said:</p> <p><em>"If you want to get rid of imposter syndrome, stop acting like an imposter."</em></p> <p>The second comes from Dr. David J. Schwartz, in his book “Think Big”.</p> <p><em>"To think confidently, act confidently."</em></p> <p>Those two ideas reveal something important. Confidence does not come first. <strong>Action comes first. Because action is the most powerful cure for fear.</strong> If you want to get rid of imposter syndrome, you need to start acting like someone who belongs. Speak up in meetings.</p> <p>Share your ideas.</p> <p>Ask questions.</p> <p>Walk, talk, and present yourself with confidence.</p> <p>And most importantly, start building what Dr. David Schwartz calls a <strong>positive memory bank</strong>.</p> <p>Collect small proofs that you belong.</p> <p>Your manager approves your work.</p> <p>A teammate thanking you for helping them.</p> <p>A bug you solved.</p> <p>A feature you delivered.</p> <p>A moment when someone asked for your help.</p> <p>Each one of those moments is evidence.</p> <p>Evidence that you are not an imposter.</p> <p>You're a capable engineer growing in your craft.</p> <p>Does it mean imposter syndrome ever completely disappears?</p> <p>Honestly, I don’t think so.</p> <p>Even today, I still experience it from time to time.</p> <p>And if you listen to many successful people (great speakers, leaders, founders, people who have changed industries), you’ll often hear them say the same thing: they still feel imposter syndrome from time to time.</p> <p>So the goal is not to eliminate that feeling entirely.</p> <p>The real goal is to <strong>reduce how often it controls you</strong>.</p> <p>Think of it as a constant battle.</p> <p>The more consistently you act confidently, the stronger you become.</p> <p>Over time, something interesting happens.</p> <p>That voice of doubt becomes quieter.</p> <p>It shows up less often.</p> <p>It becomes less present in your mind.</p> <p>And even when it does appear, it no longer has the same power over you.</p> <p>That’s what helped me.</p> <p>It’s why I went from creating content on a <strong>French YouTube channel</strong> to starting an <strong>English one</strong>.</p> <p>It’s the reason that even when I stutter sometimes, I still keep talking.</p> <p>I still work on my body language.</p> <p>I still keep showing up.</p> <p>And you can do the same.</p> <p>If you’re interested in working on yourself and surrounding yourself with people focused on growth, you can join my <strong><a href="https://chat.whatsapp.com/KvdnGqssKKT7mcm7AswcEn" rel="noopener noreferrer">WhatsApp community</a></strong><strong> for self-improvement</strong>.</p> <p>I believe that working on the most important container in the universe (<strong>your mind)</strong> is the catalyst for building a great career and a meaningful life.</p> <p>Feel free to join by clicking <a href="https://chat.whatsapp.com/KvdnGqssKKT7mcm7AswcEn" rel="noopener noreferrer">here</a>.</p> <p>See you in the next article.</p> career softwareengineering productivity ai Demystifying readEntity() in Java: How to Actually Read That API Response David Sat, 02 Aug 2025 19:58:17 +0000 https://dev.to/daviidy/demystifying-readentity-in-java-how-to-actually-read-that-api-response-598a https://dev.to/daviidy/demystifying-readentity-in-java-how-to-actually-read-that-api-response-598a <p>“The response is empty.”<br> “But it works in Postman…”<br> “I don’t get it—it’s a 200!”</p> <p>If you’ve ever worked with REST APIs in Java, chances are you’ve had one of those “why is my response object null” moments. Welcome to the world of readEntity().</p> <p>Let me walk you through what it is, how it works, where it bites, and how to use it the right way.</p> <h2> What is readEntity()? </h2> <p>In Java, particularly when using JAX-RS client libraries (like Jersey), you often get an API response wrapped in a Response object.</p> <p>But a Response is generic—it’s like a sealed envelope. You still need to unwrap it.</p> <p>That’s where readEntity() comes in.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="nc">Response</span> <span class="n">response</span> <span class="o">=</span> <span class="n">client</span> <span class="o">.</span><span class="na">target</span><span class="o">(</span><span class="s">"https://api.example.com/users/123"</span><span class="o">)</span> <span class="o">.</span><span class="na">request</span><span class="o">(</span><span class="nc">MediaType</span><span class="o">.</span><span class="na">APPLICATION_JSON</span><span class="o">)</span> <span class="o">.</span><span class="na">get</span><span class="o">();</span> <span class="nc">User</span> <span class="n">user</span> <span class="o">=</span> <span class="n">response</span><span class="o">.</span><span class="na">readEntity</span><span class="o">(</span><span class="nc">User</span><span class="o">.</span><span class="na">class</span><span class="o">);</span> </code></pre> </div> <p>Boom. The readEntity(User.class) method tries to deserialize the response body into a User object.</p> <p>But Here’s the Gotcha<br> If:</p> <ul> <li>Your class doesn’t match the structure of the response</li> <li>You forgot to register the right JSON provider</li> <li>Or the content-type doesn’t match what the server sends</li> </ul> <p>Then readEntity() will return null, or worse… it will silently swallow the problem.</p> <h2> Working Example </h2> <p>Let’s make this real. Suppose you’re calling an API that returns a list of products:</p> <p>🔽 API Response (JSON):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"items"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"id"</span><span class="p">:</span><span class="w"> </span><span class="mi">1</span><span class="p">,</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Laptop"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"id"</span><span class="p">:</span><span class="w"> </span><span class="mi">2</span><span class="p">,</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Keyboard"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>🧱 Java Models:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="kd">public</span> <span class="kd">class</span> <span class="nc">Product</span> <span class="o">{</span> <span class="kd">public</span> <span class="kt">int</span> <span class="n">id</span><span class="o">;</span> <span class="kd">public</span> <span class="nc">String</span> <span class="n">name</span><span class="o">;</span> <span class="o">}</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">ProductResponse</span> <span class="o">{</span> <span class="kd">public</span> <span class="nc">List</span><span class="o">&lt;</span><span class="nc">Product</span><span class="o">&gt;</span> <span class="n">items</span><span class="o">;</span> <span class="o">}</span> </code></pre> </div> <p>🚀 The Code:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="nc">Client</span> <span class="n">client</span> <span class="o">=</span> <span class="nc">ClientBuilder</span><span class="o">.</span><span class="na">newClient</span><span class="o">();</span> <span class="nc">Response</span> <span class="n">response</span> <span class="o">=</span> <span class="n">client</span> <span class="o">.</span><span class="na">target</span><span class="o">(</span><span class="s">"https://api.example.com/products"</span><span class="o">)</span> <span class="o">.</span><span class="na">request</span><span class="o">(</span><span class="nc">MediaType</span><span class="o">.</span><span class="na">APPLICATION_JSON</span><span class="o">)</span> <span class="o">.</span><span class="na">get</span><span class="o">();</span> <span class="nc">ProductResponse</span> <span class="n">productResponse</span> <span class="o">=</span> <span class="n">response</span><span class="o">.</span><span class="na">readEntity</span><span class="o">(</span><span class="nc">ProductResponse</span><span class="o">.</span><span class="na">class</span><span class="o">);</span> <span class="k">for</span> <span class="o">(</span><span class="nc">Product</span> <span class="n">p</span> <span class="o">:</span> <span class="n">productResponse</span><span class="o">.</span><span class="na">items</span><span class="o">)</span> <span class="o">{</span> <span class="nc">System</span><span class="o">.</span><span class="na">out</span><span class="o">.</span><span class="na">println</span><span class="o">(</span><span class="n">p</span><span class="o">.</span><span class="na">id</span> <span class="o">+</span> <span class="s">" - "</span> <span class="o">+</span> <span class="n">p</span><span class="o">.</span><span class="na">name</span><span class="o">);</span> <span class="o">}</span> </code></pre> </div> <h2> Important to note: </h2> <p>When readEntity() is called on a Response object to deserialize the response body into a specific Java type (e.g., response.readEntity(MyObject.class)), the JAX-RS (Java API for RESTful Web Services) framework needs to find a suitable <code>MessageBodyReader</code> capable of handling the content type of the response and converting it into the requested Java type.</p> <p>These <code>MessageBodyReader</code> implementations are registered as providers within the JAX-RS runtime environment (e.g., Jersey, RESTEasy). </p> <p>Examples of such providers include:</p> <ul> <li>JSON providers: Like Jackson or Gson, which handle the deserialization of JSON data into Java objects.</li> <li>XML providers: For handling XML data.</li> <li>Plain text providers: For simple text-based responses.</li> </ul> <p>Without a registered provider that can handle the specific media type and target Java type, calling readEntity() would result in an error like <code>MessageBodyProviderNotFoundException</code>. So the presence and proper registration of these providers are crucial for readEntity() to function correctly.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="n">client</span><span class="o">.</span><span class="na">register</span><span class="o">(</span><span class="nc">JacksonJsonProvider</span><span class="o">.</span><span class="na">class</span><span class="o">);</span> </code></pre> </div> <h2> Pro Tip from My Experience </h2> <p>If you're using readEntity() and getting an empty object or list—even though Postman shows it perfectly—print the raw body to debug, chances are that the content-type in the response differs from the one the provider is supposed to consume (JSON vs x-msgpack for example).</p> <h2> Final Thoughts </h2> <p>The readEntity() method feels like it should "just work"—and most of the time it does. But in edge cases (encoding issues, media type mismatches, incorrect models), you need to dig deeper.</p> <p>✅ Register your JSON provider<br> ✅ Double-check your response structure<br> ✅ Check that the content-type is the same across the client and the server</p> java springboot spring programming Will DeepSeek Shake OpenAI and NVIDIA? David Fri, 14 Feb 2025 17:06:23 +0000 https://dev.to/daviidy/will-deepseek-shake-openai-and-nvidia-4ngo https://dev.to/daviidy/will-deepseek-shake-openai-and-nvidia-4ngo <p>AI is moving so fast these days that every big update can feel like a roller coaster. One minute we’re celebrating, and the next we’re freaking out. DeepSeek is the latest buzzworthy name in the mix, and people can’t stop talking about whether it could shake up the likes of OpenAI’s ChatGPT and hardware champs like NVIDIA.</p> <h1> What’s DeepSeek All About? </h1> <p>DeepSeek is showing off a model called R1, which they describe as a “reasoning model.” In plain English, it’s similar to ChatGPT but with one big twist: DeepSeek says it can train this model way cheaper than OpenAI can train GPT. Rumor has it they pulled it off for around $6 million, whereas OpenAI apparently spent north of $100 million on its GPT models.</p> <p>And here’s the kicker: DeepSeek says they run it all using NVIDIA A100-series chips, which are still pretty powerful but definitely more budget-friendly compared to NVIDIA’s top-tier offerings. Even more intriguing, DeepSeek claims their approach is super memory-efficient, so they don’t need as much hardware muscle (or money) to keep things running smoothly.</p> <h1> Could DeepSeek Overtake the Big Players? </h1> <p>Short version: it’s not that simple. Yes, DeepSeek might offer cheaper and more efficient training, but raw tech is only part of what it takes to topple industry giants. Keep in mind, companies like OpenAI and Apple have built massive brand recognition, and that kind of name power doesn’t just vanish overnight.</p> <p>Think back to when the iPhone first launched. A bunch of competitors—some from China—quickly released cheaper phones with similar features. But Apple still thrived because it was the original disruptor and had a killer brand. The same could happen with AI: ChatGPT and other US-based tools got there first, captured the world’s attention, and gained trust in the process. That’s not easy to unseat.</p> <h1> Why Should You Care? </h1> <p>Every time there’s a major AI breakthrough, you’ll see new tools and models popping up all over the place. If you try to chase every single one, you’ll end up stressed and behind the curve. Instead, it’s smarter to focus on the fundamentals of AI. If you know what’s going on under the hood, you’ll have an easier time adapting to any fresh developments that come your way.</p> <p>So, yes, DeepSeek is interesting—and definitely worth watching—but don’t let the hype distract you from mastering the core skills that really matter in the long run.</p> ai softwareengineering openai chatgpt Your journey to MAANG: Understanding Arrays David Wed, 08 Jan 2025 22:33:49 +0000 https://dev.to/daviidy/your-journey-to-maang-understanding-arrays-519m https://dev.to/daviidy/your-journey-to-maang-understanding-arrays-519m <p>Arrays are one of the most fundamental data structures in computer science.<br> They are the building blocks for many more complex data structures. If you want to be good at data structures and algorithms to smash MAANG interviews, you have to understand how each data structure works. And how each one of them handles specific operations such as inserting, retrieving, and deleting.</p> <h2> The Fundamentals </h2> <p>At their core, arrays are contiguous blocks of memory that store elements in sequential order. This simple organization provides two key benefits:</p> <ol> <li>Direct access to any element through indexing</li> <li>Efficient memory usage through spatial locality</li> </ol> <h3> Memory Organization </h3> <p>Arrays operate at a very low level in the computing stack, close to machine language. When you create an array, the system allocates a continuous block of memory large enough to hold all its elements. Each element occupies a fixed amount of space, determined by the data type being stored.</p> <h2> Performance Characteristics </h2> <h3> O(1) Access Time </h3> <p>One of the most powerful features of arrays is their constant-time (O(1)) access to elements. When you request an element at index i, the computer can calculate its exact memory location using a simple formula:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>element_address = base_address + (index × element_size) </code></pre> </div> <p>This direct calculation means that accessing any element takes the same amount of time, regardless of the array's size or the element's position.</p> <h3> Cache Locality </h3> <p>Arrays excel at cache locality, providing a significant performance advantage in practice. When the CPU loads an array element from the main memory into its cache, it also loads neighboring elements. This behavior, known as spatial locality, means that subsequent accesses to nearby elements are much faster since they're already in the cache.</p> <p>Consider this practical example:</p> <ul> <li>Reading from RAM might take 100ns</li> <li>Reading from CPU cache might take 1ns</li> <li>When iterating through an array sequentially, most elements after the first will be read from the cache</li> </ul> <p>This cache-friendly behavior makes arrays particularly efficient for operations that process elements sequentially or access nearby elements frequently.</p> <h2> Dynamic Arrays </h2> <p>Modern programming languages typically implement dynamic arrays (like Java's ArrayList or Python's lists or Ruby's Array) that can grow as needed. Here's how they work:</p> <h3> Initial Capacity </h3> <p>Dynamic arrays start with a pre-allocated capacity (for example 8 or 16 elements) rather than size zero. Why? Simply to avoid frequent resizing operations during the array's early use.</p> <h3> Resizing Operations </h3> <p>When an array needs to grow beyond its current capacity:</p> <ol> <li>A new, larger block of memory is allocated (typically 2x the current size)</li> <li>Existing elements are copied to the new location</li> <li>The old memory is freed</li> </ol> <p>Even if resizing operations is expensive, its cost is amortized over many operations. So that at the end of the day we still have an average O(1) time for append operations.</p> career datastructures interview softwareengineering How to add Recaptcha to your Laravel App without a package David Mon, 02 Dec 2024 05:14:40 +0000 https://dev.to/daviidy/how-to-add-recaptcha-to-your-laravel-app-without-a-package-5mm https://dev.to/daviidy/how-to-add-recaptcha-to-your-laravel-app-without-a-package-5mm <p>Adding reCAPTCHA to your Laravel application is important to protect your forms from spam and bot attacks. In this article, I'll show you how to implement Google reCAPTCHA v2 in your Laravel authentication system.</p> <h2> Prerequisites </h2> <ul> <li>A Laravel application</li> <li>A Google reCAPTCHA v2 site key and secret key. Here is how to get it quick:</li> </ul> <p>Go to <a href="https://developers.google.com/recaptcha" rel="noopener noreferrer">https://developers.google.com/recaptcha</a> and click 'Get Started'</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F81szymtu8ntl8e2m9x84.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F81szymtu8ntl8e2m9x84.png" alt=" " width="800" height="501"></a></p> <p>Enter your app information, choose the v2 -&gt; 'Not a robot' option and click 'Submit'.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2qmlcetkkowgr21oap5k.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2qmlcetkkowgr21oap5k.png" alt=" " width="800" height="586"></a></p> <p>You will see the site and secret keys. Or you can access it in your console at <a href="https://console.cloud.google.com/security/recaptcha" rel="noopener noreferrer">https://console.cloud.google.com/security/recaptcha</a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgbgmm8lj013rhh02n9mi.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgbgmm8lj013rhh02n9mi.png" alt=" " width="775" height="282"></a></p> <p>If you want to know the difference between the v3 and the v2 options, ask Google ;)</p> <h2> Step 1: Configure reCAPTCHA Keys </h2> <p>First, add your reCAPTCHA configuration to your <code>.env</code> file:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>RECAPTCHA_SITE_KEY=your_site_key_here RECAPTCHA_SECRET_KEY=your_secret_key_here </code></pre> </div> <p>Create a new config file <code>config/captcha.php</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="cp">&lt;?php</span> <span class="k">return</span> <span class="p">[</span> <span class="s1">'sitekey'</span> <span class="o">=&gt;</span> <span class="nf">env</span><span class="p">(</span><span class="s1">'RECAPTCHA_SITE_KEY'</span><span class="p">),</span> <span class="s1">'secret'</span> <span class="o">=&gt;</span> <span class="nf">env</span><span class="p">(</span><span class="s1">'RECAPTCHA_SECRET_KEY'</span><span class="p">),</span> <span class="p">];</span> </code></pre> </div> <h2> Step 2: Create a Validation Trait </h2> <p>Create a new trait to handle reCAPTCHA validation:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="cp">&lt;?php</span> <span class="kn">namespace</span> <span class="nn">App\Traits</span><span class="p">;</span> <span class="kn">use</span> <span class="nc">Illuminate\Support\Facades\Http</span><span class="p">;</span> <span class="kn">use</span> <span class="nc">Illuminate\Validation\ValidationException</span><span class="p">;</span> <span class="kd">trait</span> <span class="nc">RecaptchaValidation</span> <span class="p">{</span> <span class="cd">/** * Validate reCAPTCHA token for a specific action * * @param string $token * @param string $action * @return bool * @throws ValidationException */</span> <span class="k">protected</span> <span class="k">function</span> <span class="n">validateRecaptcha</span><span class="p">(</span><span class="kt">string</span> <span class="nv">$token</span><span class="p">,</span> <span class="kt">string</span> <span class="nv">$action</span> <span class="o">=</span> <span class="s1">'DEFAULT'</span><span class="p">):</span> <span class="kt">bool</span> <span class="p">{</span> <span class="c1">// Retrieve environment variables for Google Cloud Project ID and reCAPTCHA Site Key</span> <span class="nv">$recaptchaKey</span> <span class="o">=</span> <span class="nf">config</span><span class="p">(</span><span class="s1">'captcha.sitekey'</span><span class="p">);</span> <span class="nv">$project</span> <span class="o">=</span> <span class="nf">config</span><span class="p">(</span><span class="s1">'services.google.project_id'</span><span class="p">);</span> <span class="c1">// Create the reCAPTCHA client and project name</span> <span class="nv">$options</span> <span class="o">=</span> <span class="p">[</span> <span class="s1">'credentials'</span> <span class="o">=&gt;</span> <span class="nf">config</span><span class="p">(</span><span class="s1">'services.google.service_account_credentials'</span><span class="p">),</span> <span class="p">];</span> <span class="k">try</span> <span class="p">{</span> <span class="nv">$client</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">RecaptchaEnterpriseServiceClient</span><span class="p">(</span><span class="nv">$options</span><span class="p">);</span> <span class="nv">$projectName</span> <span class="o">=</span> <span class="nv">$client</span><span class="o">-&gt;</span><span class="nf">projectName</span><span class="p">(</span><span class="nv">$project</span><span class="p">);</span> <span class="c1">// Set the event for the reCAPTCHA assessment</span> <span class="nv">$event</span> <span class="o">=</span> <span class="p">(</span><span class="k">new</span> <span class="nc">Event</span><span class="p">())</span> <span class="o">-&gt;</span><span class="nf">setSiteKey</span><span class="p">(</span><span class="nv">$recaptchaKey</span><span class="p">)</span> <span class="o">-&gt;</span><span class="nf">setToken</span><span class="p">(</span><span class="nv">$token</span><span class="p">);</span> <span class="c1">// Create the assessment</span> <span class="nv">$assessment</span> <span class="o">=</span> <span class="p">(</span><span class="k">new</span> <span class="nc">\Google\Cloud\RecaptchaEnterprise\V1\Assessment</span><span class="p">())</span> <span class="o">-&gt;</span><span class="nf">setEvent</span><span class="p">(</span><span class="nv">$event</span><span class="p">);</span> <span class="nv">$response</span> <span class="o">=</span> <span class="nv">$client</span><span class="o">-&gt;</span><span class="nf">createAssessment</span><span class="p">(</span><span class="nv">$projectName</span><span class="p">,</span> <span class="nv">$assessment</span><span class="p">);</span> <span class="c1">// Check if the token is valid</span> <span class="k">if</span> <span class="p">(</span><span class="o">!</span><span class="nv">$response</span><span class="o">-&gt;</span><span class="nf">getTokenProperties</span><span class="p">()</span><span class="o">-&gt;</span><span class="nf">getValid</span><span class="p">())</span> <span class="p">{</span> <span class="nv">$invalidReason</span> <span class="o">=</span> <span class="nc">InvalidReason</span><span class="o">::</span><span class="nf">name</span><span class="p">(</span><span class="nv">$response</span><span class="o">-&gt;</span><span class="nf">getTokenProperties</span><span class="p">()</span><span class="o">-&gt;</span><span class="nf">getInvalidReason</span><span class="p">());</span> <span class="nc">Log</span><span class="o">::</span><span class="nf">error</span><span class="p">(</span><span class="s2">"reCAPTCHA token invalid: </span><span class="nv">$invalidReason</span><span class="s2">"</span><span class="p">);</span> <span class="k">return</span> <span class="kc">false</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// Check if the action matches the expected action</span> <span class="k">if</span> <span class="p">(</span><span class="nv">$response</span><span class="o">-&gt;</span><span class="nf">getTokenProperties</span><span class="p">()</span><span class="o">-&gt;</span><span class="nf">getAction</span><span class="p">()</span> <span class="o">!==</span> <span class="nv">$action</span><span class="p">)</span> <span class="p">{</span> <span class="nc">Log</span><span class="o">::</span><span class="nf">error</span><span class="p">(</span><span class="s2">"reCAPTCHA action mismatch. Action: </span><span class="nv">$action</span><span class="s2"> and expected action: "</span> <span class="mf">.</span> <span class="nv">$response</span><span class="o">-&gt;</span><span class="nf">getTokenProperties</span><span class="p">()</span><span class="o">-&gt;</span><span class="nf">getAction</span><span class="p">());</span> <span class="k">return</span> <span class="kc">false</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// Check the risk score</span> <span class="nv">$riskScore</span> <span class="o">=</span> <span class="nv">$response</span><span class="o">-&gt;</span><span class="nf">getRiskAnalysis</span><span class="p">()</span><span class="o">-&gt;</span><span class="nf">getScore</span><span class="p">();</span> <span class="nc">Log</span><span class="o">::</span><span class="nf">info</span><span class="p">(</span><span class="s2">"reCAPTCHA risk score for </span><span class="si">{</span><span class="nv">$action</span><span class="si">}</span><span class="s2">: </span><span class="si">{</span><span class="nv">$riskScore</span><span class="si">}</span><span class="s2">"</span><span class="p">);</span> <span class="k">return</span> <span class="nv">$riskScore</span> <span class="o">&gt;=</span> <span class="nf">config</span><span class="p">(</span><span class="s1">'app.recaptcha.threshold'</span><span class="p">);</span> <span class="p">}</span> <span class="k">catch</span> <span class="p">(</span><span class="nc">\Exception</span> <span class="nv">$e</span><span class="p">)</span> <span class="p">{</span> <span class="nc">Log</span><span class="o">::</span><span class="nf">error</span><span class="p">(</span><span class="s2">"reCAPTCHA assessment failed for </span><span class="si">{</span><span class="nv">$action</span><span class="si">}</span><span class="s2">: "</span> <span class="mf">.</span> <span class="nv">$e</span><span class="o">-&gt;</span><span class="nf">getMessage</span><span class="p">());</span> <span class="k">return</span> <span class="kc">false</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="cd">/** * Validate reCAPTCHA token and throw exception if invalid * * @param string $token * @param string $action * @throws ValidationException */</span> <span class="k">protected</span> <span class="k">function</span> <span class="n">validateRecaptchaOrFail</span><span class="p">(</span><span class="kt">string</span> <span class="nv">$token</span><span class="p">,</span> <span class="kt">string</span> <span class="nv">$action</span> <span class="o">=</span> <span class="s1">'DEFAULT'</span><span class="p">):</span> <span class="kt">void</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="o">!</span><span class="nv">$this</span><span class="o">-&gt;</span><span class="nf">validateRecaptcha</span><span class="p">(</span><span class="nv">$token</span><span class="p">,</span> <span class="nv">$action</span><span class="p">))</span> <span class="p">{</span> <span class="k">throw</span> <span class="nc">ValidationException</span><span class="o">::</span><span class="nf">withMessages</span><span class="p">([</span> <span class="s1">'g-recaptcha-response'</span> <span class="o">=&gt;</span> <span class="p">[</span><span class="s1">'reCAPTCHA verification failed.'</span><span class="p">],</span> <span class="p">]);</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h2> Step 3: Add reCAPTCHA to Your Views </h2> <p>Add the reCAPTCHA script to your layout file (e.g., <code>layouts/auth.blade.php</code>):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight html"><code><span class="cp">&lt;!DOCTYPE html&gt;</span> <span class="nt">&lt;html&gt;</span> <span class="nt">&lt;head&gt;</span> <span class="c">&lt;!-- Other head elements --&gt;</span> <span class="nt">&lt;script </span><span class="na">src=</span><span class="s">"https://www.google.com/recaptcha/enterprise.js"</span> <span class="na">async</span> <span class="na">defer</span><span class="nt">&gt;&lt;/script&gt;</span> <span class="nt">&lt;/head&gt;</span> <span class="nt">&lt;body&gt;</span> @yield('content') <span class="nt">&lt;/body&gt;</span> <span class="nt">&lt;/html&gt;</span> </code></pre> </div> <p>Add the reCAPTCHA widget to your login form (<code>login.blade.php</code>):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight html"><code><span class="nt">&lt;form</span> <span class="na">method=</span><span class="s">"POST"</span> <span class="na">action=</span><span class="s">"{{ route('login') }}"</span><span class="nt">&gt;</span> @csrf <span class="c">&lt;!-- Email and password fields --&gt;</span> <span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">"form-group mt-4"</span><span class="nt">&gt;</span> @error('g-recaptcha-response') <span class="nt">&lt;span</span> <span class="na">class=</span><span class="s">"text-danger"</span><span class="nt">&gt;</span>{{ $message }}<span class="nt">&lt;/span&gt;</span> @enderror <span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">"g-recaptcha"</span> <span class="na">data-sitekey=</span><span class="s">"{{ config('captcha.sitekey') }}"</span> <span class="na">data-action=</span><span class="s">"LOGIN"</span><span class="nt">&gt;&lt;/div&gt;</span> <span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;button</span> <span class="na">type=</span><span class="s">"submit"</span> <span class="na">class=</span><span class="s">"btn btn-primary"</span><span class="nt">&gt;</span> {{ trans('menu.login') }} <span class="nt">&lt;/button&gt;</span> <span class="nt">&lt;/form&gt;</span> </code></pre> </div> <p>And to your registration form (<code>register.blade.php</code>):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight html"><code><span class="nt">&lt;form</span> <span class="na">method=</span><span class="s">"POST"</span> <span class="na">action=</span><span class="s">"{{ route('register') }}"</span><span class="nt">&gt;</span> @csrf <span class="c">&lt;!-- Name, email, and password fields --&gt;</span> <span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">"form-group mt-4"</span><span class="nt">&gt;</span> @error('g-recaptcha-response') <span class="nt">&lt;span</span> <span class="na">class=</span><span class="s">"text-danger"</span><span class="nt">&gt;</span>{{ $message }}<span class="nt">&lt;/span&gt;</span> @enderror <span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">"g-recaptcha"</span> <span class="na">data-sitekey=</span><span class="s">"{{ config('captcha.sitekey') }}"</span> <span class="na">data-action=</span><span class="s">"REGISTER"</span><span class="nt">&gt;&lt;/div&gt;</span> <span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;button</span> <span class="na">type=</span><span class="s">"submit"</span> <span class="na">class=</span><span class="s">"btn btn-primary"</span><span class="nt">&gt;</span> {{ trans('menu.sign_up') }} <span class="nt">&lt;/button&gt;</span> <span class="nt">&lt;/form&gt;</span> </code></pre> </div> <h2> Step 4: Update Controllers </h2> <p>Modify your <code>LoginController.php</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="kn">use</span> <span class="nc">App\Traits\RecaptchaValidation</span><span class="p">;</span> <span class="kd">class</span> <span class="nc">LoginController</span> <span class="kd">extends</span> <span class="nc">Controller</span> <span class="p">{</span> <span class="kn">use</span> <span class="nc">RecaptchaValidation</span><span class="p">;</span> <span class="k">public</span> <span class="k">function</span> <span class="n">login</span><span class="p">(</span><span class="kt">Request</span> <span class="nv">$request</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Validate login credentials and reCAPTCHA token</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="nf">validateLogin</span><span class="p">(</span><span class="nv">$request</span><span class="p">);</span> <span class="nv">$request</span><span class="o">-&gt;</span><span class="nf">validate</span><span class="p">([</span> <span class="s1">'g-recaptcha-response'</span> <span class="o">=&gt;</span> <span class="s1">'required|string'</span><span class="p">,</span> <span class="p">]);</span> <span class="c1">// Validate reCAPTCHA</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="nf">validateRecaptchaOrFail</span><span class="p">(</span> <span class="nv">$request</span><span class="o">-&gt;</span><span class="nf">input</span><span class="p">(</span><span class="s1">'g-recaptcha-response'</span><span class="p">),</span> <span class="s1">'LOGIN'</span> <span class="p">);</span> <span class="c1">// Continue with login logic</span> <span class="k">if</span> <span class="p">(</span><span class="nv">$this</span><span class="o">-&gt;</span><span class="nf">attemptLogin</span><span class="p">(</span><span class="nv">$request</span><span class="p">))</span> <span class="p">{</span> <span class="k">return</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="nf">sendLoginResponse</span><span class="p">(</span><span class="nv">$request</span><span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="nf">sendFailedLoginResponse</span><span class="p">(</span><span class="nv">$request</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>And your <code>RegisterController.php</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="kn">use</span> <span class="nc">App\Traits\RecaptchaValidation</span><span class="p">;</span> <span class="kd">class</span> <span class="nc">RegisterController</span> <span class="kd">extends</span> <span class="nc">Controller</span> <span class="p">{</span> <span class="kn">use</span> <span class="nc">RecaptchaValidation</span><span class="p">;</span> <span class="k">protected</span> <span class="k">function</span> <span class="n">validator</span><span class="p">(</span><span class="kt">array</span> <span class="nv">$data</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nc">Validator</span><span class="o">::</span><span class="nf">make</span><span class="p">(</span><span class="nv">$data</span><span class="p">,</span> <span class="p">[</span> <span class="s1">'name'</span> <span class="o">=&gt;</span> <span class="p">[</span><span class="s1">'required'</span><span class="p">,</span> <span class="s1">'string'</span><span class="p">,</span> <span class="s1">'max:255'</span><span class="p">],</span> <span class="s1">'email'</span> <span class="o">=&gt;</span> <span class="p">[</span><span class="s1">'required'</span><span class="p">,</span> <span class="s1">'string'</span><span class="p">,</span> <span class="s1">'email'</span><span class="p">,</span> <span class="s1">'max:255'</span><span class="p">,</span> <span class="s1">'unique:users'</span><span class="p">],</span> <span class="s1">'password'</span> <span class="o">=&gt;</span> <span class="p">[</span><span class="s1">'required'</span><span class="p">,</span> <span class="s1">'string'</span><span class="p">,</span> <span class="s1">'min:8'</span><span class="p">,</span> <span class="s1">'confirmed'</span><span class="p">],</span> <span class="s1">'g-recaptcha-response'</span> <span class="o">=&gt;</span> <span class="p">[</span><span class="s1">'required'</span><span class="p">,</span> <span class="s1">'string'</span><span class="p">],</span> <span class="p">]);</span> <span class="p">}</span> <span class="k">public</span> <span class="k">function</span> <span class="n">register</span><span class="p">(</span><span class="kt">Request</span> <span class="nv">$request</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="nf">validator</span><span class="p">(</span><span class="nv">$request</span><span class="o">-&gt;</span><span class="nf">all</span><span class="p">())</span><span class="o">-&gt;</span><span class="nf">validate</span><span class="p">();</span> <span class="c1">// Validate reCAPTCHA before registration</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="nf">validateRecaptchaOrFail</span><span class="p">(</span> <span class="nv">$request</span><span class="o">-&gt;</span><span class="nf">input</span><span class="p">(</span><span class="s1">'g-recaptcha-response'</span><span class="p">),</span> <span class="s1">'REGISTER'</span> <span class="p">);</span> <span class="nf">event</span><span class="p">(</span><span class="k">new</span> <span class="nc">Registered</span><span class="p">(</span><span class="nv">$user</span> <span class="o">=</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="nf">create</span><span class="p">(</span><span class="nv">$request</span><span class="o">-&gt;</span><span class="nf">all</span><span class="p">())));</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="nf">guard</span><span class="p">()</span><span class="o">-&gt;</span><span class="nf">login</span><span class="p">(</span><span class="nv">$user</span><span class="p">);</span> <span class="k">return</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="nf">registered</span><span class="p">(</span><span class="nv">$request</span><span class="p">,</span> <span class="nv">$user</span><span class="p">)</span> <span class="o">?:</span> <span class="nf">redirect</span><span class="p">(</span><span class="nv">$this</span><span class="o">-&gt;</span><span class="nf">redirectPath</span><span class="p">());</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Et voila! You're welcome.</p> <p>Any thoughts or feedback on this?<br> Let me know in the comments.</p> One thing you need to know about Time testing in Rails David Thu, 28 Nov 2024 18:39:02 +0000 https://dev.to/daviidy/one-thing-you-need-to-know-about-time-testing-in-rails-2dhi https://dev.to/daviidy/one-thing-you-need-to-know-about-time-testing-in-rails-2dhi <p>Let's say for example that you have an Event model with a start_time and end_time attributes.<br> We also have an override method on <code>start_time</code> to default it from end_time.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="k">class</span> <span class="nc">Event</span> <span class="o">&lt;</span> <span class="no">ApplicationRecord</span> <span class="k">def</span> <span class="nf">start_time</span> <span class="k">super</span> <span class="o">||</span> <span class="n">end_time</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <p>Consider this simple RSpec test:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="n">it</span> <span class="s1">'compares times correctly'</span> <span class="k">do</span> <span class="n">expect</span><span class="p">(</span><span class="no">Event</span><span class="p">.</span><span class="nf">new</span><span class="p">(</span><span class="ss">end_time: </span><span class="no">Time</span><span class="p">.</span><span class="nf">now</span><span class="p">).</span><span class="nf">start_time</span><span class="p">).</span><span class="nf">to</span> <span class="n">eq</span><span class="p">(</span><span class="no">Time</span><span class="p">.</span><span class="nf">now</span><span class="p">)</span> <span class="k">end</span> </code></pre> </div> <p>This test fails. Why? You got it, it's because there are two different moments in time.<br> One way to fix it is to use variables. Like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="n">it</span> <span class="s1">'compares times correctly'</span> <span class="k">do</span> <span class="n">current_time</span> <span class="o">=</span> <span class="no">Time</span><span class="p">.</span><span class="nf">now</span> <span class="n">expect</span><span class="p">(</span><span class="no">Event</span><span class="p">.</span><span class="nf">new</span><span class="p">(</span><span class="ss">end_time: </span><span class="n">current_time</span><span class="p">).</span><span class="nf">start_time</span><span class="p">).</span><span class="nf">to</span> <span class="n">eq</span><span class="p">(</span><span class="n">current_time</span><span class="p">)</span> <span class="k">end</span> </code></pre> </div> <p>But let's dig deeper. Let's say we have this:</p> <p>When we debug:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="n">current_time</span> <span class="o">=</span> <span class="no">Time</span><span class="p">.</span><span class="nf">now</span> <span class="nb">print</span> <span class="n">current_time</span> <span class="c1"># =&gt; 2024-11-28 12:06:25 -0600</span> <span class="nb">print</span> <span class="no">Event</span><span class="p">.</span><span class="nf">new</span><span class="p">(</span><span class="ss">end_time: </span><span class="n">current_time</span><span class="p">).</span><span class="nf">start_time</span> <span class="c1"># =&gt; 2024-11-28 18:06:25 UTC</span> </code></pre> </div> <p>This spec passes even though both time are different. Why?<br> Here is why: when RSpec compares times with eq, it compares the <em>actual</em> moments in time, not their string representations or timezone formats.<br> So <code>2024-11-28 12:06:25 -0600</code>and <code>2024-11-28 18:06:25 UTC</code> will be equal.</p> <h2> The Ultimate Lesson </h2> <p>When working with time in Rails:</p> <ol> <li>Remember ActiveRecord converts to UTC automatically</li> <li>Store time instances in variables for comparisons</li> <li>Times are equal if they represent the same moment, regardless of timezone</li> </ol> <p>Any thoughts or feedback on this?<br> Let me know in the comments. </p> rails ruby testing programming 6 steps to deploy your React Next.js app with Github pages David Fri, 11 Oct 2024 19:00:34 +0000 https://dev.to/daviidy/6-steps-to-deploy-your-react-nextjs-app-with-github-pages-33ck https://dev.to/daviidy/6-steps-to-deploy-your-react-nextjs-app-with-github-pages-33ck <p>Deploying a Next.js app to GitHub Pages can be a bit tricky due to the static nature of GitHub Pages and the dynamic features of Next.js. In this article, I'll walk you through the steps to successfully deploy do it.</p> <p><strong>Prerequisites</strong></p> <ul> <li>A GitHub account</li> <li>Node.js and npm installed on your machine</li> <li>A Next.js project ready to deploy</li> </ul> <p><strong>Step 1: Install gh-pages</strong></p> <p><code>npm install gh-pages --save-dev</code></p> <p><strong>Step 2: Update next.config.mjs</strong></p> <p>Next, you need to update your next.config.js (or next.config.mjs) file to handle the base path and asset prefix correctly.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">isProd</span> <span class="o">=</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">NODE_ENV</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">production</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">nextConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="na">reactStrictMode</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">images</span><span class="p">:</span> <span class="p">{</span> <span class="na">unoptimized</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="c1">// Disable default image optimization</span> <span class="p">},</span> <span class="na">assetPrefix</span><span class="p">:</span> <span class="nx">isProd</span> <span class="p">?</span> <span class="dl">'</span><span class="s1">/your-repository-name/</span><span class="dl">'</span> <span class="p">:</span> <span class="dl">''</span><span class="p">,</span> <span class="na">basePath</span><span class="p">:</span> <span class="nx">isProd</span> <span class="p">?</span> <span class="dl">'</span><span class="s1">/your-repository-name</span><span class="dl">'</span> <span class="p">:</span> <span class="dl">''</span><span class="p">,</span> <span class="na">output</span><span class="p">:</span> <span class="dl">'</span><span class="s1">export</span><span class="dl">'</span> <span class="p">};</span> <span class="k">export</span> <span class="k">default</span> <span class="nx">nextConfig</span><span class="p">;</span> </code></pre> </div> <p><code>isProd</code> checks if the NODE_ENV environment variable is set to 'production'. If it is, isProd will be true; otherwise, it will be false.<br> Conditional <a href="https://nextjs.org/docs/app/api-reference/next-config-js/assetPrefix" rel="noopener noreferrer">assetPrefix</a> and <a href="https://nextjs.org/docs/app/api-reference/next-config-js/basePath" rel="noopener noreferrer">basePath</a> are set to your repository name only if isProd is true. Otherwise, they are set to an empty string for local development.<br> The <code>images.unoptimized</code> option is set to true to disable the default image optimization, which is not compatible with static exports.</p> <p><strong>Step 3: Update package.json</strong></p> <p>Update your package.json to include the homepage field and the deploy scripts.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="dl">"</span><span class="s2">homepage</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">https://&lt;your-github-username&gt;.github.io/&lt;your-repo-name&gt;</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">private</span><span class="dl">"</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="dl">"</span><span class="s2">scripts</span><span class="dl">"</span><span class="p">:</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">dev</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">next dev</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">build</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">next build</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">start</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">next start</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">lint</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">next lint</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">predeploy</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">npm run build</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">deploy</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">gh-pages -d out</span><span class="dl">"</span> <span class="p">},</span> </code></pre> </div> <p>Replace and with your GitHub username and repository name.</p> <p><strong>Step 4: Deploy Your App</strong></p> <p>Run <code>npm run predeploy</code> and <code>npm run deploy</code></p> <p>These commands will:</p> <ul> <li>Build your project.</li> <li>Export it to the out directory.</li> <li>Deploy it to the gh-pages branch on GitHub. Push your work to your GitHub branch before the next step</li> </ul> <p><strong>Step 5: Configure GitHub Pages</strong></p> <p>Go to your repository on GitHub.<br> Navigate to Settings &gt; Pages.<br> Under Source, select the gh-pages branch.<br> Save the settings.<br> Add manually the .nojekyll file at the root of the gh-pages branch on GitHub. Learn more about this <a href="https://github.com/vercel/next.js/discussions/33751" rel="noopener noreferrer">here</a>.</p> <p><strong>Step 6: Verify Deployment</strong></p> <p>After deploying, open your GitHub Pages URL (e.g., https://.github.io/) to verify that your app is live.</p> <p>And voila!</p> <p>Feel free to leave any questions or comments below. Happy coding!</p> nextjs javascript react webdev How to implement Token-Based Authentication and Authorization in Rails David Thu, 30 Nov 2023 06:16:47 +0000 https://dev.to/daviidy/how-to-implement-authentication-and-authorization-api-in-rails-51nj https://dev.to/daviidy/how-to-implement-authentication-and-authorization-api-in-rails-51nj <p>"Technologies change, but the basics are the same". That's what my mentor told me years ago when I asked him how I could be a great software engineer. And it's so true especially when it comes to securing an API with a token-based authentication. No matter the framework you use (Spring, Rails, Laravel, etc.), the principle is the same. So in this blog post, we will discuss how to implement it successfully in your Rails application.</p> <h2> The project: </h2> <p>We want to create a backend API for an app like <a href="https://www.hackerrank.com/" rel="noopener noreferrer">Hackerrank</a>.<br> Here is the Database Design and Entity-Relationship Diagram (ERD) for the API.</p> <p>For the entities, we have:<br> - Users<br> - Challenges (Programming questions)<br> - Submissions (User solutions to challenges)<br> - Categories (Challenge categories)<br> - Comments (User comments on challenges)<br> - Ratings (User ratings for challenges)<br> - Test Cases (Input and expected output for challenges)</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fs00w7deqg0n3pgyia5vv.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fs00w7deqg0n3pgyia5vv.png" alt=" " width="800" height="523"></a></p> <p>Here are some relationships from the diagram above:<br> - A User has many Submissions.<br> - A Challenge belongs to a Category.<br> - A Challenge has many Test Cases.<br> - Only admins can create, update, or delete challenges, submissions, categories, or test cases.</p> <p>Now, let's focus on implementing the authentication and authorization for our API. I assume you already know how to install a rails application focused on an API implementation, how to generate controllers and models.<br> We will go with the basic MVC architecture provided by Rails.</p> <h2> Install the necessary gems </h2> <ul> <li>Add this to your <code>Gemfile</code>: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="n">gem</span> <span class="s1">'bcrypt'</span> <span class="c1"># For hashing passwords</span> <span class="n">gem</span> <span class="s1">'jwt'</span> <span class="c1"># For JWT authentication</span> </code></pre> </div> <p><code>bcrypt</code> will be used for password-hashing.<br> <code>jwt</code> will be used to successfully log the user in and handle authorization.</p> <ul> <li>Create a <code>secret_key_generator</code> file in your <code>initializers</code> folder and paste this: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># config/initializers/secret_key_generator.rb</span> <span class="c1"># Require the SecureRandom module</span> <span class="nb">require</span> <span class="s1">'securerandom'</span> <span class="c1"># Generate a random secret key</span> <span class="n">secret_key</span> <span class="o">=</span> <span class="no">SecureRandom</span><span class="p">.</span><span class="nf">hex</span><span class="p">(</span><span class="mi">32</span><span class="p">)</span> <span class="c1"># Adjust the size as needed (e.g., 64 characters for a 256-bit key)</span> <span class="c1"># Set the secret key as an environment variable</span> <span class="no">ENV</span><span class="p">[</span><span class="s1">'APP_SECRET_KEY'</span><span class="p">]</span> <span class="o">=</span> <span class="n">secret_key</span> </code></pre> </div> <p>Initializers are executed when the Rails application boots. In our case, this initializer generates a random secret key using SecureRandom and sets it as an environment variable (APP_SECRET_KEY). We will use it to decode JWT tokens.</p> <h2> Create the models and migration files </h2> <ul> <li>User </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="k">class</span> <span class="nc">User</span> <span class="o">&lt;</span> <span class="no">ApplicationRecord</span> <span class="n">enum</span> <span class="ss">role: </span><span class="p">{</span> <span class="ss">default: </span><span class="mi">0</span><span class="p">,</span> <span class="ss">admin: </span><span class="mi">1</span> <span class="p">}</span> <span class="n">validates</span> <span class="ss">:name</span><span class="p">,</span> <span class="ss">presence: </span><span class="kp">true</span> <span class="n">validates</span> <span class="ss">:email</span><span class="p">,</span> <span class="ss">presence: </span><span class="kp">true</span> <span class="n">validates_uniqueness_of</span> <span class="ss">:email</span> <span class="n">validates</span> <span class="ss">:password</span><span class="p">,</span> <span class="ss">presence: </span><span class="kp">true</span><span class="p">,</span> <span class="ss">length: </span><span class="p">{</span> <span class="ss">minimum: </span><span class="mi">6</span> <span class="p">}</span> <span class="n">has_secure_password</span> <span class="k">def</span> <span class="nf">admin?</span> <span class="n">role</span> <span class="o">==</span> <span class="s1">'admin'</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="k">class</span> <span class="nc">CreateUsers</span> <span class="o">&lt;</span> <span class="no">ActiveRecord</span><span class="o">::</span><span class="no">Migration</span><span class="p">[</span><span class="mf">7.1</span><span class="p">]</span> <span class="k">def</span> <span class="nf">change</span> <span class="n">create_table</span> <span class="ss">:users</span> <span class="k">do</span> <span class="o">|</span><span class="n">t</span><span class="o">|</span> <span class="n">t</span><span class="p">.</span><span class="nf">string</span> <span class="ss">:name</span> <span class="n">t</span><span class="p">.</span><span class="nf">string</span> <span class="ss">:email</span> <span class="n">t</span><span class="p">.</span><span class="nf">string</span> <span class="ss">:password_digest</span> <span class="n">t</span><span class="p">.</span><span class="nf">integer</span> <span class="ss">:role</span> <span class="n">t</span><span class="p">.</span><span class="nf">timestamps</span> <span class="k">end</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <ul> <li>Category </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="k">class</span> <span class="nc">Category</span> <span class="o">&lt;</span> <span class="no">ApplicationRecord</span> <span class="n">validates</span> <span class="ss">:title</span><span class="p">,</span> <span class="ss">presence: </span><span class="kp">true</span> <span class="n">validates</span> <span class="ss">:description</span><span class="p">,</span> <span class="ss">allow_blank: </span><span class="kp">true</span> <span class="n">has_many</span> <span class="ss">:challenge_categories</span> <span class="n">has_many</span> <span class="ss">:challenges</span><span class="p">,</span> <span class="ss">through: :challenge_categories</span> <span class="k">end</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="k">class</span> <span class="nc">CreateCategories</span> <span class="o">&lt;</span> <span class="no">ActiveRecord</span><span class="o">::</span><span class="no">Migration</span><span class="p">[</span><span class="mf">7.1</span><span class="p">]</span> <span class="k">def</span> <span class="nf">change</span> <span class="n">create_table</span> <span class="ss">:categories</span> <span class="k">do</span> <span class="o">|</span><span class="n">t</span><span class="o">|</span> <span class="n">t</span><span class="p">.</span><span class="nf">string</span> <span class="ss">:title</span> <span class="n">t</span><span class="p">.</span><span class="nf">text</span> <span class="ss">:description</span><span class="p">,</span> <span class="ss">:null</span> <span class="o">=&gt;</span> <span class="kp">true</span> <span class="n">t</span><span class="p">.</span><span class="nf">timestamps</span> <span class="k">end</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <ul> <li>Challenge </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="k">class</span> <span class="nc">Challenge</span> <span class="o">&lt;</span> <span class="no">ApplicationRecord</span> <span class="n">validates</span> <span class="ss">:title</span><span class="p">,</span> <span class="ss">presence: </span><span class="kp">true</span> <span class="n">validates</span> <span class="ss">:description</span><span class="p">,</span> <span class="ss">presence: </span><span class="kp">true</span> <span class="n">has_many</span> <span class="ss">:challenge_categories</span> <span class="n">has_many</span> <span class="ss">:categories</span><span class="p">,</span> <span class="ss">through: :challenge_categories</span> <span class="k">end</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="k">class</span> <span class="nc">CreateChallenges</span> <span class="o">&lt;</span> <span class="no">ActiveRecord</span><span class="o">::</span><span class="no">Migration</span><span class="p">[</span><span class="mf">7.1</span><span class="p">]</span> <span class="k">def</span> <span class="nf">change</span> <span class="n">create_table</span> <span class="ss">:challenges</span> <span class="k">do</span> <span class="o">|</span><span class="n">t</span><span class="o">|</span> <span class="n">t</span><span class="p">.</span><span class="nf">string</span> <span class="ss">:title</span> <span class="n">t</span><span class="p">.</span><span class="nf">text</span> <span class="ss">:description</span> <span class="n">t</span><span class="p">.</span><span class="nf">timestamps</span> <span class="k">end</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <p>And since there is a many-to-many relationship between Challenge and Category, let's add the pivot table:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="k">class</span> <span class="nc">CreateChallengeCategories</span> <span class="o">&lt;</span> <span class="no">ActiveRecord</span><span class="o">::</span><span class="no">Migration</span><span class="p">[</span><span class="mf">7.1</span><span class="p">]</span> <span class="k">def</span> <span class="nf">change</span> <span class="n">create_table</span> <span class="ss">:challenge_categories</span> <span class="k">do</span> <span class="o">|</span><span class="n">t</span><span class="o">|</span> <span class="n">t</span><span class="p">.</span><span class="nf">references</span> <span class="ss">:challenge</span><span class="p">,</span> <span class="ss">null: </span><span class="kp">false</span><span class="p">,</span> <span class="ss">foreign_key: </span><span class="kp">true</span> <span class="n">t</span><span class="p">.</span><span class="nf">references</span> <span class="ss">:category</span><span class="p">,</span> <span class="ss">null: </span><span class="kp">false</span><span class="p">,</span> <span class="ss">foreign_key: </span><span class="kp">true</span> <span class="n">t</span><span class="p">.</span><span class="nf">timestamps</span> <span class="k">end</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <h2> Add the routes </h2> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="n">resources</span> <span class="ss">:users</span><span class="p">,</span> <span class="ss">only: </span><span class="p">[</span><span class="ss">:create</span><span class="p">]</span> <span class="n">namespace</span> <span class="ss">:auth</span> <span class="k">do</span> <span class="n">post</span> <span class="s1">'/login'</span><span class="p">,</span> <span class="ss">to: </span><span class="s1">'sessions#create'</span> <span class="n">delete</span> <span class="s1">'/logout'</span><span class="p">,</span> <span class="ss">to: </span><span class="s1">'sessions#destroy'</span> <span class="k">end</span> <span class="n">resources</span> <span class="ss">:challenges</span> <span class="n">post</span> <span class="s1">'/admin'</span><span class="p">,</span> <span class="ss">to: </span><span class="s1">'users#add_admin'</span> </code></pre> </div> <p>You may have guessed it, but you will need to create a <code>controllers/auth</code> folder. I'll explain why in a few minutes.</p> <h2> Authentication logic </h2> <ul> <li>Add this to your <code>users_controller</code> file: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="k">class</span> <span class="nc">UsersController</span> <span class="o">&lt;</span> <span class="no">ApplicationController</span> <span class="k">def</span> <span class="nf">create</span> <span class="vi">@user</span> <span class="o">=</span> <span class="no">User</span><span class="p">.</span><span class="nf">new</span><span class="p">(</span><span class="n">user_params</span><span class="p">)</span> <span class="k">if</span> <span class="vi">@user</span><span class="p">.</span><span class="nf">save</span> <span class="n">render</span> <span class="ss">json: </span><span class="p">{</span> <span class="ss">message: </span><span class="s1">'Registration successful. Please log in.'</span> <span class="p">},</span> <span class="ss">status: :created</span> <span class="k">else</span> <span class="n">render</span> <span class="ss">json: </span><span class="p">{</span> <span class="ss">errors: </span><span class="vi">@user</span><span class="p">.</span><span class="nf">errors</span><span class="p">.</span><span class="nf">full_messages</span> <span class="p">},</span> <span class="ss">status: :unprocessable_entity</span> <span class="k">end</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">add_admin</span> <span class="n">email</span> <span class="o">=</span> <span class="n">params</span><span class="p">[</span><span class="ss">:email</span><span class="p">]</span> <span class="k">if</span> <span class="n">email</span><span class="p">.</span><span class="nf">blank?</span> <span class="n">render</span> <span class="ss">json: </span><span class="p">{</span> <span class="ss">errors: </span><span class="s1">'Email parameter is required'</span> <span class="p">},</span> <span class="ss">status: :unprocessable_entity</span> <span class="k">end</span> <span class="vi">@user</span> <span class="o">=</span> <span class="no">User</span><span class="p">.</span><span class="nf">find_by</span><span class="p">(</span><span class="ss">email: </span><span class="n">email</span><span class="p">)</span> <span class="k">if</span> <span class="vi">@user</span><span class="p">.</span><span class="nf">nil?</span> <span class="n">render</span> <span class="ss">json: </span><span class="p">{</span> <span class="ss">errors: </span><span class="s1">'No user with that Email found'</span> <span class="p">},</span> <span class="ss">status: :not_found</span> <span class="k">else</span> <span class="vi">@user</span><span class="p">.</span><span class="nf">update_column</span><span class="p">(</span><span class="ss">:role</span><span class="p">,</span> <span class="mi">1</span><span class="p">)</span> <span class="n">render</span> <span class="ss">json: </span><span class="p">{</span> <span class="ss">message: </span><span class="s1">'User is now an admin'</span> <span class="p">},</span> <span class="ss">status: :ok</span> <span class="k">end</span> <span class="k">end</span> <span class="kp">private</span> <span class="k">def</span> <span class="nf">user_params</span> <span class="n">params</span><span class="p">.</span><span class="nf">require</span><span class="p">(</span><span class="ss">:user</span><span class="p">).</span><span class="nf">permit</span><span class="p">(</span><span class="ss">:name</span><span class="p">,</span> <span class="ss">:email</span><span class="p">,</span> <span class="ss">:password</span><span class="p">,</span> <span class="ss">:password_confirmation</span><span class="p">)</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <p>That controller is simply responsible for creating new users and admins.</p> <p>Create a <code>helpers/token_helper</code> file in your <code>app</code> folder and add this code:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/helpers/token_helper.rb</span> <span class="k">module</span> <span class="nn">TokenHelper</span> <span class="k">def</span> <span class="nf">decode_token</span><span class="p">(</span><span class="n">token</span><span class="p">)</span> <span class="no">JWT</span><span class="p">.</span><span class="nf">decode</span><span class="p">(</span><span class="n">token</span><span class="p">,</span> <span class="no">ENV</span><span class="p">[</span><span class="s1">'APP_SECRET_KEY'</span><span class="p">],</span> <span class="kp">true</span><span class="p">,</span> <span class="ss">algorithm: </span><span class="s1">'HS256'</span><span class="p">)[</span><span class="mi">0</span><span class="p">]</span> <span class="k">rescue</span> <span class="no">JWT</span><span class="o">::</span><span class="no">DecodeError</span> <span class="kp">nil</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <p>And include it in your <code>application_controller</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="kp">include</span> <span class="no">TokenHelper</span> </code></pre> </div> <p>Now let's create a <code>sessions_controller</code> in our <code>auth</code> folder and add this code:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># app/controllers/sessions_controller.rb</span> <span class="k">class</span> <span class="nc">Auth::SessionsController</span> <span class="o">&lt;</span> <span class="no">ApplicationController</span> <span class="k">def</span> <span class="nf">create</span> <span class="n">user</span> <span class="o">=</span> <span class="no">User</span><span class="p">.</span><span class="nf">find_by</span><span class="p">(</span><span class="ss">email: </span><span class="n">params</span><span class="p">[</span><span class="ss">:email</span><span class="p">])</span> <span class="k">if</span> <span class="n">user</span> <span class="o">&amp;&amp;</span> <span class="n">user</span><span class="p">.</span><span class="nf">authenticate</span><span class="p">(</span><span class="n">params</span><span class="p">[</span><span class="ss">:password</span><span class="p">])</span> <span class="c1"># Set the expiration time (e.g., 1 hour from now)</span> <span class="n">expiration_time</span> <span class="o">=</span> <span class="no">Time</span><span class="p">.</span><span class="nf">now</span><span class="p">.</span><span class="nf">to_i</span> <span class="o">+</span> <span class="p">(</span><span class="mi">3600</span> <span class="o">*</span> <span class="mi">3</span><span class="p">)</span> <span class="c1"># 3600 seconds = 1 hour</span> <span class="c1"># Create the payload</span> <span class="n">payload</span> <span class="o">=</span> <span class="p">{</span> <span class="ss">user_id: </span><span class="n">user</span><span class="p">.</span><span class="nf">id</span><span class="p">,</span> <span class="ss">exp: </span><span class="n">expiration_time</span> <span class="c1"># This sets the expiration time</span> <span class="p">}</span> <span class="n">token</span> <span class="o">=</span> <span class="no">JWT</span><span class="p">.</span><span class="nf">encode</span><span class="p">(</span><span class="n">payload</span><span class="p">,</span> <span class="no">ENV</span><span class="p">[</span><span class="s1">'APP_SECRET_KEY'</span><span class="p">],</span> <span class="s1">'HS256'</span><span class="p">)</span> <span class="n">render</span> <span class="ss">json: </span><span class="p">{</span> <span class="ss">message: </span><span class="s1">'Logged in successfully'</span><span class="p">,</span> <span class="ss">token: </span><span class="n">token</span> <span class="p">}</span> <span class="k">else</span> <span class="n">render</span> <span class="ss">json: </span><span class="p">{</span> <span class="ss">error: </span><span class="s1">'Invalid credentials'</span> <span class="p">},</span> <span class="ss">status: :unauthorized</span> <span class="k">end</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">destroy</span> <span class="c1"># Invalidate the JWT token by marking it as expired or revoking it.</span> <span class="n">token</span> <span class="o">=</span> <span class="n">extract_token_from_request</span> <span class="k">if</span> <span class="n">token</span> <span class="k">begin</span> <span class="c1"># Try to decode the token to check its validity</span> <span class="n">payload</span><span class="p">,</span> <span class="n">_</span> <span class="o">=</span> <span class="no">JWT</span><span class="p">.</span><span class="nf">decode</span><span class="p">(</span><span class="n">token</span><span class="p">,</span> <span class="no">ENV</span><span class="p">[</span><span class="s1">'APP_SECRET_KEY'</span><span class="p">],</span> <span class="kp">true</span><span class="p">,</span> <span class="ss">algorithm: </span><span class="s1">'HS256'</span><span class="p">)</span> <span class="c1"># At this point, the token is considered valid</span> <span class="c1"># Add expiration to the payload to mark the token as invalid</span> <span class="n">payload</span><span class="p">[</span><span class="s1">'exp'</span><span class="p">]</span> <span class="o">=</span> <span class="no">Time</span><span class="p">.</span><span class="nf">now</span><span class="p">.</span><span class="nf">to_i</span> <span class="n">new_token</span> <span class="o">=</span> <span class="no">JWT</span><span class="p">.</span><span class="nf">encode</span><span class="p">(</span><span class="n">payload</span><span class="p">,</span> <span class="no">ENV</span><span class="p">[</span><span class="s1">'APP_SECRET_KEY'</span><span class="p">],</span> <span class="s1">'HS256'</span><span class="p">)</span> <span class="n">render</span> <span class="ss">json: </span><span class="p">{</span> <span class="ss">message: </span><span class="s1">'Logged out successfully'</span> <span class="p">}</span> <span class="k">rescue</span> <span class="no">JWT</span><span class="o">::</span><span class="no">DecodeError</span> <span class="c1"># JWT::DecodeError is raised when the token is not valid</span> <span class="n">render</span> <span class="ss">json: </span><span class="p">{</span> <span class="ss">message: </span><span class="s1">'You need to sign in or sign up before continuing'</span> <span class="p">},</span> <span class="ss">status: :unauthorized</span> <span class="k">end</span> <span class="k">else</span> <span class="n">render</span> <span class="ss">json: </span><span class="p">{</span> <span class="ss">message: </span><span class="s1">'No token found'</span> <span class="p">},</span> <span class="ss">status: :unprocessable_entity</span> <span class="k">end</span> <span class="k">end</span> <span class="kp">private</span> <span class="k">def</span> <span class="nf">extract_token_from_request</span> <span class="n">request</span><span class="p">.</span><span class="nf">headers</span><span class="p">[</span><span class="s1">'Authorization'</span><span class="p">]</span><span class="o">&amp;</span><span class="p">.</span><span class="nf">split</span><span class="o">&amp;</span><span class="p">.</span><span class="nf">last</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <p>What we did there basically is generate a new token when a user logs in and invalidate a token when a user logs out. Remember, the token is used to check if a user session is valid or not. If you don't know how JWT tokens work, check the documentation <a href="https://en.wikipedia.org/wiki/JSON_Web_Token" rel="noopener noreferrer">here</a>.</p> <p>Now if you request <code>POST /users</code> and <code>POST /login</code> with the correct parameters using Postman, it should work.</p> <h2> Add the Challenge and Category controllers: </h2> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="k">class</span> <span class="nc">ChallengesController</span> <span class="o">&lt;</span> <span class="no">ApplicationController</span> <span class="n">before_action</span> <span class="ss">:set_challenge</span><span class="p">,</span> <span class="ss">only: </span><span class="p">[</span><span class="ss">:show</span><span class="p">,</span> <span class="ss">:update</span><span class="p">,</span> <span class="ss">:destroy</span><span class="p">]</span> <span class="n">before_action</span> <span class="ss">:authorize_user</span><span class="p">,</span> <span class="ss">except: </span><span class="p">[</span><span class="ss">:index</span><span class="p">,</span> <span class="ss">:show</span><span class="p">]</span> <span class="n">before_action</span> <span class="ss">:authorize_admin</span><span class="p">,</span> <span class="ss">except: </span><span class="p">[</span><span class="ss">:index</span><span class="p">,</span> <span class="ss">:show</span><span class="p">]</span> <span class="k">def</span> <span class="nf">index</span> <span class="vi">@challenges</span> <span class="o">=</span> <span class="no">Challenge</span><span class="p">.</span><span class="nf">all</span> <span class="n">render</span> <span class="ss">json: </span><span class="vi">@challenges</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">show</span> <span class="n">render</span> <span class="ss">json: </span><span class="vi">@challenge</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">create</span> <span class="vi">@challenge</span> <span class="o">=</span> <span class="no">Challenge</span><span class="p">.</span><span class="nf">new</span><span class="p">(</span><span class="n">challenge_params</span><span class="p">)</span> <span class="k">if</span> <span class="vi">@challenge</span><span class="p">.</span><span class="nf">save</span> <span class="n">render</span> <span class="ss">json: </span><span class="vi">@challenge</span><span class="p">,</span> <span class="ss">status: :created</span> <span class="k">else</span> <span class="n">render</span> <span class="ss">json: </span><span class="vi">@challenge</span><span class="p">.</span><span class="nf">errors</span><span class="p">,</span> <span class="ss">status: :unprocessable_entity</span> <span class="k">end</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">update</span> <span class="k">if</span> <span class="vi">@challenge</span><span class="p">.</span><span class="nf">update</span><span class="p">(</span><span class="n">challenge_params</span><span class="p">)</span> <span class="n">render</span> <span class="ss">json: </span><span class="vi">@challenge</span> <span class="k">else</span> <span class="n">render</span> <span class="ss">json: </span><span class="vi">@challenge</span><span class="p">.</span><span class="nf">errors</span><span class="p">,</span> <span class="ss">status: :unprocessable_entity</span> <span class="k">end</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">destroy</span> <span class="vi">@challenge</span><span class="p">.</span><span class="nf">destroy</span> <span class="n">render</span> <span class="ss">json: </span><span class="p">{</span> <span class="ss">message: </span><span class="s1">'Challenge was successfully deleted'</span> <span class="p">}</span> <span class="k">end</span> <span class="kp">private</span> <span class="k">def</span> <span class="nf">set_challenge</span> <span class="vi">@challenge</span> <span class="o">=</span> <span class="no">Challenge</span><span class="p">.</span><span class="nf">find</span><span class="p">(</span><span class="n">params</span><span class="p">[</span><span class="ss">:id</span><span class="p">])</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">challenge_params</span> <span class="n">params</span><span class="p">.</span><span class="nf">require</span><span class="p">(</span><span class="ss">:challenge</span><span class="p">).</span><span class="nf">permit</span><span class="p">(</span><span class="ss">:title</span><span class="p">,</span> <span class="ss">:description</span><span class="p">,</span> <span class="ss">category_ids: </span><span class="p">[])</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="k">class</span> <span class="nc">CategoriesController</span> <span class="o">&lt;</span> <span class="no">ApplicationController</span> <span class="n">before_action</span> <span class="ss">:set_category</span><span class="p">,</span> <span class="ss">only: </span><span class="p">[</span><span class="ss">:show</span><span class="p">,</span> <span class="ss">:update</span><span class="p">,</span> <span class="ss">:destroy</span><span class="p">]</span> <span class="n">before_action</span> <span class="ss">:authorize_user</span><span class="p">,</span> <span class="ss">except: </span><span class="p">[</span><span class="ss">:index</span><span class="p">,</span> <span class="ss">:show</span><span class="p">]</span> <span class="n">before_action</span> <span class="ss">:authorize_admin</span><span class="p">,</span> <span class="ss">except: </span><span class="p">[</span><span class="ss">:index</span><span class="p">,</span> <span class="ss">:show</span><span class="p">]</span> <span class="k">def</span> <span class="nf">index</span> <span class="vi">@categories</span> <span class="o">=</span> <span class="no">Category</span><span class="p">.</span><span class="nf">all</span> <span class="n">render</span> <span class="ss">json: </span><span class="vi">@categories</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">show</span> <span class="n">render</span> <span class="ss">json: </span><span class="vi">@category</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">create</span> <span class="vi">@category</span> <span class="o">=</span> <span class="no">Category</span><span class="p">.</span><span class="nf">new</span><span class="p">(</span><span class="n">category_params</span><span class="p">)</span> <span class="k">if</span> <span class="vi">@category</span><span class="p">.</span><span class="nf">save</span> <span class="n">render</span> <span class="ss">json: </span><span class="vi">@category</span><span class="p">,</span> <span class="ss">status: :created</span> <span class="k">else</span> <span class="n">render</span> <span class="ss">json: </span><span class="vi">@category</span><span class="p">.</span><span class="nf">errors</span><span class="p">,</span> <span class="ss">status: :unprocessable_entity</span> <span class="k">end</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">update</span> <span class="k">if</span> <span class="vi">@category</span><span class="p">.</span><span class="nf">update</span><span class="p">(</span><span class="n">category_params</span><span class="p">)</span> <span class="n">render</span> <span class="ss">json: </span><span class="vi">@category</span> <span class="k">else</span> <span class="n">render</span> <span class="ss">json: </span><span class="vi">@category</span><span class="p">.</span><span class="nf">errors</span><span class="p">,</span> <span class="ss">status: :unprocessable_entity</span> <span class="k">end</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">destroy</span> <span class="vi">@category</span><span class="p">.</span><span class="nf">destroy</span> <span class="n">head</span> <span class="ss">:no_content</span> <span class="k">end</span> <span class="kp">private</span> <span class="k">def</span> <span class="nf">set_category</span> <span class="vi">@category</span> <span class="o">=</span> <span class="no">Category</span><span class="p">.</span><span class="nf">find</span><span class="p">(</span><span class="n">params</span><span class="p">[</span><span class="ss">:id</span><span class="p">])</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">category_params</span> <span class="n">params</span><span class="p">.</span><span class="nf">require</span><span class="p">(</span><span class="ss">:category</span><span class="p">).</span><span class="nf">permit</span><span class="p">(</span><span class="ss">:title</span><span class="p">,</span> <span class="ss">:description</span><span class="p">,</span> <span class="ss">challenge_ids: </span><span class="p">[])</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <p>As you can see, both controllers check if the user session is valid before executing some controller actions (create, update, delete). They are doing so with authorize_user and authorize_admin.<br> Add those methods in your application_controller:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="k">def</span> <span class="nf">authorize_user</span> <span class="n">token</span> <span class="o">=</span> <span class="n">request</span><span class="p">.</span><span class="nf">headers</span><span class="p">[</span><span class="s1">'Authorization'</span><span class="p">]</span><span class="o">&amp;</span><span class="p">.</span><span class="nf">split</span><span class="p">(</span><span class="s1">' '</span><span class="p">)</span><span class="o">&amp;</span><span class="p">.</span><span class="nf">last</span> <span class="n">payload</span> <span class="o">=</span> <span class="n">decode_token</span><span class="p">(</span><span class="n">token</span><span class="p">)</span> <span class="k">if</span> <span class="n">payload</span><span class="p">.</span><span class="nf">nil?</span> <span class="n">render</span> <span class="ss">json: </span><span class="p">{</span> <span class="ss">error: </span><span class="s1">'Unauthorized'</span> <span class="p">},</span> <span class="ss">status: :unauthorized</span> <span class="k">else</span> <span class="vi">@current_user</span> <span class="o">=</span> <span class="no">User</span><span class="p">.</span><span class="nf">find</span><span class="p">(</span><span class="n">payload</span><span class="p">[</span><span class="s1">'user_id'</span><span class="p">])</span> <span class="k">end</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">authorize_admin</span> <span class="k">if</span> <span class="o">!</span><span class="vi">@current_user</span> <span class="o">||</span> <span class="o">!</span><span class="vi">@current_user</span><span class="p">.</span><span class="nf">admin?</span> <span class="n">render</span> <span class="ss">json: </span><span class="p">{</span> <span class="ss">error: </span><span class="s1">'Unauthorized'</span> <span class="p">},</span> <span class="ss">status: :unauthorized</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <p>Now, try to create a challenge without logging in and you should get an <code>Unauthorized</code> message. Log in, set the current user as admin, try again and it should work.</p> <p>Et voila, let me know in the comments section if you found this article helpful.</p> programming tutorial rails softwareengineering API security: How to implement Authentication and Authorization with AWS Cognito in Spring Boot David Thu, 23 Nov 2023 01:14:15 +0000 https://dev.to/daviidy/api-security-how-to-implement-authentication-and-authorization-with-aws-cognito-in-spring-boot-4713 https://dev.to/daviidy/api-security-how-to-implement-authentication-and-authorization-with-aws-cognito-in-spring-boot-4713 <p>When I implemented the authentication and authorization process with Spring Security 6, I didn't find any helpful and updated articles on this matter. So, I'll save you some time and show you how you can do that. In this blog post, we'll focus on implementing the registration, login processes, and the JWT Token authorization with AWS Cognito. You're welcome, let's get started!</p> <h2> What is AWS Cognito </h2> <p>Amazon Cognito is a product from Amazon Web Services (AWS) that controls user authentication and access for mobile apps. It's an identity platform for web and mobile apps. </p> <p>Cognito's main features include: </p> <ul> <li>User directory</li> <li>Authentication server</li> <li>Authorization service</li> <li>User sign-up and authentication</li> <li>Temporary security credentials</li> <li>Session management</li> <li>Forgotten password functionality</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fii8wzu2bpm4ijw7qwz6p.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fii8wzu2bpm4ijw7qwz6p.png" alt=" " width="523" height="395"></a></p> <p>Cognito also provides a secure identity store that can scale to millions of users. This store securely stores user profile data for users who sign up directly and for federated users who sign in with external identity providers. </p> <p>You can learn more on <a href="https://aws.amazon.com/cognito/faqs/#:~:text=Amazon%20Cognito%20lets%20you%20easily,service%20behind%20Amazon%20API%20Gateway." rel="noopener noreferrer">their FAQ page</a>.</p> <h2> The project </h2> <p>Let's build an app like <a href="//pramp.com">pramp.com</a>.</p> <ul> <li>Users can obviously register and log in. </li> <li>Admin can create many questions</li> <li>Default users can create many interview sessions</li> <li>Each interview session has 2 questions from the same type</li> </ul> <p>Here is the ERD for more understanding</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fclbkidye0bl2dpk5gh87.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fclbkidye0bl2dpk5gh87.png" alt=" " width="800" height="566"></a></p> <p>I will assume that you already know how to install Spring Boot. Just make sure that you have the following dependencies in your <code>pom.xml</code> file<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight xml"><code><span class="nt">&lt;dependency&gt;</span> <span class="nt">&lt;groupId&gt;</span>org.springframework.boot<span class="nt">&lt;/groupId&gt;</span> <span class="nt">&lt;artifactId&gt;</span>spring-boot-starter-security<span class="nt">&lt;/artifactId&gt;</span> <span class="nt">&lt;/dependency&gt;</span> <span class="nt">&lt;dependency&gt;</span> <span class="nt">&lt;groupId&gt;</span>com.amazonaws<span class="nt">&lt;/groupId&gt;</span> <span class="nt">&lt;artifactId&gt;</span>aws-java-sdk-cognitoidp<span class="nt">&lt;/artifactId&gt;</span> <span class="nt">&lt;version&gt;</span>1.11.934<span class="nt">&lt;/version&gt;</span> <span class="nt">&lt;/dependency&gt;</span> <span class="nt">&lt;dependency&gt;</span> <span class="nt">&lt;groupId&gt;</span>mysql<span class="nt">&lt;/groupId&gt;</span> <span class="nt">&lt;artifactId&gt;</span>mysql-connector-java<span class="nt">&lt;/artifactId&gt;</span> <span class="nt">&lt;version&gt;</span>8.0.26<span class="nt">&lt;/version&gt;</span> <span class="nt">&lt;/dependency&gt;</span> <span class="nt">&lt;dependency&gt;</span> <span class="nt">&lt;groupId&gt;</span>org.springframework.boot<span class="nt">&lt;/groupId&gt;</span> <span class="nt">&lt;artifactId&gt;</span>spring-boot-starter-oauth2-resource-server<span class="nt">&lt;/artifactId&gt;</span> <span class="nt">&lt;/dependency&gt;</span> </code></pre> </div> <p>Let's break down each dependency:</p> <ol> <li> <p><strong>spring-boot-starter-security:</strong> is part of the Spring Boot framework and provides a comprehensive set of security-related features.</p> <ul> <li>Authentication: Helps in user authentication.</li> <li>Authorization: Supports role-based and permission-based access control.</li> <li>Common security configurations out of the box.</li> <li>Integration with various authentication providers.</li> </ul> </li> <li> <p><strong>aws-java-sdk-cognitoidp:</strong> is part of the AWS SDK for Java and specifically focuses on Amazon Cognito Identity Pools.</p> <ul> <li>Provides Java APIs for interacting with Amazon Cognito Identity Pools.</li> <li>Enables your Java application to integrate with Amazon Cognito for user management and authentication.</li> <li>Includes functionality for user sign-up, sign-in, and other identity-related operations.</li> </ul> </li> <li><p><strong>mysql-connector-java:</strong> is the official JDBC driver for MySQL databases, allowing Java applications to connect and interact with MySQL databases. Because you will need to create a local database. Look up online on how to do it with IntelliJ.</p></li> <li> <p><strong>spring-boot-starter-oauth2-resource-server:</strong> is part of Spring Boot and is designed to set up an OAuth 2.0 Resource Server.</p> <ul> <li>Configures the application to act as a resource server, capable of processing and validating OAuth 2.0 access tokens.</li> <li>Allows the application to secure its resources and endpoints using OAuth 2.0 authentication and authorization.</li> </ul> </li> </ol> <h2> The architecture: </h2> <p>We'll use the Domain Driven Design principles:</p> <ul> <li>controller: For handling HTTP requests and defining endpoints.</li> <li>service: For implementing business logic.</li> <li>repository: For data access to interact with databases like DynamoDB.</li> <li>model: For defining domain entities and value objects.</li> <li>requests: We could use Data Transfer Objects (DTO) that encapsulate data passed between layers. But for this project, we will use request classes, which serve as a form of DTO. Those classes define the structure of the data you expect to receive in your HTTP request.</li> <li>config: For Spring configuration classes.</li> <li>security: For security-related classes.</li> </ul> <p>Here is what your <code>src/main</code> folder should look like:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>├── java │   └── com │   └── example │   └── chat_app │   ├── ChatAppApplication.java │   ├── config │   │   ├── CognitoConfig.java │   │   └── SecurityConfig.java │   ├── controller │   │   ├── QuestionController.java │   │   └── UserController.java │   ├── dto │   ├── model │   │   ├── Question.java │   │   └── User.java │   ├── repository │   │   ├── QuestionRepository.java │   │   └── UserRepository.java │   ├── requests │   │   ├── CreateQuestionRequest.java │   │   ├── UserLoginRequest.java │   │   └── UserRegistrationRequest.java │   ├── security │   └── service │   ├── CognitoService.java │   ├── QuestionService.java │   ├── QuestionServiceImpl.java │   ├── UserService.java │   └── UserServiceImpl.java └── resources ├── application.properties ├── simple.priv ├── static └── templates </code></pre> </div> <h2> Registration and Login </h2> <ul> <li>Create a Cognito user pool: check <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/tutorial-create-user-pool.html" rel="noopener noreferrer">this tutorial</a> or <a href="https://www.youtube.com/watch?app=desktop&amp;v=SZqZ3dXO7Jo" rel="noopener noreferrer">this video</a> to do it.</li> <li>Add the following to your application.properties file </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="n">spring</span><span class="o">.</span><span class="na">security</span><span class="o">.</span><span class="na">oauth2</span><span class="o">.</span><span class="na">client</span><span class="o">.</span><span class="na">registration</span><span class="o">.</span><span class="na">cognito</span><span class="o">.</span><span class="na">client</span><span class="o">-</span><span class="n">id</span><span class="o">=</span><span class="n">your_cognito_app_client_id</span> <span class="n">spring</span><span class="o">.</span><span class="na">security</span><span class="o">.</span><span class="na">oauth2</span><span class="o">.</span><span class="na">client</span><span class="o">.</span><span class="na">registration</span><span class="o">.</span><span class="na">cognito</span><span class="o">.</span><span class="na">client</span><span class="o">-</span><span class="n">secret</span><span class="o">=</span><span class="n">your_cognito_app_client_secret</span> <span class="n">spring</span><span class="o">.</span><span class="na">security</span><span class="o">.</span><span class="na">oauth2</span><span class="o">.</span><span class="na">client</span><span class="o">.</span><span class="na">registration</span><span class="o">.</span><span class="na">cognito</span><span class="o">.</span><span class="na">scope</span><span class="o">=</span><span class="n">openid</span> <span class="n">spring</span><span class="o">.</span><span class="na">security</span><span class="o">.</span><span class="na">oauth2</span><span class="o">.</span><span class="na">client</span><span class="o">.</span><span class="na">provider</span><span class="o">.</span><span class="na">cognito</span><span class="o">.</span><span class="na">issuer</span><span class="o">-</span><span class="n">uri</span><span class="o">=</span><span class="nl">https:</span><span class="c1">//cognito-idp.us-east-2.amazonaws.com/us-east-2_EDjR6VYYS https://cognito-idp.&lt;REGION&gt;.amazonaws.com/&lt;POOL Id&gt;</span> <span class="n">aws</span><span class="o">.</span><span class="na">accessKeyId</span><span class="o">=</span><span class="n">aws_access_key</span> <span class="n">aws</span><span class="o">.</span><span class="na">secretKey</span><span class="o">=</span><span class="n">aws_secret_key</span> <span class="n">aws</span><span class="o">.</span><span class="na">region</span><span class="o">=</span><span class="n">aws_region</span> <span class="n">spring</span><span class="o">.</span><span class="na">datasource</span><span class="o">.</span><span class="na">url</span><span class="o">=</span><span class="n">database_uri</span> <span class="n">spring</span><span class="o">.</span><span class="na">datasource</span><span class="o">.</span><span class="na">username</span><span class="o">=</span><span class="n">database_username</span> <span class="n">spring</span><span class="o">.</span><span class="na">datasource</span><span class="o">.</span><span class="na">password</span><span class="o">=</span><span class="n">database_password</span> </code></pre> </div> <ul> <li>Add the controller actions for your login and register routes in the <code>UserController</code>: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="nd">@Autowired</span> <span class="kd">private</span> <span class="nc">UserServiceImpl</span> <span class="n">userService</span><span class="o">;</span> <span class="nd">@PostMapping</span><span class="o">(</span><span class="n">value</span> <span class="o">=</span> <span class="s">"/register"</span><span class="o">,</span> <span class="n">consumes</span> <span class="o">=</span> <span class="o">{</span><span class="s">"application/json"</span><span class="o">})</span> <span class="kd">public</span> <span class="nc">ResponseEntity</span><span class="o">&lt;</span><span class="nc">User</span><span class="o">&gt;</span> <span class="nf">registerUser</span><span class="o">(</span><span class="nd">@Valid</span> <span class="nd">@RequestBody</span> <span class="nc">UserRegistrationRequest</span> <span class="n">userRegistrationRequest</span><span class="o">)</span> <span class="o">{</span> <span class="nc">System</span><span class="o">.</span><span class="na">out</span><span class="o">.</span><span class="na">println</span><span class="o">(</span><span class="n">userRegistrationRequest</span><span class="o">);</span> <span class="c1">// Perform user registration</span> <span class="nc">User</span> <span class="n">registeredUser</span> <span class="o">=</span> <span class="n">userService</span><span class="o">.</span><span class="na">registerUser</span><span class="o">(</span><span class="n">userRegistrationRequest</span><span class="o">);</span> <span class="k">if</span> <span class="o">(</span><span class="n">registeredUser</span> <span class="o">!=</span> <span class="kc">null</span><span class="o">)</span> <span class="o">{</span> <span class="k">return</span> <span class="nc">ResponseEntity</span><span class="o">.</span><span class="na">ok</span><span class="o">(</span><span class="n">registeredUser</span><span class="o">);</span> <span class="o">}</span> <span class="k">else</span> <span class="o">{</span> <span class="k">return</span> <span class="nc">ResponseEntity</span><span class="o">.</span><span class="na">status</span><span class="o">(</span><span class="nc">HttpStatus</span><span class="o">.</span><span class="na">INTERNAL_SERVER_ERROR</span><span class="o">).</span><span class="na">build</span><span class="o">();</span> <span class="o">}</span> <span class="o">}</span> <span class="nd">@PostMapping</span><span class="o">(</span><span class="s">"/login"</span><span class="o">)</span> <span class="kd">public</span> <span class="nc">ResponseEntity</span><span class="o">&lt;</span><span class="nc">User</span><span class="o">&gt;</span> <span class="nf">loginUser</span><span class="o">(</span><span class="nd">@Valid</span> <span class="nd">@RequestBody</span> <span class="nc">UserLoginRequest</span> <span class="n">userLoginRequest</span><span class="o">)</span> <span class="o">{</span> <span class="c1">// Perform user login</span> <span class="nc">User</span> <span class="n">loggedInUser</span> <span class="o">=</span> <span class="n">userService</span><span class="o">.</span><span class="na">loginUser</span><span class="o">(</span><span class="n">userLoginRequest</span><span class="o">.</span><span class="na">getUsername</span><span class="o">(),</span> <span class="n">userLoginRequest</span><span class="o">.</span><span class="na">getPassword</span><span class="o">());</span> <span class="k">if</span> <span class="o">(</span><span class="n">loggedInUser</span> <span class="o">!=</span> <span class="kc">null</span><span class="o">)</span> <span class="o">{</span> <span class="c1">// Successful login</span> <span class="k">return</span> <span class="nc">ResponseEntity</span><span class="o">.</span><span class="na">ok</span><span class="o">(</span><span class="n">loggedInUser</span><span class="o">);</span> <span class="o">}</span> <span class="k">else</span> <span class="o">{</span> <span class="c1">// Invalid login, return an appropriate response</span> <span class="k">return</span> <span class="nc">ResponseEntity</span><span class="o">.</span><span class="na">status</span><span class="o">(</span><span class="nc">HttpStatus</span><span class="o">.</span><span class="na">UNAUTHORIZED</span><span class="o">).</span><span class="na">build</span><span class="o">();</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <ul> <li>Add the <code>registerUser</code> and <code>loginUser</code> methods in the <code>UserService</code> interface and implement them in the <code>UserServiceImpl</code> class: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="kd">public</span> <span class="kd">interface</span> <span class="nc">UserService</span> <span class="o">{</span> <span class="nc">User</span> <span class="nf">registerUser</span><span class="o">(</span><span class="nc">UserRegistrationRequest</span> <span class="n">userRegistrationRequest</span><span class="o">);</span> <span class="nc">User</span> <span class="nf">loginUser</span><span class="o">(</span><span class="nc">String</span> <span class="n">username</span><span class="o">,</span> <span class="nc">String</span> <span class="n">password</span><span class="o">);</span> <span class="o">}</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="nd">@Service</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">UserServiceImpl</span> <span class="kd">implements</span> <span class="nc">UserService</span> <span class="o">{</span> <span class="nd">@Autowired</span> <span class="kd">private</span> <span class="nc">UserRepository</span> <span class="n">userRepository</span><span class="o">;</span> <span class="nd">@Autowired</span> <span class="kd">private</span> <span class="nc">CognitoService</span> <span class="n">cognitoService</span><span class="o">;</span> <span class="nd">@Override</span> <span class="kd">public</span> <span class="nc">User</span> <span class="nf">registerUser</span><span class="o">(</span><span class="nc">UserRegistrationRequest</span> <span class="n">userRegistrationRequest</span><span class="o">)</span> <span class="o">{</span> <span class="nc">String</span> <span class="n">username</span> <span class="o">=</span> <span class="n">userRegistrationRequest</span><span class="o">.</span><span class="na">getUsername</span><span class="o">();</span> <span class="nc">String</span> <span class="n">password</span> <span class="o">=</span> <span class="n">userRegistrationRequest</span><span class="o">.</span><span class="na">getPassword</span><span class="o">();</span> <span class="nc">String</span> <span class="n">email</span> <span class="o">=</span> <span class="n">userRegistrationRequest</span><span class="o">.</span><span class="na">getEmail</span><span class="o">();</span> <span class="c1">// Register the user with Amazon Cognito</span> <span class="k">return</span> <span class="n">cognitoService</span><span class="o">.</span><span class="na">registerUser</span><span class="o">(</span><span class="n">username</span><span class="o">,</span> <span class="n">email</span><span class="o">,</span> <span class="n">password</span><span class="o">);</span> <span class="o">}</span> <span class="nd">@Override</span> <span class="kd">public</span> <span class="nc">User</span> <span class="nf">loginUser</span><span class="o">(</span><span class="nc">String</span> <span class="n">username</span><span class="o">,</span> <span class="nc">String</span> <span class="n">password</span><span class="o">)</span> <span class="o">{</span> <span class="k">return</span> <span class="n">cognitoService</span><span class="o">.</span><span class="na">loginUser</span><span class="o">(</span><span class="n">username</span><span class="o">,</span> <span class="n">password</span><span class="o">);</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <ul> <li>Implement the registration and login logic in the CognitoService: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="nd">@Value</span><span class="o">(</span><span class="s">"${spring.security.oauth2.client.registration.cognito.client-id}"</span><span class="o">)</span> <span class="kd">private</span> <span class="nc">String</span> <span class="n">clientId</span><span class="o">;</span> <span class="nd">@Value</span><span class="o">(</span><span class="s">"${spring.security.oauth2.client.registration.cognito.client-secret}"</span><span class="o">)</span> <span class="kd">private</span> <span class="nc">String</span> <span class="n">clientSecret</span><span class="o">;</span> <span class="nd">@Value</span><span class="o">(</span><span class="s">"${spring.security.oauth2.client.registration.cognito.scope}"</span><span class="o">)</span> <span class="kd">private</span> <span class="nc">String</span> <span class="n">scope</span><span class="o">;</span> <span class="nd">@Value</span><span class="o">(</span><span class="s">"${spring.security.oauth2.client.provider.cognito.issuer-uri}"</span><span class="o">)</span> <span class="kd">private</span> <span class="nc">String</span> <span class="n">issuerUri</span><span class="o">;</span> <span class="nd">@Autowired</span> <span class="kd">private</span> <span class="nc">AWSCognitoIdentityProvider</span> <span class="n">cognitoIdentityProvider</span><span class="o">;</span> <span class="nd">@Autowired</span> <span class="kd">private</span> <span class="nc">UserRepository</span> <span class="n">userRepository</span><span class="o">;</span> <span class="kd">public</span> <span class="nc">User</span> <span class="nf">registerUser</span><span class="o">(</span><span class="nc">String</span> <span class="n">username</span><span class="o">,</span> <span class="nc">String</span> <span class="n">email</span><span class="o">,</span> <span class="nc">String</span> <span class="n">password</span><span class="o">)</span> <span class="o">{</span> <span class="c1">// Set up the AWS Cognito registration request</span> <span class="nc">SignUpRequest</span> <span class="n">signUpRequest</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">SignUpRequest</span><span class="o">()</span> <span class="o">.</span><span class="na">withClientId</span><span class="o">(</span><span class="n">clientId</span><span class="o">)</span> <span class="o">.</span><span class="na">withUsername</span><span class="o">(</span><span class="n">username</span><span class="o">)</span> <span class="o">.</span><span class="na">withPassword</span><span class="o">(</span><span class="n">password</span><span class="o">)</span> <span class="o">.</span><span class="na">withUserAttributes</span><span class="o">(</span> <span class="k">new</span> <span class="nf">AttributeType</span><span class="o">().</span><span class="na">withName</span><span class="o">(</span><span class="s">"email"</span><span class="o">).</span><span class="na">withValue</span><span class="o">(</span><span class="n">email</span><span class="o">)</span> <span class="o">);</span> <span class="c1">// Register the user with Amazon Cognito</span> <span class="k">try</span> <span class="o">{</span> <span class="nc">SignUpResult</span> <span class="n">signUpResponse</span> <span class="o">=</span> <span class="n">cognitoIdentityProvider</span><span class="o">.</span><span class="na">signUp</span><span class="o">(</span><span class="n">signUpRequest</span><span class="o">);</span> <span class="nc">User</span> <span class="n">registeredUser</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">User</span><span class="o">();</span> <span class="n">registeredUser</span><span class="o">.</span><span class="na">setUsername</span><span class="o">(</span><span class="n">username</span><span class="o">);</span> <span class="n">registeredUser</span><span class="o">.</span><span class="na">setEmail</span><span class="o">(</span><span class="n">email</span><span class="o">);</span> <span class="n">registeredUser</span><span class="o">.</span><span class="na">setPassword</span><span class="o">(</span><span class="n">password</span><span class="o">);</span> <span class="k">return</span> <span class="n">userRepository</span><span class="o">.</span><span class="na">save</span><span class="o">(</span><span class="n">registeredUser</span><span class="o">);</span> <span class="o">}</span> <span class="k">catch</span> <span class="o">(</span><span class="nc">Exception</span> <span class="n">e</span><span class="o">)</span> <span class="o">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nf">RuntimeException</span><span class="o">(</span><span class="s">"User registration failed: "</span> <span class="o">+</span> <span class="n">e</span><span class="o">.</span><span class="na">getMessage</span><span class="o">(),</span> <span class="n">e</span><span class="o">);</span> <span class="o">}</span> <span class="o">}</span> <span class="kd">public</span> <span class="nc">User</span> <span class="nf">loginUser</span><span class="o">(</span><span class="nc">String</span> <span class="n">username</span><span class="o">,</span> <span class="nc">String</span> <span class="n">password</span><span class="o">)</span> <span class="o">{</span> <span class="c1">// Set up the authentication request</span> <span class="nc">InitiateAuthRequest</span> <span class="n">authRequest</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">InitiateAuthRequest</span><span class="o">()</span> <span class="o">.</span><span class="na">withAuthFlow</span><span class="o">(</span><span class="s">"USER_PASSWORD_AUTH"</span><span class="o">)</span> <span class="o">.</span><span class="na">withClientId</span><span class="o">(</span><span class="n">clientId</span><span class="o">)</span> <span class="o">.</span><span class="na">withAuthParameters</span><span class="o">(</span> <span class="nc">Map</span><span class="o">.</span><span class="na">of</span><span class="o">(</span> <span class="s">"USERNAME"</span><span class="o">,</span> <span class="n">username</span><span class="o">,</span> <span class="c1">// Use email as the username</span> <span class="s">"PASSWORD"</span><span class="o">,</span> <span class="n">password</span> <span class="o">)</span> <span class="o">);</span> <span class="k">try</span> <span class="o">{</span> <span class="nc">InitiateAuthResult</span> <span class="n">authResult</span> <span class="o">=</span> <span class="n">cognitoIdentityProvider</span><span class="o">.</span><span class="na">initiateAuth</span><span class="o">(</span><span class="n">authRequest</span><span class="o">);</span> <span class="nc">System</span><span class="o">.</span><span class="na">out</span><span class="o">.</span><span class="na">println</span><span class="o">(</span><span class="n">authResult</span><span class="o">);</span> <span class="nc">AuthenticationResultType</span> <span class="n">authResponse</span> <span class="o">=</span> <span class="n">authResult</span><span class="o">.</span><span class="na">getAuthenticationResult</span><span class="o">();</span> <span class="c1">// At this point, the user is successfully authenticated, and you can access JWT tokens:</span> <span class="nc">String</span> <span class="n">accessToken</span> <span class="o">=</span> <span class="n">authResponse</span><span class="o">.</span><span class="na">getAccessToken</span><span class="o">();</span> <span class="nc">String</span> <span class="n">idToken</span> <span class="o">=</span> <span class="n">authResponse</span><span class="o">.</span><span class="na">getIdToken</span><span class="o">();</span> <span class="nc">String</span> <span class="n">refreshToken</span> <span class="o">=</span> <span class="n">authResponse</span><span class="o">.</span><span class="na">getRefreshToken</span><span class="o">();</span> <span class="c1">// You can decode and verify the JWT tokens for user information</span> <span class="nc">User</span> <span class="n">loggedInUser</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">User</span><span class="o">();</span> <span class="n">loggedInUser</span><span class="o">.</span><span class="na">setUsername</span><span class="o">(</span><span class="n">username</span><span class="o">);</span> <span class="n">loggedInUser</span><span class="o">.</span><span class="na">setAccessToken</span><span class="o">(</span><span class="n">accessToken</span><span class="o">);</span> <span class="c1">// Store the token for future requests</span> <span class="k">return</span> <span class="n">loggedInUser</span><span class="o">;</span> <span class="o">}</span> <span class="k">catch</span> <span class="o">(</span><span class="nc">Exception</span> <span class="n">e</span><span class="o">)</span> <span class="o">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nf">RuntimeException</span><span class="o">(</span><span class="s">"User login failed: "</span> <span class="o">+</span> <span class="n">e</span><span class="o">.</span><span class="na">getMessage</span><span class="o">(),</span> <span class="n">e</span><span class="o">);</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <ul> <li>Create the <code>AWSCognitoIdentityProvider</code> bean in your <code>CognitoConfig</code> class: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="nd">@Configuration</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">CognitoConfig</span> <span class="o">{</span> <span class="nd">@Value</span><span class="o">(</span><span class="s">"${aws.accessKeyId}"</span><span class="o">)</span> <span class="kd">private</span> <span class="nc">String</span> <span class="n">accessKey</span><span class="o">;</span> <span class="nd">@Value</span><span class="o">(</span><span class="s">"${aws.secretKey}"</span><span class="o">)</span> <span class="kd">private</span> <span class="nc">String</span> <span class="n">secretKey</span><span class="o">;</span> <span class="nd">@Value</span><span class="o">(</span><span class="s">"${aws.region}"</span><span class="o">)</span> <span class="kd">private</span> <span class="nc">String</span> <span class="n">region</span><span class="o">;</span> <span class="nd">@Bean</span> <span class="kd">public</span> <span class="nc">AWSCognitoIdentityProvider</span> <span class="nf">cognitoIdentityProvider</span><span class="o">()</span> <span class="o">{</span> <span class="nc">BasicAWSCredentials</span> <span class="n">awsCredentials</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">BasicAWSCredentials</span><span class="o">(</span><span class="n">accessKey</span><span class="o">,</span> <span class="n">secretKey</span><span class="o">);</span> <span class="k">return</span> <span class="nc">AWSCognitoIdentityProviderClientBuilder</span><span class="o">.</span><span class="na">standard</span><span class="o">()</span> <span class="o">.</span><span class="na">withCredentials</span><span class="o">(</span><span class="k">new</span> <span class="nc">AWSStaticCredentialsProvider</span><span class="o">(</span><span class="n">awsCredentials</span><span class="o">))</span> <span class="o">.</span><span class="na">withRegion</span><span class="o">(</span><span class="nc">Regions</span><span class="o">.</span><span class="na">fromName</span><span class="o">(</span><span class="n">region</span><span class="o">))</span> <span class="o">.</span><span class="na">build</span><span class="o">();</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <ul> <li>Implement the UserLoginRequest and UserRegistrationRequest classes: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="kd">public</span> <span class="kd">class</span> <span class="nc">UserLoginRequest</span> <span class="o">{</span> <span class="nd">@NotBlank</span><span class="o">(</span><span class="n">message</span> <span class="o">=</span> <span class="s">"Username is required"</span><span class="o">)</span> <span class="kd">private</span> <span class="nc">String</span> <span class="n">username</span><span class="o">;</span> <span class="nd">@NotBlank</span><span class="o">(</span><span class="n">message</span> <span class="o">=</span> <span class="s">"Password is required"</span><span class="o">)</span> <span class="kd">private</span> <span class="nc">String</span> <span class="n">password</span><span class="o">;</span> <span class="kd">public</span> <span class="nc">String</span> <span class="nf">getUsername</span><span class="o">()</span> <span class="o">{</span> <span class="k">return</span> <span class="n">username</span><span class="o">;</span> <span class="o">}</span> <span class="kd">public</span> <span class="nc">String</span> <span class="nf">getPassword</span><span class="o">()</span> <span class="o">{</span> <span class="k">return</span> <span class="n">password</span><span class="o">;</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="kd">public</span> <span class="kd">class</span> <span class="nc">UserRegistrationRequest</span> <span class="o">{</span> <span class="nd">@NotBlank</span><span class="o">(</span><span class="n">message</span> <span class="o">=</span> <span class="s">"Username is required"</span><span class="o">)</span> <span class="kd">private</span> <span class="nc">String</span> <span class="n">username</span><span class="o">;</span> <span class="nd">@NotBlank</span><span class="o">(</span><span class="n">message</span> <span class="o">=</span> <span class="s">"Password is required"</span><span class="o">)</span> <span class="kd">private</span> <span class="nc">String</span> <span class="n">password</span><span class="o">;</span> <span class="nd">@Email</span><span class="o">(</span><span class="n">message</span> <span class="o">=</span> <span class="s">"Invalid email address"</span><span class="o">)</span> <span class="kd">private</span> <span class="nc">String</span> <span class="n">email</span><span class="o">;</span> <span class="c1">// Getters and setters for the fields</span> <span class="kd">public</span> <span class="nc">String</span> <span class="nf">getUsername</span><span class="o">()</span> <span class="o">{</span> <span class="k">return</span> <span class="n">username</span><span class="o">;</span> <span class="o">}</span> <span class="kd">public</span> <span class="nc">String</span> <span class="nf">getPassword</span><span class="o">()</span> <span class="o">{</span> <span class="k">return</span> <span class="n">password</span><span class="o">;</span> <span class="o">}</span> <span class="kd">public</span> <span class="nc">String</span> <span class="nf">getEmail</span><span class="o">()</span> <span class="o">{</span> <span class="k">return</span> <span class="n">email</span><span class="o">;</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <ul> <li>Implement the User model: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="nd">@Entity</span> <span class="nd">@Table</span><span class="o">(</span> <span class="n">name</span> <span class="o">=</span> <span class="s">"users"</span><span class="o">,</span> <span class="n">uniqueConstraints</span> <span class="o">=</span> <span class="o">{</span> <span class="nd">@UniqueConstraint</span><span class="o">(</span><span class="n">columnNames</span> <span class="o">=</span> <span class="s">"email"</span><span class="o">),</span> <span class="nd">@UniqueConstraint</span><span class="o">(</span><span class="n">columnNames</span> <span class="o">=</span> <span class="s">"username"</span><span class="o">)</span> <span class="o">}</span> <span class="o">)</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">User</span> <span class="o">{</span> <span class="nd">@jakarta</span><span class="o">.</span><span class="na">persistence</span><span class="o">.</span><span class="na">Id</span> <span class="nd">@Id</span> <span class="nd">@GeneratedValue</span><span class="o">(</span><span class="n">strategy</span> <span class="o">=</span> <span class="nc">GenerationType</span><span class="o">.</span><span class="na">IDENTITY</span><span class="o">)</span> <span class="kd">private</span> <span class="kt">int</span> <span class="n">id</span><span class="o">;</span> <span class="nd">@Column</span> <span class="nd">@NotEmpty</span><span class="o">(</span><span class="n">message</span> <span class="o">=</span> <span class="s">"Username is required"</span><span class="o">)</span> <span class="nd">@Size</span><span class="o">(</span><span class="n">min</span> <span class="o">=</span> <span class="mi">5</span><span class="o">,</span> <span class="n">max</span> <span class="o">=</span> <span class="mi">50</span><span class="o">)</span> <span class="kd">private</span> <span class="nc">String</span> <span class="n">username</span><span class="o">;</span> <span class="nd">@Column</span> <span class="nd">@NotEmpty</span><span class="o">(</span><span class="n">message</span> <span class="o">=</span> <span class="s">"Email is required"</span><span class="o">)</span> <span class="kd">private</span> <span class="nc">String</span> <span class="n">email</span><span class="o">;</span> <span class="nd">@Column</span> <span class="nd">@NotEmpty</span><span class="o">(</span><span class="n">message</span> <span class="o">=</span> <span class="s">"Password is required"</span><span class="o">)</span> <span class="kd">private</span> <span class="nc">String</span> <span class="n">password</span><span class="o">;</span> <span class="nd">@Transient</span> <span class="kd">private</span> <span class="nc">String</span> <span class="n">accessToken</span><span class="o">;</span> <span class="kd">public</span> <span class="kt">void</span> <span class="nf">setAccessToken</span><span class="o">(</span><span class="nc">String</span> <span class="n">accessToken</span><span class="o">)</span> <span class="o">{</span> <span class="k">this</span><span class="o">.</span><span class="na">accessToken</span> <span class="o">=</span> <span class="n">accessToken</span><span class="o">;</span> <span class="o">}</span> <span class="kd">public</span> <span class="nc">String</span> <span class="nf">getAccessToken</span><span class="o">()</span> <span class="o">{</span> <span class="k">return</span> <span class="n">accessToken</span><span class="o">;</span> <span class="o">}</span> <span class="kd">public</span> <span class="nc">String</span> <span class="nf">getUsername</span><span class="o">()</span> <span class="o">{</span> <span class="k">return</span> <span class="n">username</span><span class="o">;</span> <span class="o">}</span> <span class="kd">public</span> <span class="nc">String</span> <span class="nf">getEmail</span><span class="o">()</span> <span class="o">{</span> <span class="k">return</span> <span class="n">email</span><span class="o">;</span> <span class="o">}</span> <span class="kd">public</span> <span class="nc">String</span> <span class="nf">getPassword</span><span class="o">()</span> <span class="o">{</span> <span class="k">return</span> <span class="n">password</span><span class="o">;</span> <span class="o">}</span> <span class="kd">public</span> <span class="kt">void</span> <span class="nf">setUsername</span><span class="o">(</span><span class="nc">String</span> <span class="n">username</span><span class="o">)</span> <span class="o">{</span> <span class="k">this</span><span class="o">.</span><span class="na">username</span> <span class="o">=</span> <span class="n">username</span><span class="o">;</span> <span class="o">}</span> <span class="kd">public</span> <span class="kt">void</span> <span class="nf">setEmail</span><span class="o">(</span><span class="nc">String</span> <span class="n">email</span><span class="o">)</span> <span class="o">{</span> <span class="k">this</span><span class="o">.</span><span class="na">email</span> <span class="o">=</span> <span class="n">email</span><span class="o">;</span> <span class="o">}</span> <span class="kd">public</span> <span class="kt">void</span> <span class="nf">setPassword</span><span class="o">(</span><span class="nc">String</span> <span class="n">password</span><span class="o">)</span> <span class="o">{</span> <span class="k">this</span><span class="o">.</span><span class="na">password</span> <span class="o">=</span> <span class="n">password</span><span class="o">;</span> <span class="o">}</span> <span class="kd">public</span> <span class="kt">void</span> <span class="nf">setId</span><span class="o">(</span><span class="kt">int</span> <span class="n">id</span><span class="o">)</span> <span class="o">{</span> <span class="k">this</span><span class="o">.</span><span class="na">id</span> <span class="o">=</span> <span class="n">id</span><span class="o">;</span> <span class="o">}</span> <span class="kd">public</span> <span class="kt">int</span> <span class="nf">getId</span><span class="o">()</span> <span class="o">{</span> <span class="k">return</span> <span class="n">id</span><span class="o">;</span> <span class="o">}</span> </code></pre> </div> <ul> <li>Finally, add this to your SecurityConfig class: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="nd">@Bean</span> <span class="kd">public</span> <span class="nc">SecurityFilterChain</span> <span class="nf">filterChain</span><span class="o">(</span><span class="nc">HttpSecurity</span> <span class="n">http</span><span class="o">)</span> <span class="kd">throws</span> <span class="nc">Exception</span> <span class="o">{</span> <span class="n">http</span><span class="o">.</span><span class="na">authorizeHttpRequests</span><span class="o">(</span> <span class="n">requests</span> <span class="o">-&gt;</span> <span class="n">requests</span> <span class="o">.</span><span class="na">requestMatchers</span><span class="o">(</span><span class="s">"/admin"</span><span class="o">)</span> <span class="o">.</span><span class="na">hasAnyRole</span><span class="o">(</span><span class="s">"Admin"</span><span class="o">,</span> <span class="s">"Editor"</span><span class="o">)</span> <span class="o">.</span><span class="na">requestMatchers</span><span class="o">(</span><span class="s">"/login"</span><span class="o">)</span> <span class="o">.</span><span class="na">permitAll</span><span class="o">()</span> <span class="o">.</span><span class="na">requestMatchers</span><span class="o">(</span><span class="s">"/register"</span><span class="o">)</span> <span class="o">.</span><span class="na">permitAll</span><span class="o">()</span> <span class="o">.</span><span class="na">requestMatchers</span><span class="o">(</span><span class="s">"/logout"</span><span class="o">)</span> <span class="o">.</span><span class="na">permitAll</span><span class="o">()</span> <span class="o">.</span><span class="na">anyRequest</span><span class="o">()</span> <span class="o">.</span><span class="na">authenticated</span><span class="o">()</span> <span class="o">);</span> <span class="n">http</span><span class="o">.</span><span class="na">csrf</span><span class="o">(</span><span class="nl">AbstractHttpConfigurer:</span><span class="o">:</span><span class="n">disable</span><span class="o">);</span> <span class="k">return</span> <span class="n">http</span><span class="o">.</span><span class="na">build</span><span class="o">();</span> <span class="o">}</span> </code></pre> </div> <p>Now start your Spring app, open Postman, and ensure your app is connected to your database. Run the <code>POST /register</code> request and you should get the following result:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"id"</span><span class="p">:</span><span class="w"> </span><span class="err">&lt;user_id&gt;</span><span class="p">,</span><span class="w"> </span><span class="nl">"username"</span><span class="p">:</span><span class="w"> </span><span class="err">&lt;username&gt;</span><span class="p">,</span><span class="w"> </span><span class="nl">"email"</span><span class="p">:</span><span class="w"> </span><span class="err">&lt;email&gt;</span><span class="p">,</span><span class="w"> </span><span class="nl">"password"</span><span class="p">:</span><span class="w"> </span><span class="err">&lt;password&gt;</span><span class="p">,</span><span class="w"> </span><span class="nl">"accessToken"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>You should also be able to see the new user in your AWS Cognito app.<br> Run the <code>POST /login</code> request and you should get the following result:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>{ "id": &lt;user_id&gt;, "username": &lt;username&gt;, "email": &lt;email&gt;, "password": null, "accessToken": &lt;access_token&gt;, } </code></pre> </div> <p>Don't forget to confirm manually the user account from the AWS Cognito. You can look up the documentation to see how you can also do it using Spring Boot.</p> <h2> Verifying authorization </h2> <p>Spring Security supports protecting endpoints by using two forms of OAuth 2.0 Bearer Tokens:</p> <ul> <li>JWT</li> <li><p>Opaque Tokens<br> We are going to use JWT. You can learn more about it in the <a href="https://docs.spring.io/spring-security/reference/servlet/oauth2/resource-server/index.html" rel="noopener noreferrer">Spring documentation</a>.<br> Spring Boot will do it by checking the token provided by our client (in this case, Postman), verifying if it's a valid Cognito token, and either returning success or unauthorized statuses.<br> For more </p></li> <li><p>Update your <code>Securityconfig</code><br> </p></li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="nd">@Configuration</span> <span class="nd">@EnableWebSecurity</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">SecurityConfig</span> <span class="o">{</span> <span class="kd">private</span> <span class="kd">final</span> <span class="nc">JWSAlgorithm</span> <span class="n">jwsAlgorithm</span> <span class="o">=</span> <span class="nc">JWSAlgorithm</span><span class="o">.</span><span class="na">RS256</span><span class="o">;</span> <span class="kd">private</span> <span class="kd">final</span> <span class="nc">JWEAlgorithm</span> <span class="n">jweAlgorithm</span> <span class="o">=</span> <span class="nc">JWEAlgorithm</span><span class="o">.</span><span class="na">RSA_OAEP_256</span><span class="o">;</span> <span class="kd">private</span> <span class="kd">final</span> <span class="nc">EncryptionMethod</span> <span class="n">encryptionMethod</span> <span class="o">=</span> <span class="nc">EncryptionMethod</span><span class="o">.</span><span class="na">A256GCM</span><span class="o">;</span> <span class="nd">@Value</span><span class="o">(</span><span class="s">"${spring.security.oauth2.resourceserver.jwt.jwk-set-uri}"</span><span class="o">)</span> <span class="no">URL</span> <span class="n">jwkSetUri</span><span class="o">;</span> <span class="nd">@Value</span><span class="o">(</span><span class="s">"${sample.jwe-key-value}"</span><span class="o">)</span> <span class="nc">RSAPrivateKey</span> <span class="n">key</span><span class="o">;</span> <span class="nd">@Bean</span> <span class="kd">public</span> <span class="nc">SecurityFilterChain</span> <span class="nf">filterChain</span><span class="o">(</span><span class="nc">HttpSecurity</span> <span class="n">http</span><span class="o">)</span> <span class="kd">throws</span> <span class="nc">Exception</span> <span class="o">{</span> <span class="n">http</span><span class="o">.</span><span class="na">authorizeHttpRequests</span><span class="o">(</span> <span class="n">requests</span> <span class="o">-&gt;</span> <span class="n">requests</span> <span class="o">.</span><span class="na">requestMatchers</span><span class="o">(</span><span class="s">"/admin"</span><span class="o">)</span> <span class="o">.</span><span class="na">hasAnyRole</span><span class="o">(</span><span class="s">"Admin"</span><span class="o">,</span> <span class="s">"Editor"</span><span class="o">)</span> <span class="o">.</span><span class="na">requestMatchers</span><span class="o">(</span><span class="s">"/login"</span><span class="o">)</span> <span class="o">.</span><span class="na">permitAll</span><span class="o">()</span> <span class="o">.</span><span class="na">requestMatchers</span><span class="o">(</span><span class="s">"/register"</span><span class="o">)</span> <span class="o">.</span><span class="na">permitAll</span><span class="o">()</span> <span class="o">.</span><span class="na">requestMatchers</span><span class="o">(</span><span class="s">"/logout"</span><span class="o">)</span> <span class="o">.</span><span class="na">permitAll</span><span class="o">()</span> <span class="o">.</span><span class="na">anyRequest</span><span class="o">()</span> <span class="o">.</span><span class="na">authenticated</span><span class="o">()</span> <span class="o">)</span> <span class="o">.</span><span class="na">oauth2ResourceServer</span><span class="o">((</span><span class="n">oauth2</span><span class="o">)</span> <span class="o">-&gt;</span> <span class="n">oauth2</span><span class="o">.</span><span class="na">jwt</span><span class="o">(</span><span class="n">withDefaults</span><span class="o">()));</span> <span class="n">http</span><span class="o">.</span><span class="na">csrf</span><span class="o">(</span><span class="nl">AbstractHttpConfigurer:</span><span class="o">:</span><span class="n">disable</span><span class="o">);</span> <span class="k">return</span> <span class="n">http</span><span class="o">.</span><span class="na">build</span><span class="o">();</span> <span class="o">}</span> <span class="nd">@Bean</span> <span class="nc">JwtDecoder</span> <span class="nf">jwtDecoder</span><span class="o">()</span> <span class="o">{</span> <span class="k">return</span> <span class="k">new</span> <span class="nf">NimbusJwtDecoder</span><span class="o">(</span><span class="n">jwtProcessor</span><span class="o">());</span> <span class="o">}</span> <span class="kd">private</span> <span class="nc">JWTProcessor</span><span class="o">&lt;</span><span class="nc">SecurityContext</span><span class="o">&gt;</span> <span class="nf">jwtProcessor</span><span class="o">()</span> <span class="o">{</span> <span class="nc">JWKSource</span><span class="o">&lt;</span><span class="nc">SecurityContext</span><span class="o">&gt;</span> <span class="n">jwsJwkSource</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">RemoteJWKSet</span><span class="o">&lt;&gt;(</span><span class="k">this</span><span class="o">.</span><span class="na">jwkSetUri</span><span class="o">);</span> <span class="nc">JWSKeySelector</span><span class="o">&lt;</span><span class="nc">SecurityContext</span><span class="o">&gt;</span> <span class="n">jwsKeySelector</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">JWSVerificationKeySelector</span><span class="o">&lt;&gt;(</span><span class="k">this</span><span class="o">.</span><span class="na">jwsAlgorithm</span><span class="o">,</span> <span class="n">jwsJwkSource</span><span class="o">);</span> <span class="nc">JWKSource</span><span class="o">&lt;</span><span class="nc">SecurityContext</span><span class="o">&gt;</span> <span class="n">jweJwkSource</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">ImmutableJWKSet</span><span class="o">&lt;&gt;(</span><span class="k">new</span> <span class="nc">JWKSet</span><span class="o">(</span><span class="n">rsaKey</span><span class="o">()));</span> <span class="nc">JWEKeySelector</span><span class="o">&lt;</span><span class="nc">SecurityContext</span><span class="o">&gt;</span> <span class="n">jweKeySelector</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">JWEDecryptionKeySelector</span><span class="o">&lt;&gt;(</span><span class="k">this</span><span class="o">.</span><span class="na">jweAlgorithm</span><span class="o">,</span> <span class="k">this</span><span class="o">.</span><span class="na">encryptionMethod</span><span class="o">,</span> <span class="n">jweJwkSource</span><span class="o">);</span> <span class="nc">ConfigurableJWTProcessor</span><span class="o">&lt;</span><span class="nc">SecurityContext</span><span class="o">&gt;</span> <span class="n">jwtProcessor</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">DefaultJWTProcessor</span><span class="o">&lt;&gt;();</span> <span class="n">jwtProcessor</span><span class="o">.</span><span class="na">setJWSKeySelector</span><span class="o">(</span><span class="n">jwsKeySelector</span><span class="o">);</span> <span class="n">jwtProcessor</span><span class="o">.</span><span class="na">setJWEKeySelector</span><span class="o">(</span><span class="n">jweKeySelector</span><span class="o">);</span> <span class="k">return</span> <span class="n">jwtProcessor</span><span class="o">;</span> <span class="o">}</span> <span class="kd">private</span> <span class="nc">RSAKey</span> <span class="nf">rsaKey</span><span class="o">()</span> <span class="o">{</span> <span class="nc">RSAPrivateCrtKey</span> <span class="n">crtKey</span> <span class="o">=</span> <span class="o">(</span><span class="nc">RSAPrivateCrtKey</span><span class="o">)</span> <span class="k">this</span><span class="o">.</span><span class="na">key</span><span class="o">;</span> <span class="nc">Base64URL</span> <span class="n">n</span> <span class="o">=</span> <span class="nc">Base64URL</span><span class="o">.</span><span class="na">encode</span><span class="o">(</span><span class="n">crtKey</span><span class="o">.</span><span class="na">getModulus</span><span class="o">());</span> <span class="nc">Base64URL</span> <span class="n">e</span> <span class="o">=</span> <span class="nc">Base64URL</span><span class="o">.</span><span class="na">encode</span><span class="o">(</span><span class="n">crtKey</span><span class="o">.</span><span class="na">getPublicExponent</span><span class="o">());</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">RSAKey</span><span class="o">.</span><span class="na">Builder</span><span class="o">(</span><span class="n">n</span><span class="o">,</span> <span class="n">e</span><span class="o">).</span><span class="na">privateKey</span><span class="o">(</span><span class="k">this</span><span class="o">.</span><span class="na">key</span><span class="o">).</span><span class="na">keyUse</span><span class="o">(</span><span class="nc">KeyUse</span><span class="o">.</span><span class="na">ENCRYPTION</span><span class="o">).</span><span class="na">build</span><span class="o">();</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <ul> <li>Add this line to your <code>application.properties</code> file: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="n">spring</span><span class="o">.</span><span class="na">security</span><span class="o">.</span><span class="na">oauth2</span><span class="o">.</span><span class="na">resourceserver</span><span class="o">.</span><span class="na">jwt</span><span class="o">.</span><span class="na">jwk</span><span class="o">-</span><span class="n">set</span><span class="o">-</span><span class="n">uri</span><span class="o">=</span><span class="nl">https:</span><span class="c1">//cognito-idp.&lt;region&gt;.amazonaws.com/&lt;userPoolID&gt;/.well-known/jwks.json</span> <span class="n">sample</span><span class="o">.</span><span class="na">jwe</span><span class="o">-</span><span class="n">key</span><span class="o">-</span><span class="nl">value:</span> <span class="nl">classpath:</span><span class="n">simple</span><span class="o">.</span><span class="na">priv</span> </code></pre> </div> <ul> <li>Create a <code>simple.priv</code> file and paste the following key. Or create your own RSA key: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>-----BEGIN PRIVATE KEY----- MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDcWWomvlNGyQhA iB0TcN3sP2VuhZ1xNRPxr58lHswC9Cbtdc2hiSbe/sxAvU1i0O8vaXwICdzRZ1JM g1TohG9zkqqjZDhyw1f1Ic6YR/OhE6NCpqERy97WMFeW6gJd1i5inHj/W19GAbqK LhSHGHqIjyo0wlBf58t+qFt9h/EFBVE/LAGQBsg/jHUQCxsLoVI2aSELGIw2oSDF oiljwLaQl0n9khX5ZbiegN3OkqodzCYHwWyu6aVVj8M1W9RIMiKmKr09s/gf31Nc 3WjvjqhFo1rTuurWGgKAxJLL7zlJqAKjGWbIT4P6h/1Kwxjw6X23St3OmhsG6HIn +jl1++MrAgMBAAECggEBAMf820wop3pyUOwI3aLcaH7YFx5VZMzvqJdNlvpg1jbE E2Sn66b1zPLNfOIxLcBG8x8r9Ody1Bi2Vsqc0/5o3KKfdgHvnxAB3Z3dPh2WCDek lCOVClEVoLzziTuuTdGO5/CWJXdWHcVzIjPxmK34eJXioiLaTYqN3XKqKMdpD0ZG mtNTGvGf+9fQ4i94t0WqIxpMpGt7NM4RHy3+Onggev0zLiDANC23mWrTsUgect/7 62TYg8g1bKwLAb9wCBT+BiOuCc2wrArRLOJgUkj/F4/gtrR9ima34SvWUyoUaKA0 bi4YBX9l8oJwFGHbU9uFGEMnH0T/V0KtIB7qetReywkCgYEA9cFyfBIQrYISV/OA +Z0bo3vh2aL0QgKrSXZ924cLt7itQAHNZ2ya+e3JRlTczi5mnWfjPWZ6eJB/8MlH Gpn12o/POEkU+XjZZSPe1RWGt5g0S3lWqyx9toCS9ACXcN9tGbaqcFSVI73zVTRA 8J9grR0fbGn7jaTlTX2tnlOTQ60CgYEA5YjYpEq4L8UUMFkuj+BsS3u0oEBnzuHd I9LEHmN+CMPosvabQu5wkJXLuqo2TxRnAznsA8R3pCLkdPGoWMCiWRAsCn979TdY QbqO2qvBAD2Q19GtY7lIu6C35/enQWzJUMQE3WW0OvjLzZ0l/9mA2FBRR+3F9A1d rBdnmv0c3TcCgYEAi2i+ggVZcqPbtgrLOk5WVGo9F1GqUBvlgNn30WWNTx4zIaEk HSxtyaOLTxtq2odV7Kr3LGiKxwPpn/T+Ief+oIp92YcTn+VfJVGw4Z3BezqbR8lA Uf/+HF5ZfpMrVXtZD4Igs3I33Duv4sCuqhEvLWTc44pHifVloozNxYfRfU0CgYBN HXa7a6cJ1Yp829l62QlJKtx6Ymj95oAnQu5Ez2ROiZMqXRO4nucOjGUP55Orac1a FiGm+mC/skFS0MWgW8evaHGDbWU180wheQ35hW6oKAb7myRHtr4q20ouEtQMdQIF snV39G1iyqeeAsf7dxWElydXpRi2b68i3BIgzhzebQKBgQCdUQuTsqV9y/JFpu6H c5TVvhG/ubfBspI5DhQqIGijnVBzFT//UfIYMSKJo75qqBEyP2EJSmCsunWsAFsM TszuiGTkrKcZy9G0wJqPztZZl2F2+bJgnA6nBEV7g5PA4Af+QSmaIhRwqGDAuROR 47jndeyIaMTNETEmOnms+as17g== -----END PRIVATE KEY----- </code></pre> </div> <p>That's it. Now let's say you want to create a question. Simply create the endpoint and add the controller action in the QuestionController:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="nd">@Autowired</span> <span class="kd">private</span> <span class="nc">QuestionServiceImpl</span> <span class="n">questionService</span><span class="o">;</span> <span class="nd">@PostMapping</span><span class="o">(</span><span class="n">value</span> <span class="o">=</span> <span class="s">"/questions"</span><span class="o">,</span> <span class="n">consumes</span> <span class="o">=</span> <span class="o">{</span><span class="s">"application/json"</span><span class="o">})</span> <span class="kd">public</span> <span class="nc">ResponseEntity</span><span class="o">&lt;</span><span class="nc">Question</span><span class="o">&gt;</span> <span class="nf">createQuestion</span><span class="o">(</span><span class="nd">@AuthenticationPrincipal</span> <span class="nc">Jwt</span> <span class="n">jwt</span><span class="o">,</span> <span class="nd">@RequestBody</span> <span class="nc">CreateQuestionRequest</span> <span class="n">request</span><span class="o">)</span> <span class="o">{</span> <span class="nc">Question</span> <span class="n">createdQuestion</span> <span class="o">=</span> <span class="n">questionService</span><span class="o">.</span><span class="na">createQuestion</span><span class="o">(</span><span class="n">jwt</span><span class="o">,</span> <span class="n">request</span><span class="o">);</span> <span class="k">return</span> <span class="nc">ResponseEntity</span><span class="o">.</span><span class="na">status</span><span class="o">(</span><span class="nc">HttpStatus</span><span class="o">.</span><span class="na">CREATED</span><span class="o">).</span><span class="na">body</span><span class="o">(</span><span class="n">createdQuestion</span><span class="o">);</span> <span class="o">}</span> </code></pre> </div> <p><code>@AuthenticationPrincipal</code> is used to inject the JSON Web Token (JWT) directly into the method parameter and check if it's valid one.<br> I'll let you implement the logic in the service, request, repository and model. Ciao.</p> webdev springboot aws tutorial Fix docker rails error: tmp/pids/server.pid Not Cleaned Up David Fri, 17 Nov 2023 18:20:51 +0000 https://dev.to/daviidy/fix-docker-rails-error-tmppidsserverpid-not-cleaned-up-3b7p https://dev.to/daviidy/fix-docker-rails-error-tmppidsserverpid-not-cleaned-up-3b7p <p>If you work on a Rail app with Docker, you may encounter a docker rails error that says <code>"A server is already running (pid: pid_number, file: /app/tmp/pids/server.pid)"</code>.<br> I was frustrated when that happened to me, so I decided to write this article and show you how I fixed it. It's pretty simple in reality. Let's go!</p> <ul> <li>create a <code>docker-entrypoint.sh</code> file at the root of your project. This is what mine looks like </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>#!/bin/bash set -e if [ -f tmp/pids/server.pid ]; then rm tmp/pids/server.pid fi exec bundle exec "$@" </code></pre> </div> <ul> <li>add this to your <code>Dockerfile</code>, just before starting your server</li> </ul> <h1> Start the Rails server </h1> <p>ENTRYPOINT ["docker-entrypoint.sh"]<br> CMD ["rails", "server", "-b", "0.0.0.0"]</p> <p>Run <code>docker-compose up</code> again and everything should be ok.</p> webdev ruby rails softwareengineering 7 JavaScript Concepts You Should Know Before Learning React David Fri, 04 Aug 2023 16:14:13 +0000 https://dev.to/daviidy/7-javascript-concepts-you-should-know-before-learning-react-5gli https://dev.to/daviidy/7-javascript-concepts-you-should-know-before-learning-react-5gli <p>Maybe you don't know, but I'm someone who believes in building strong foundations. And, as we all know, ReactJS is a powerful JavaScript framework. But some developers tend to dive straight into it without grasping the basics. Huge mistake. That's why in this article, I'll cover some essential JavaScript concepts that will give you a strong foundation for learning and mastering React. Let's get started.</p> <h2> Destructuring </h2> <p>Destructuring allows you to extract values from arrays and objects and assign them to variables. In React, you'll often see destructuring used to extract properties from props and state. Here's an example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>const MyComponent = ({ name, age }) =&gt; { return ( My name is {name}, and I am {age} years old. ); }; </code></pre> </div> <h2> Spread Operators </h2> <p>As the name said it, they allow you to spread the elements of an array or object into a new array or object. Like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>const arr1 = [1, 2, 3]; const arr2 = [...arr1, 4, 5, 6]; console.log(arr2); // [1, 2, 3, 4, 5, 6] </code></pre> </div> <h2> Arrow Functions </h2> <p>One of my favorite concepts in JavaScript ES6. It provides a concise syntax for writing functions in JavaScript. They're commonly used in React to define event handlers and component methods.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>const MyComponent = () =&gt; { const handleClick = () =&gt; { console.log('Button clicked'); }; return ( Click me ); }; </code></pre> </div> <h2> Immutability </h2> <p>Immutability is a critical concept to understand when working with React. The goal is that we want to avoid directly mutating the state object, instead creating new copies of it with updated values. That way, React's internal state management and rendering mechanisms work correctly:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>const [counter, setCounter] = useState(0); const incrementCounter = () =&gt; { setCounter(prevCounter =&gt; prevCounter + 1); }; </code></pre> </div> <p>Let me explain the code above: I'm using the <code>useState</code> hook in React to create a new <code>counter</code> state variable. I'm also using the <code>setCounter</code> function to update the <code>counter</code> value, but I'm doing so immutably by passing a function to the <code>setCounter</code> function that returns a new value based on the previous value.</p> <h2> Higher-Order Functions </h2> <p>Higher-order functions are functions that either take other functions as arguments or return functions. They're commonly used in React to provide reusable logic and to create custom hooks:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>const withLogger = (WrappedComponent) =&gt; { return function(props) { console.log('Rendered: ', WrappedComponent.name); return ; }; }; </code></pre> </div> <p>Here the higher-order function is <code>withLogger</code> that takes a <code>WrappedComponent</code> as an argument. The <code>withLogger</code> function returns a new function that logs the name of the <code>WrappedComponent</code> and passes its props down to it.</p> <h2> Promises and Async/Await </h2> <p>They are essential concepts in modern JavaScript and are commonly used in React to handle asynchronous operations like fetching data from an API. Here's an example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>const fetchData = async () =&gt; { const response = await fetch('https://api.example.com/data'); const data = await response.json(); return data; }; </code></pre> </div> <h2> Modules and Imports/Exports </h2> <p>Modules are a way to organize code in JavaScript, separating it into different files or modules. Imports and exports are used to share code between modules. Check the following example: I'm defining a module called <code>utils.js</code> that exports a function called <code>add</code>. Then importing the <code>add</code> function into a different module, <code>app.js</code>, using the <code>import</code> statement.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>// utils.js export const add = (a, b) =&gt; a + b; // app.js import { add } from './utils'; console.log(add(1, 2)); // 3 </code></pre> </div> <p>That's it! Now go ahead and start learning those concepts if you didn't do it yet!</p> javascript react softwareengineering beginners 💻 10 essential Java Development tools you should learn David Thu, 03 Aug 2023 15:41:00 +0000 https://dev.to/daviidy/10-essential-java-development-tools-you-should-learn-1bc5 https://dev.to/daviidy/10-essential-java-development-tools-you-should-learn-1bc5 <p>Java is well-known for its extensive use for web, enterprise, and mobile applications. The field of web development moves fast and staying ahead of the curve is a necessity. Here are 10 essential web development tools that a Java developer shouldn't miss. These tools are meant to help you streamline your workflow, debug with ease, speed up productivity, and keep up with the pace of web development. </p> <p>1) IntelliJ IDEA - IntelliJ IDEA is a popular Java IDE that is widely used by Java developers. It provides rich features like code completion, debugging, and testing. It also supports web development workflows and enables plugin integration with other software tools. </p> <p>2) Spring Framework - Spring Framework is a widely used and mature open-source Java framework for building web applications. It provides a vast array of features such as data access, messaging, and security. It is flexible, well-supported, and has an active community. </p> <p>3) Postman - Postman is a tool for testing REST APIs. It is easy to use and can save a considerable amount of time when testing and debugging APIs. It provides a collection of features such as saving requests, responses, and environments.</p> <p>4) Git - Git is a free, open-source distributed version control system. It provides a way to track changes made to the source code. It facilitates collaboration among developers and allows for easy branching, merging, and reverting changes.</p> <p>5) Docker - Docker is a containerization platform that is used to create, deploy, and run applications. It provides a simple way to package the application with all its dependencies into a container. Docker containers are lightweight and can run anywhere, providing a seamless deployment process.</p> <p>6) Sonar - Sonar is a continuous code quality tool used to analyze source code for bugs, vulnerabilities, and other technical debt. It provides static analysis, code coverage, and duplication detection. Sonar integrates well with Eclipse and other IDEs.</p> <p>7) Apache Maven - Apache Maven is a build automation tool used primarily for Java projects. It is used to compile, test, and package Java code into JAR or WAR files. It can manage dependencies, integrate with other build systems, and automate the build process.</p> <p>8) JIRA - JIRA is a project management tool used by many development teams to manage bugs, issues, and tasks. It integrates well with other tools like Git and Jenkins.</p> <p>9) Apache Tomcat - Apache Tomcat is a widely used Java servlet container. It is used to run Java web applications. It provides a simple way to deploy, test and run web applications, and supports multiple operating systems.</p> <p>10) Selenium - Selenium is a tool for web browser automation, which means you can test your web pages like both JSP and static pages written using HTML and JavaScript using Selenium.</p> <p>Let me know in the comments section what other tools Java developers should know in 2023</p> java softwareengineering springboot