DEV Community: Hash Rekayasa Teknologi The latest articles on DEV Community by Hash Rekayasa Teknologi (@hash-id). https://dev.to/hash-id https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Forganization%2Fprofile_image%2F5727%2F16f5ed98-926c-470b-bd6c-252ee148a30d.jpg DEV Community: Hash Rekayasa Teknologi https://dev.to/hash-id en Access ip camera android and display to our monitor using java Yogi khoirul Anwar Thu, 18 Aug 2022 04:16:00 +0000 https://dev.to/hash-id/access-ip-camera-android-and-display-to-our-monitor-using-java-hd3 https://dev.to/hash-id/access-ip-camera-android-and-display-to-our-monitor-using-java-hd3 <p>Hi developers, today we will make a cctv monitoring using java language. Did you know how java can acces ip of cctv camera? Itโ€™s sound so attractive, right? <br> Okay, in this article. We will realize how to access ip of cctv using java language ๐Ÿ˜ <br> First time, we need to prepare some tools to make it perfect. There are :</p> <ol> <li>Text editor. The text editor we will using netbeans 8.1 IDE.</li> <li>Javacv library. You can download opencv library on <a href="https://github.com/junaid67/ip-camera-java-cv-libraries.git">https://github.com/junaid67/ip-camera-java-cv-libraries.git</a> . And then you have to extract download folder in your pc</li> <li>Ip webcam application to get ip of camera. You can get and install it in playstore .</li> </ol> <p>Okay, letโ€™s start it.<br> We must make a project on netbeans. To make a new project you can use <code>ctrl+shif+n</code> with your keyboard . Then you will see the project options, select the java application as shown below. After that click next.<br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--5PHu4uiZ--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/8vvwb1sb1luqerrz18bc.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--5PHu4uiZ--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/8vvwb1sb1luqerrz18bc.png" alt="Image description" width="614" height="427"></a><br> After that give project name with <code>konekcctv</code>, then <code>click finish button</code> to make a new project. Please see this image below.<br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--Gijh-2cj--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/ny4fobr3lquny7mxy3nd.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--Gijh-2cj--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/ny4fobr3lquny7mxy3nd.png" alt="Image description" width="656" height="456"></a><br> When finished, a new workspace or new project will shown as image below.<br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--8SFUXPK3--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/jyfrunjc17yofhmtgedn.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--8SFUXPK3--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/jyfrunjc17yofhmtgedn.png" alt="Image description" width="880" height="457"></a><br> In the <code>konekcctv.java</code> source code file, there is a konekcctv class and a main class that is used to execute the program code that will be created.<br> After that, we need to add the javacv library that we have downloaded in the project folder. <br> First, right-click on the libraries folder, then select add jar/folder and choose all of extracted javacv library in your pc.<br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--bTFFkk07--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/lm22ym6b0s1g9kbv6gaq.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--bTFFkk07--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/lm22ym6b0s1g9kbv6gaq.png" alt="Image description" width="386" height="383"></a><br> After the libraries are imported, all javacv libraries will appear in the libraries folder. See the image below.<br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--Hmxk4KWi--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/9mkhtl5aff2iojkk68ty.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--Hmxk4KWi--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/9mkhtl5aff2iojkk68ty.png" alt="Image description" width="373" height="486"></a><br> After everything is done, the next step is to start coding.<br> First we need to import the javacv library which was added in the libraries folder earlier. We import outside the konekcctv class,<br> <code>Import com.googlecode.javacv.canvasframe;<br> Import com.googlecode.javacv.opencvframegrabber;<br> Import com.googlecode.javacv.cpp.opencv_core.iplimage;</code><br> Please see as shown below,<br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--Ax9_BFyP--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/awrhsmtrpyjcl8jxvne3.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--Ax9_BFyP--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/awrhsmtrpyjcl8jxvne3.png" alt="Image description" width="700" height="295"></a></p> <ul> <li>Import function <code>com.googlecode.javacv.canvasframe;</code> is to display the capture frame on our pc screen.</li> <li>Then import <code>com.googlecode.javacv.opencvframegrabber;</code> we use to retrieve where the video is. Video can be a ready-made video or video from an ip camera.</li> <li>And import <code>com.googlecode.javacv.cpp.opencv_core.iplimage;</code> is to get the ip address of the camera or cctv used.</li> </ul> <p>After finished of importing,<br> We will make a function to connect ip camera and display of video in camera to our pc as shown below,</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>public static void main(String[] args) throws FrameGrabber.Exception { OpenCVFrameGrabber frameGrabber = new OpenCVFrameGrabber("http://192.168.87.96:8080/video?dummy=param.mjpg"); frameGrabber.setFormat("mjpeg"); frameGrabber.start(); IplImage iPimg = frameGrabber.grab(); CanvasFrame canvasFrame = new CanvasFrame("Camera"); canvasFrame.setCanvasSize(iPimg.width(), iPimg.height()); while (canvasFrame.isVisible() &amp;&amp; (iPimg = frameGrabber.grab()) != null) { canvasFrame.showImage(iPimg); } frameGrabber.stop(); canvasFrame.dispose(); System.exit(0); }` </code></pre> </div> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--bChMDwUp--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/8k92d0b2kd01kzxloa0y.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--bChMDwUp--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/8k92d0b2kd01kzxloa0y.png" alt="Image description" width="880" height="408"></a></p> <p>The first thing to do is to create a framegrabber variable to get the video file by calling the camera's ip address using <br> <code>opencvframegrabber.<br> opencvframegrabber framegrabber = new opencvframegrabber("http://192.168.0.2:8080/video?dummy=param.mjpg");</code><br> <code>http://192.168.0.2:8080/video?dummy=param.mjpg</code> is the ip camera address on the ip camera in android application. Each application has its own ip, so match the ip camera with the ip camera on your own device.</p> <p>Then we set the format of the video to be displayed on our pc with the code <code>framegrabber.setformat("mjpeg");</code><br> and the frame grabber is executed with the code <code>framegrabber.start();</code><br> Then to return the ip image or ip camera we create a variable <code>ipimg = framegrabber.grab();</code><br> <code>Framegrabber.grab()</code> is used to return the ip of the framegrabber. </p> <p>Then we will display the capture of the ip camera with<br> <code>canvasframe canvasframe = new canvasframe("camera");</code><br> <code>canvasframe.setcanvassize(ipimg.width(), ipimg.height());</code><br> We need to create a canvasframe variable like the source code above. The canvasframe will be used to make the size of the camera view on our pc screen.<br> And the last step is to create a function to display frames on our pc screen as follows:<br> <code>While (canvasframe.isvisible() &amp;&amp; (ipimg = framegrabber.grab()) != null) {<br> canvasframe.showimage(ipimg);<br> }</code></p> <p>After everything is done, we can run the file in the run project section of netbeans, or we can use the shortcut <code>shif+f6</code> . But before running the project, the ip camera application on android needs to be turned on first. Then our android and pc need to use the same network otherwise this framegrabber will not find the ip of the camera that has been activated.</p> <p>This image below is the result of running application,<br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--bim8PjOm--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/xybbo7klih56emstkdwc.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--bim8PjOm--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/xybbo7klih56emstkdwc.png" alt="Image description" width="588" height="586"></a></p> <p>Good Luck!! ๐Ÿ˜</p> opencv java Penggunaan Branch Feature pada Git Flow Deby Silvia Agnes Thu, 11 Aug 2022 02:19:00 +0000 https://dev.to/hash-id/penggunaan-branch-feature-pada-git-flow-5gpa https://dev.to/hash-id/penggunaan-branch-feature-pada-git-flow-5gpa <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fimages.unsplash.com%2Fphoto-1590595906931-81f04f0ccebb%3Fixlib%3Drb-1.2.1%26ixid%3DMnwxMjA3fDB8MHxwaG90by1wYWdlfHx8fGVufDB8fHx8%26auto%3Dformat%26fit%3Dcrop%26w%3D2070%26q%3D80" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fimages.unsplash.com%2Fphoto-1590595906931-81f04f0ccebb%3Fixlib%3Drb-1.2.1%26ixid%3DMnwxMjA3fDB8MHxwaG90by1wYWdlfHx8fGVufDB8fHx8%26auto%3Dformat%26fit%3Dcrop%26w%3D2070%26q%3D80" alt="Photo by Richy Great on Unsplash" width="2070" height="1380"></a></p> <p>Terdapat beberapa macam branching workflow yang dapat digunakan oleh pengguna git. Diantaranya Git Flow, Github Flow, Gitlab Flow, dan One Flow. Penjelasan lengkapnya seperti yang dijelaskan dalam artikel <a href="https://medium.com/@patrickporto/4-branching-workflows-for-git-30d0aaee7bf" rel="noopener noreferrer">4 Branching Workflows For Git</a>. </p> <p>Salah satu yang terkenal dan kebetulan digunakan di perusahaan saya sekarang, adalah Git Flow.<br><br> Git Flow dipublikasikan oleh <a href="https://nvie.com/about/" rel="noopener noreferrer">Vincent Driessen</a> dan sangat populer karena cocok untuk kolaborasi tim dan scaling the development team. Info selengkapnya terdapat <a href="https://nvie.com/posts/a-successful-git-branching-model/" rel="noopener noreferrer">disini</a>. </p> <h2> Perkenalan </h2> <p>Branch utama dalam Git FLow adalah : </p> <ol> <li><p><strong>Master</strong> merupakan branch yang menyimpan official release history. Jadi hanya berisi kode yang di-deploy ke production-server, sudah lolos testing, dan dirilis. </p></li> <li><p><strong>Develop</strong> merupakan branch pre-production yang digunakan untuk development yang nantinya memiliki branch feature, release, dan bugfix. Jadi, penambahan fitur baru, perbaikan kode, dan development yang dilakukan oleh developerโ€Šโ€”โ€Šdeveloper lain berada pada branch ini. </p></li> </ol> <blockquote> <p>Dalam Git Flow juga dapat menandai semua commit pada branch master dengan version number. </p> </blockquote> <h2> Cara Installasi </h2> <p>Disini kita bisa menggunakan versi CLI maupun versi extension di editor Visual Studio Code (VSCode). Namun, karena saya terbiasa menggunakan CLI, maka saya lebih nyaman menggunakan CLI. Karena menurut saya, penggunaan extension di editor VSCode cukup membuat saya bingung dan takut terjadi kesalahan (<em>human error on click</em>). Sehingga saya hanya menggunakan beberapa fitur saja. Namun semua itu kembali kepada kalian yang menggunakan. Disini saya akan mengulas cara installasi di keduanya. </p> <h3> Installasi di CLI </h3> <p>Windows: ikuti instruksi disini. git-flow-avh sudah termasuk di dalam paket Git for Windows. </p> <p>Linux: sudo apt-get install git-flow </p> <p>Untuk informasi instalasi pada OS yang lainnya, dapat dilihat di <a href="https://github.com/petervanderdoes/gitflow-avh/wiki/Installation" rel="noopener noreferrer">installasi gitflow-avh</a>. </p> <h3> Installasi Extension di VSCode </h3> <ol> <li><p>Cari extension โ€œ gitflowโ€ di VSCode. </p></li> <li><p>Biasanya yang saya gunakan adalah extension milik vector-of-bool : </p></li> </ol> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmz7ezwzmj4th4eycn9vv.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmz7ezwzmj4th4eycn9vv.png" alt="Extension Gitflow by dokumentasi penulis" width="800" height="329"></a> </p> <h2> Penggunaan </h2> <p>Penggunaan yang akan saya jelaskan disini adalah menggunakan CLI. Karena jika menggunakan extension, sudah terdapat panduan yang dapat di ikuti. </p> <ol> <li>Langkah pertama yang harus dilakukan adalah melakukan inisialisasi git flow untuk local repo : </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>git flow init -d </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3pnntzu808byd9eg55f0.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3pnntzu808byd9eg55f0.png" alt="Git Flow Init -d by dokumentasi penulis" width="800" height="314"></a> </p> <p><strong>-d</strong> menandakan bahwa kita menggunakan versi default dari git flow. <br> Perintah ini akan membuat 2 branch, yaitu <strong>master</strong> dan <strong>develop</strong> <br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fshjggqkm0fniwopfwej6.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fshjggqkm0fniwopfwej6.png" alt="Branch default Git Flow by dokumentasi penulis" width="523" height="68"></a> </p> <p>2.Selain itu, kita juga otomatis checkout ke branch develop </p> <p>3.Kemudian juga otomatis ada initial commit <br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2122hp39r8m7ounc6mzt.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2122hp39r8m7ounc6mzt.png" alt="Initial Commit by dokumentasi penulis" width="800" height="112"></a> </p> <h3> Buat Feature </h3> <p>4.Selanjutnya, kita dapat melakukan develop project. Jika kita akan menambahkan fitur, kita kerjakan di branch feature dengan membuat branch feature terlebih dahulu dengan perintah :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>git flow feature start &lt;nama_feature&gt; </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fnt62lxqsugayqxczxu9p.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fnt62lxqsugayqxczxu9p.png" alt="Feature Start by dokumentasi penulis" width="723" height="213"></a></p> <p>5.Sekarang kita sudah ada di branch feature/function-balances. Kita dapat mulai ngoding disini untuk membuat fitur tersebut. <br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxxqo5hf52y0pafu0swmv.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxxqo5hf52y0pafu0swmv.png" alt="Ada di branch feature/&lt;nama_feature&gt; by dokumentasi penulis" width="599" height="85"></a> </p> <p>6.Jika telah selesai membuat fitur, cek status perubahan menggunakan perintah :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>git status </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwygriq8gdrgym1s0zww5.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwygriq8gdrgym1s0zww5.png" alt="Git status by dokumentasi penulis" width="744" height="273"></a> </p> <p>7.Sebelum melakukan commit, pastikan file yang berubah telah di add. Kita boleh memasukkan semua file dalam satu commit (agar lebih cepat) atau boleh juga jika ingin setiap satu file dalam satu commit. Namun disini saya memasukkan semua file dalam satu commit.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>git add . git commit -m "&lt;message&gt;" </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6pri04n2zbxxkw63q0gv.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6pri04n2zbxxkw63q0gv.png" alt="Git Add dan Commit All Changes by dokumentasi penulis" width="800" height="91"></a> </p> <p>8.Jika git status sudah seperti dibawah ini, maka artinya perubahan yang kita lakukan sudah selesai kita commit semua. </p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsiglm9ies59sddm804j0.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsiglm9ies59sddm804j0.png" alt="Status Nothing To Commit by dokumentasi penulis" width="570" height="70"></a></p> <h3> Publish Feature Untuk Review </h3> <p>9.Setelah kita melakukan perubahan, sebaiknya feature kita dapat di review dahulu oleh anggota tim yang lain. Sehingga feature di publish terlebih dahulu.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>git flow feature publish &lt;nama_feature&gt; </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffoee80a3bamq0fxfpciw.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffoee80a3bamq0fxfpciw.png" alt="Publish Feature Untuk di Review by dokumentasi penulis" width="800" height="380"></a></p> <p>10.Kita buat PR (Pull Request) ke branch <strong>develop</strong>. PR digunakan di <strong>Github</strong>, namun jika menggunakan <strong>Gitlab</strong>, maka namanya ada <strong>Merge Request</strong>. Disini saya menggunakan github. <br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fb8hsiv6m3a2ytw54ew1v.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fb8hsiv6m3a2ytw54ew1v.png" alt="PR di Github by dokumentasi penulis" width="796" height="369"></a> </p> <p>Klik compare &amp; pull request untuk membuat PR ke branch <strong>develop</strong>. </p> <p>11.Setelah code review selesai, maka bisa merge melalui web atau melalui terminal dengan perintah :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>git flow feature finish &lt;nama_feature&gt; </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvimdlaen198sy4xwpfcb.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvimdlaen198sy4xwpfcb.png" alt="Finish Feature from review by dokumentasi penulis" width="800" height="309"></a> </p> <p>12.Lakukan <code>push</code> ke branch develop <br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F59zhzazar783uahycnb7.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F59zhzazar783uahycnb7.png" alt="Push ke develop by dokumentasi penulis" width="390" height="35"></a> </p> <p>13.Karena branch <strong>feature</strong> sudah di merge ke <strong>develop</strong> dan tidak digunakan lagi, maka branch feature di local komputer kita <code>bisa kita hapus</code>. </p> <blockquote> <p>Baik sekian penggunaan git flow melalui CLI kali ini.<br><br> Jika menggunakan extension VSCode dapat lebih mudah karena tinggal klik klik saja. Namun penggunaan yang nyaman yang mana, itu kembali lagi kepada masingโ€Šโ€”โ€Šmasing developer yang menggunakan.</p> </blockquote> <p>Source: </p> <p><a href="https://medium.com/@patrickporto/4-branching-workflows-for-git-30d0aaee7bf" rel="noopener noreferrer">4 branching workflows for Git</a></p> <p><a href="https://nvie.com/posts/a-successful-git-branching-model/" rel="noopener noreferrer">A successful Git branching model</a><br> <a href="https://www.atlassian.com/git/tutorials/comparing-workflows/gitflow-workflow" rel="noopener noreferrer">Gitflow Workflow | Atlassian Git Tutorial</a><br> <a href="https://masputih.com/2017/11/git-flow-01-intro" rel="noopener noreferrer">Git Flow 01 - Intro</a></p> <p><a href="https://medium.com/easyread/gitflow-in-practice-1d8a2bbdc3a1" rel="noopener noreferrer">Gitflow in Practice</a> </p> <p><a href="https://medium.com/@rafavinnce/gitflow-branch-guide-8a523360c053" rel="noopener noreferrer">Gitflowโ€Šโ€”โ€ŠBranch Guide</a> </p> <p><a href="https://medium.com/@olivier.bossel/git-flow-the-right-way-to-go-f2a65c315818" rel="noopener noreferrer">Git-flow : The right way to go</a></p> Lessons Learned from Developing Serverless Workflow Runtime Implementation Muhammad Yahya Muhaimin Tue, 26 Jul 2022 01:23:02 +0000 https://dev.to/hash-id/lessons-learned-from-developing-serverless-workflow-runtime-implementation-2fh8 https://dev.to/hash-id/lessons-learned-from-developing-serverless-workflow-runtime-implementation-2fh8 <p>At Hash Rekayasa Teknologi, we've been developing and using <a href="https://www.hash.id/mocobaas/" rel="noopener noreferrer">MocoBaaS</a>, a Backend-as-a-Service solution.<br> One of the features for implementing business logic is Custom Script.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fihrz0zzyx2wdet3dftmx.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fihrz0zzyx2wdet3dftmx.png" alt="MocoBaaS Custom Script flow" width="668" height="371"></a></p> <p>This feature has served us well for many use cases.<br> However, there are some use cases that consist of multiple steps. They can be implemented by "chaining" multiple scripts, one script triggering another. While this can get the job done, it's hard to keep track of the steps that were executed.</p> <p>Imagine we have a use case like Marketplace Order:</p> <blockquote> <p>DISCLAIMER: It may not represent a real world use case.</p> </blockquote> <ol> <li>Create Order</li> <li>Confirm Payment</li> <li>Confirm Delivery</li> <li>Confirm Completed</li> </ol> <p>It can be done by defining this flow:</p> <ol> <li>Script: <code>create-order</code> <ul> <li>Triggered By: HTTP source</li> <li>Triggers: <code>create-order-success</code> event</li> </ul> </li> <li>Script: <code>confirm-payment</code> <ul> <li>Triggered By: Event source</li> <li>Triggers: <code>confirm-payment-success</code> event</li> </ul> </li> <li>Script: <code>confirm-delivery</code> <ul> <li>Triggered By: Event source</li> <li>Triggers: <code>confirm-delivery-success</code> event</li> </ul> </li> <li>Script: <code>confirm-completed</code> <ul> <li>Triggered By: Event source</li> </ul> </li> </ol> <p>With the flow above, the scripts were executed as is. There is no centralized mechanism of tracking the executed steps, whether they were executed properly or not.</p> <h2> Serverless Workflow to the rescue </h2> <p>Among workflow languages out there, we choose <a href="https://serverlessworkflow.io" rel="noopener noreferrer">Serverless Workflow</a>. It's a vendor-neutral, open-source and community-driven workflow ecosystem.<br> The workflow definition can be written in JSON or YAML format.<br> And then there are SDKs available in various programming languanges, like Java, Go, TypeScript, .NET, Python.</p> <p>The Marketplace Order use case above can be defined like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">id</span><span class="pi">:</span> <span class="s">marketplaceorder</span> <span class="na">version</span><span class="pi">:</span> <span class="s2">"</span><span class="s">1.0"</span> <span class="na">specVersion</span><span class="pi">:</span> <span class="s2">"</span><span class="s">0.7"</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Marketplace Order Workflow</span> <span class="na">description</span><span class="pi">:</span> <span class="s">Create and process orders on the marketplace.</span> <span class="na">start</span><span class="pi">:</span> <span class="s">CreateOrder</span> <span class="na">functions</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">createOrderFunction</span> <span class="na">operation</span><span class="pi">:</span> <span class="s">mocobaas://marketplace-order#create-order</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">confirmPaymentFunction</span> <span class="na">operation</span><span class="pi">:</span> <span class="s">mocobaas://marketplace-order#confirm-payment</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">confirmDeliveryFunction</span> <span class="na">operation</span><span class="pi">:</span> <span class="s">mocobaas://marketplace-order#confirm-delivery</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">confirmCompletedFunction</span> <span class="na">operation</span><span class="pi">:</span> <span class="s">mocobaas://marketplace-order#confirm-completed</span> <span class="na">states</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">CreateOrder</span> <span class="na">type</span><span class="pi">:</span> <span class="s">operation</span> <span class="na">actions</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">functionRef</span><span class="pi">:</span> <span class="s">createOrderFunction</span> <span class="na">transition</span><span class="pi">:</span> <span class="s">ConfirmPayment</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">ConfirmPayment</span> <span class="na">type</span><span class="pi">:</span> <span class="s">operation</span> <span class="na">actions</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">functionRef</span><span class="pi">:</span> <span class="s">confirmPaymentFunction</span> <span class="na">transition</span><span class="pi">:</span> <span class="s">ConfirmDelivery</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">ConfirmDelivery</span> <span class="na">type</span><span class="pi">:</span> <span class="s">operation</span> <span class="na">actions</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">functionRef</span><span class="pi">:</span> <span class="s">confirmDeliveryFunction</span> <span class="na">transition</span><span class="pi">:</span> <span class="s">ConfirmCompleted</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">ConfirmCompleted</span> <span class="na">type</span><span class="pi">:</span> <span class="s">operation</span> <span class="na">actions</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">functionRef</span><span class="pi">:</span> <span class="s">confirmCompletedFunction</span> <span class="na">end</span><span class="pi">:</span> <span class="kc">true</span> </code></pre> </div> <p>And this is the diagram visualization:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7dwpfcght3yl3qfiizui.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7dwpfcght3yl3qfiizui.png" alt="Marketplace Order workflow diagram" width="254" height="704"></a></p> <p>If you are new to Serverless Workflow, or workflow in general, you may have so many questions about that ๐Ÿ˜</p> <p>I recommend you to watch this presentation:</p> <p><iframe width="710" height="399" src="https://www.youtube.com/embed/I66zBOpnUy0"> </iframe> </p> <p>And then read the official Serverless Workflow examples and specification:</p> <ul> <li>Version 0.7: <a href="https://github.com/serverlessworkflow/specification/blob/0.7.x/examples/README.md" rel="noopener noreferrer">examples</a>, <a href="https://github.com/serverlessworkflow/specification/blob/0.7.x/specification.md" rel="noopener noreferrer">specification</a>.</li> <li>Version 0.8: <a href="https://github.com/serverlessworkflow/specification/blob/0.8.x/examples/README.md" rel="noopener noreferrer">examples</a>, <a href="https://github.com/serverlessworkflow/specification/blob/0.8.x/specification.md" rel="noopener noreferrer">specification</a>.</li> </ul> <p>Let me continue the story...</p> <p>What we need to build is a runtime implementation that execute workflows based on the definitions.<br> Golang has become an important part of our stack at Hash Rekayasa Teknologi. So we simply choose the <a href="https://github.com/serverlessworkflow/sdk-go" rel="noopener noreferrer">Go SDK for Serverless Workflow</a>. Although I didn't try other SDKs, I'm sure there shouldn't be much difference to what I'm using here.<br> The most important question with the SDK: <strong>What it does and doesn't?</strong></p> <p>It does:</p> <ul> <li>Parse workflow JSON and YAML definitions.</li> <li>One workflow definition has a hierarchical structure. Each definition from top level to sub-levels will be represented <a href="https://pkg.go.dev/github.com/serverlessworkflow/sdk-go/v2/model" rel="noopener noreferrer">as a Model</a>, such as Workflow, State, Action, Function, Retry.</li> </ul> <p>It doesn't:</p> <ul> <li>There is no Workflow Instance representation. For the execution, you have to define the unique identifier yourself.</li> <li>The duration values in ISO 8601 duration format are not parsed.</li> <li>The workflow expressions in jq format are not parsed.</li> </ul> <p>With those limitations, there doesn't seem to be much we can do with the SDK. Just parse the workflow definition and use the hierarchical structure as a guide for executions.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">sw</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"errors"</span> <span class="s">"os"</span> <span class="s">"path/filepath"</span> <span class="s">"github.com/google/uuid"</span> <span class="s">"github.com/serverlessworkflow/sdk-go/v2/model"</span> <span class="s">"github.com/serverlessworkflow/sdk-go/v2/parser"</span> <span class="p">)</span> <span class="k">type</span> <span class="n">StartWorkflowResult</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">InstanceID</span> <span class="kt">string</span> <span class="s">`json:"instanceId"`</span> <span class="p">}</span> <span class="k">var</span> <span class="n">workflows</span> <span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="o">*</span><span class="n">model</span><span class="o">.</span><span class="n">Workflow</span> <span class="k">func</span> <span class="n">LoadWorkflows</span><span class="p">()</span> <span class="kt">error</span> <span class="p">{</span> <span class="k">const</span> <span class="n">definitionsDir</span> <span class="o">=</span> <span class="s">"definitions"</span> <span class="n">dirEntries</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">os</span><span class="o">.</span><span class="n">ReadDir</span><span class="p">(</span><span class="n">definitionsDir</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="n">workflows</span> <span class="o">=</span> <span class="nb">make</span><span class="p">(</span><span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="o">*</span><span class="n">model</span><span class="o">.</span><span class="n">Workflow</span><span class="p">)</span> <span class="k">for</span> <span class="n">_</span><span class="p">,</span> <span class="n">entry</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">dirEntries</span> <span class="p">{</span> <span class="n">name</span> <span class="o">:=</span> <span class="n">entry</span><span class="o">.</span><span class="n">Name</span><span class="p">()</span> <span class="n">path</span> <span class="o">:=</span> <span class="n">filepath</span><span class="o">.</span><span class="n">Join</span><span class="p">(</span><span class="n">definitionsDir</span><span class="p">,</span> <span class="n">name</span><span class="p">)</span> <span class="n">wf</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">parser</span><span class="o">.</span><span class="n">FromFile</span><span class="p">(</span><span class="n">path</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="n">workflows</span><span class="p">[</span><span class="n">name</span><span class="p">]</span> <span class="o">=</span> <span class="n">wf</span> <span class="p">}</span> <span class="k">return</span> <span class="no">nil</span> <span class="p">}</span> <span class="k">func</span> <span class="n">StartWorkflow</span><span class="p">(</span><span class="n">name</span> <span class="kt">string</span><span class="p">,</span> <span class="n">input</span> <span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="k">interface</span><span class="p">{})</span> <span class="p">(</span><span class="o">*</span><span class="n">StartWorkflowResult</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">wf</span><span class="p">,</span> <span class="n">ok</span> <span class="o">:=</span> <span class="n">workflows</span><span class="p">[</span><span class="n">name</span><span class="p">]</span> <span class="k">if</span> <span class="o">!</span><span class="n">ok</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">errors</span><span class="o">.</span><span class="n">New</span><span class="p">(</span><span class="s">"Workflow not found: "</span> <span class="o">+</span> <span class="n">name</span><span class="p">)</span> <span class="p">}</span> <span class="n">instanceID</span> <span class="o">:=</span> <span class="n">uuid</span><span class="o">.</span><span class="n">NewString</span><span class="p">()</span> <span class="c">// Start a new instance.</span> <span class="c">// Parameters: instanceID, wf, input</span> <span class="k">return</span> <span class="o">&amp;</span><span class="n">StartWorkflowResult</span><span class="p">{</span><span class="n">instanceID</span><span class="p">},</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <p>Here we store the Workflow models in a map, so the <code>LoadWorkflows()</code> function only needs to be called once.<br> And then the <code>StartWorkflow()</code> function will be called in every execution.</p> <h2> Take notes for the implemented features </h2> <p>We may not implement all the features in the specification. One thing we can do is document them. Each feature will have status:</p> <ul> <li>implemented according to the spec ๐ŸŸข๐ŸŸข</li> <li>implemented, but not according to the spec or using own standard ๐ŸŸข๐Ÿ”ด</li> <li>not/not yet implemented ๐Ÿ”ด</li> </ul> <p>I took notes on a spreadsheet. You can see it <a href="https://docs.google.com/spreadsheets/d/1x92axugs8grW-wPCOF0E246fRYrZsxY97aSYI2Qzs40/edit?usp=sharing" rel="noopener noreferrer">here</a>.<br> I use my native language, Bahasa Indonesia.<br> And it's not complete. I take note of a definition only when I start implementing it.</p> <p>Let's see one example, the Function Definition:</p> <ul> <li>As we know, service call is defined here.</li> <li>The workflow runtime is written in Go, while the scripts are written in JavaScript (Node.js).</li> <li>MocoBaaS already has an internal RPC mechanism, so we want to use "custom" type.</li> <li>In spec v0.8, there's "custom" type. But as of this writing, the Go SDK only supports spec v0.7.</li> </ul> <p>As you can see, we tried to stick to the spec as far as we could. But sometimes we have to use our own standards.</p> <h2> Executing workflow </h2> <p>The Marketplace Order Workflow has a linear flow, from create order to confirm completed. This is the directory structure containing workflow definition and scripts:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>. โ””โ”€โ”€ marketplace-order โ”œโ”€โ”€ definition.sw.yaml โ””โ”€โ”€ scripts โ”œโ”€โ”€ confirm-completed.js โ”œโ”€โ”€ confirm-delivery.js โ”œโ”€โ”€ confirm-payment.js โ””โ”€โ”€ create-order.js </code></pre> </div> <p>The end result will be a JSON like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"createOrder"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"> </span><span class="nl">"confirmPayment"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"> </span><span class="nl">"confirmDelivery"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"> </span><span class="nl">"confirmCompleted"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>When the workflow is executed, starting with <code>create-order.js</code>, data is a new object:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">module</span><span class="p">.</span><span class="nx">exports</span> <span class="o">=</span> <span class="k">async </span><span class="p">(</span><span class="nx">ctx</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">return</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="p">{</span> <span class="na">createOrder</span><span class="p">:</span> <span class="kc">true</span> <span class="p">},</span> <span class="p">};</span> <span class="p">};</span> </code></pre> </div> <p>Next, <code>confirm-payment.js</code> extends the data from previous state:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">module</span><span class="p">.</span><span class="nx">exports</span> <span class="o">=</span> <span class="k">async </span><span class="p">(</span><span class="nx">ctx</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">return</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="p">{</span> <span class="p">...</span><span class="nx">ctx</span><span class="p">.</span><span class="nx">data</span><span class="p">,</span> <span class="na">confirmPayment</span><span class="p">:</span> <span class="kc">true</span> <span class="p">},</span> <span class="p">};</span> <span class="p">};</span> </code></pre> </div> <p>And so on.</p> <h2> Tracking workflow execution </h2> <p>As written in the spec:<br> <em>Depending on their workflow definition, workflow instances can be short-lived or can execute for days, weeks, or years.</em></p> <p>There is no recommendation on how to store the tracking information. Any database can be used.<br> We need to handle these requirements:</p> <ul> <li>One instance can have more than one states.</li> <li>The state's data input is typically the previous state's data output.</li> <li>If the state is the workflow starting state, its data input is the workflow data input.</li> <li>When workflow execution ends, the data output of the last executed state becomes the workflow data output.</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7l1x9qakox35xmxw4icr.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7l1x9qakox35xmxw4icr.png" alt="Information passing between states" width="800" height="974"></a></p> <p>For example, we have two tables:</p> <ul> <li>instances</li> <li>instance_states</li> </ul> <p>The Marketplace Order Workflow execution can be stored like this:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fohein5an3d9bdun5zfmt.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fohein5an3d9bdun5zfmt.png" alt="Table instances" width="800" height="128"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F91x54cc12jbbyateu154.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F91x54cc12jbbyateu154.png" alt="Table instance_states" width="800" height="116"></a></p> <h2> Retrying actions </h2> <p>If a state returning an error, we can leave it as the final result or define a retry policy.<br> For example, we have a Chance of Success Workflow.</p> <p>Directory structure:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>. โ””โ”€โ”€ chance-of-success โ”œโ”€โ”€ definition.sw.yaml โ””โ”€โ”€ scripts โ””โ”€โ”€ chance.js </code></pre> </div> <p><code>chance.js</code> will randomize a boolean. If true, returns data. If false, returns error:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">chance</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">"</span><span class="s2">chance</span><span class="dl">"</span><span class="p">).</span><span class="nc">Chance</span><span class="p">();</span> <span class="nx">module</span><span class="p">.</span><span class="nx">exports</span> <span class="o">=</span> <span class="k">async </span><span class="p">(</span><span class="nx">ctx</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">isTrue</span> <span class="o">=</span> <span class="nx">chance</span><span class="p">.</span><span class="nf">bool</span><span class="p">({</span> <span class="na">likelihood</span><span class="p">:</span> <span class="nx">ctx</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nx">likelihood</span> <span class="p">});</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">isTrue</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="p">{</span> <span class="na">error</span><span class="p">:</span> <span class="p">{</span> <span class="na">message</span><span class="p">:</span> <span class="dl">"</span><span class="s2">failed</span><span class="dl">"</span> <span class="p">},</span> <span class="p">};</span> <span class="p">}</span> <span class="k">return</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="p">{</span> <span class="na">message</span><span class="p">:</span> <span class="dl">"</span><span class="s2">success</span><span class="dl">"</span> <span class="p">},</span> <span class="p">};</span> <span class="p">};</span> </code></pre> </div> <p>And the workflow definition contains a retry definition:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">id</span><span class="pi">:</span> <span class="s">chanceofsuccess</span> <span class="na">version</span><span class="pi">:</span> <span class="s2">"</span><span class="s">1.0"</span> <span class="na">specVersion</span><span class="pi">:</span> <span class="s2">"</span><span class="s">0.7"</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Chance of Success Workflow</span> <span class="na">description</span><span class="pi">:</span> <span class="s">Try your chance of success. Retry if failed.</span> <span class="na">start</span><span class="pi">:</span> <span class="s">TakeAChance</span> <span class="na">functions</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">chanceFunction</span> <span class="na">operation</span><span class="pi">:</span> <span class="s">mocobaas://chance-of-success#chance</span> <span class="na">retries</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">chanceRetryStrategy</span> <span class="na">delay</span><span class="pi">:</span> <span class="s">PT10S</span> <span class="na">maxAttempts</span><span class="pi">:</span> <span class="m">3</span> <span class="na">states</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">TakeAChance</span> <span class="na">type</span><span class="pi">:</span> <span class="s">operation</span> <span class="na">actions</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">functionRef</span><span class="pi">:</span> <span class="s">chanceFunction</span> <span class="na">retryRef</span><span class="pi">:</span> <span class="s">chanceRetryStrategy</span> <span class="na">end</span><span class="pi">:</span> <span class="kc">true</span> </code></pre> </div> <p>With that retry definition, the runtime will perform this mechanism:</p> <ul> <li>The maximum attempts is 3 times.</li> <li>There is 10 second delay between retries.</li> <li>If we get data before maxAttempts, there will be no more retries.</li> <li>If maxAttempts is reached, there will be no more retries, regardless of the result.</li> </ul> <p>Before we can use the delay duration, it needs to be parsed. For example, I use <a href="https://github.com/sosodev/duration" rel="noopener noreferrer">sosodev/duration</a> and it works well.</p> <h2> Diagram visualization </h2> <p>Generating a diagram visualization from the workflow definition is really helpful, especially when you have complex workflows.<br> One way is that you can use the <a href="https://serverlessworkflow.io/editor.html" rel="noopener noreferrer">Web Editor in the official website</a>. It can generate diagram from JSON or YAML, but the linter in the text editor will always expect JSON.</p> <p>For VS Code users, there's an <a href="https://marketplace.visualstudio.com/items?itemName=serverlessworkflow.serverless-workflow-vscode-extension" rel="noopener noreferrer">official extension</a>, But as of this writing, it is outdated, only supports spec v0.6.<br> A better alternative is to use an <a href="https://marketplace.visualstudio.com/items?itemName=redhat.vscode-extension-serverless-workflow-editor" rel="noopener noreferrer">extension from Red Hat</a>. It supports spec v0.8. It also works well with spec v0.7. The only requirement is you must name the definition files to <code>*.sw.json</code>, <code>*.sw.yaml</code> or <code>*.sw.yml</code>.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Frcleq66k8j81cv2bexhw.gif" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Frcleq66k8j81cv2bexhw.gif" alt="VS Code extension by Red Hat" width="480" height="306"></a></p> <p>Caveat:<br> Looks like those tools use the same generator, as they produce the same diagram visualization. I noticed that they can only visualize the flow, but don't include other details, such as functions or retries.</p> <h2> Closing Thoughts </h2> <p>Workflow is quite a huge feature. And as you can see, Serverless Workflow offers a great flexibility between standard and customization. But if you need more training wheels in using a workflow system, there may be better solutions out there.</p> <p>We haven't implemented most of the Serverless Workflow features yet.<br> For example, the workflow expressions I mentioned above. Using a library like <a href="https://github.com/itchyny/gojq" rel="noopener noreferrer">itchyny/gojq</a> looks promising, although I haven't tried it.<br> But at least this little effort is enough for a minimal functioning system.</p> <p>Well, hope you enjoyed this article and found it useful ๐Ÿ˜‰</p> architecture workflow go node Sistem Yang Aman Dan Berkualitas Yogi khoirul Anwar Wed, 20 Jul 2022 04:11:09 +0000 https://dev.to/hash-id/sistem-yang-aman-dan-berkualitas-5cf2 https://dev.to/hash-id/sistem-yang-aman-dan-berkualitas-5cf2 <p>Sistem adalah suatu kumpulan atau himpunan dari suatu unsur, komponen, atau variabel yang terorganisasi, saling berinteraksi, saling tergantung satu sama lain dan terpaduโ€ Menurut Sutabri (2012:3). Sebuah sistem banyak digunakan oleh perusahaan-perusahaan di Indonesia maupun dunia mulai dari perusahaan kecil hingga perusahaan raksasa. Namun sebuah sistem yang dimiliki tiap perusahaan memiliki keamanan dan kualitas yang berbeda-beda. Hal tersebut dipengaruhi oleh dana yang dianggarkan oleh perusahaan untuk mendanai keamanan dan kualitas dari sistem mereka. Semakin tinggi dana yang dianggarkan,maka sistem akan semakin berkualitas. Namun dari segi keamanan belum tentu sebuah sistem benar-benar aman. Banyak hacker-hacker handal yang sangat<br> mudahnya membajak sebuah situs yang dikenal sangat aman, seperti yang dikutip dari <a href="https://www.cnnindonesia.com/nasional/20210223131459-20-609784/hendropriyonousul-tni-rekrut-remaja-ri-pembobol-situs-nasa.%E2%80%9C"></a> yaitu bocah berusia 16 tahun asal Tangerang bernama Putera Adji Adhari yang sempat membobol situs keamanan NASA. Diketahui, Putera memiliki keterampilan di bidang komputerisasi secara otodidak. Ia terampil mencari kelemahan sistem dari suatu instansi, lalu menginformasikannya ke instansi terkait agar dapat memperbaikinya. </p> <p>Dilansir dari <a href="https://antariksa.republika.co.id/posts/72049/anggaran-nasa-tahun2022-rp-354-triliun-apa-saja-programnya-"></a> , DPR dan Senat Amerika Serikat telah menyelesaikan rancangan anggaran pengeluaran omnibus untuk tahun fiskal 2022. Mereka akan memberi NASA anggaran sebesar 24 miliar dan 760 juta dolar AS di bawah anggaran pemerintah. Jika dirupiahkan, anggaran Badan Antariksa Amerika itu untuk tahun ini sebesar Rp 354 triliun . </p> <p>Dalam berita tersebut, dapat diketahui setinggi apapun dana yang dikeluarkan untuk mengamankan sebuah sistem, tidak akan pernah ada sistem yang 100 persen aman kecuali sistem tersebut digunakan secara offline. </p> systems security [ID] Otentikasi Skema Hybrid: JWT + userinfo Muhammad Yahya Muhaimin Mon, 23 May 2022 01:32:02 +0000 https://dev.to/hash-id/id-otentikasi-skema-hybrid-jwt-userinfo-5aba https://dev.to/hash-id/id-otentikasi-skema-hybrid-jwt-userinfo-5aba <p>Sebagai pengembang backend, barangkali Anda pernah membangun sendiri sistem otentikasi untuk aplikasi yang Anda buat. Jika Anda mengelola session, misalnya dengan memanfaatkan database, maka itu disebut stateful.<br> Kebalikan dari stateful adalah stateless. Beberapa standar otentikasi stateless yang umum di antaranya JWT dan SAML.<sup>[1]</sup></p> <p>Di artikel ini kita akan mengupas bagaimana JWT digunakan dan mengapa kita tidak bisa mengandalkan dia seutuhnya.</p> <p>Aplikasi demo yang akan kita buat berbasis framework <a href="https://gofiber.io" rel="noopener noreferrer">Fiber</a>.<br> Jika Anda punya preferensi lain, secara prinsip soal JWT dan otentikasi skema hybrid ini harusnya sama.</p> <h2> Development Tools </h2> <ul> <li><a href="https://go.dev/dl/" rel="noopener noreferrer">Go</a></li> <li> <a href="https://code.visualstudio.com/" rel="noopener noreferrer">Visual Studio Code</a> + <a href="https://marketplace.visualstudio.com/items?itemName=golang.Go" rel="noopener noreferrer">ekstensi Go</a> </li> <li><a href="https://www.postman.com/downloads/" rel="noopener noreferrer">Postman</a></li> </ul> <h2> Cara Kerja JWT </h2> <p>JWT (dibaca "jot") merupakan sebuah standar internet untuk pertukaran informasi, dituangkan dalam dokumen <a href="https://datatracker.ietf.org/doc/html/rfc7519" rel="noopener noreferrer">RFC 7519</a>.<br> JSON Web Token, sesuai namanya, dia membawa payload dalam bentuk objek JSON. Setiap properti di dalamnya disebut dengan <strong>claim</strong>.</p> <p>Langsung saja kita mulai dengan membuat sebuah folder, misalnya dengan nama <code>how-to-hybrid-auth</code>. Kemudian masuk ke folder tersebut, buka terminal dan ketik:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>go mod init how-to-hybrid-auth </code></pre> </div> <p>Maka akan muncul file <code>go.mod</code>.<br> File ini bersama dengan file <code>go.sum</code> nantinya digunakan untuk mencatat berbagai dependency project. Kecuali project yang zero dependency, hanya membutuhkan standard packages, maka hanya akan ada file <code>go.mod</code>, tanpa file <code>go.sum</code>.</p> <p>Di tutorial ini struktur projectnya seperti ini:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>. โ”œโ”€โ”€ go.mod โ”œโ”€โ”€ go.sum โ”œโ”€โ”€ main.go โ””โ”€โ”€ pkg โ”œโ”€โ”€ authenticate โ”‚ โ””โ”€โ”€ handler.go โ”œโ”€โ”€ getaccess โ”‚ โ””โ”€โ”€ handler.go โ”œโ”€โ”€ getprofile โ”‚ โ””โ”€โ”€ handler.go โ”œโ”€โ”€ jwt โ”‚ โ””โ”€โ”€ jwt.go โ””โ”€โ”€ store โ”œโ”€โ”€ seeder.go โ””โ”€โ”€ store.go </code></pre> </div> <h3> 1. Data contoh: users </h3> <p>Misalnya ada data profil pengguna sebagai dasar untuk mengidentifikasi pengguna aplikasi. Di sini kita simpan datanya dalam file JSON.</p> <p>Isi file <code>pkg/store/store.go</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">store</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"encoding/json"</span> <span class="s">"os"</span> <span class="p">)</span> <span class="k">type</span> <span class="p">(</span> <span class="n">Item</span> <span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="k">interface</span><span class="p">{}</span> <span class="n">Data</span> <span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="n">Item</span> <span class="p">)</span> <span class="k">func</span> <span class="n">Get</span><span class="p">(</span><span class="n">storeName</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="n">Data</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="c">// Read file content.</span> <span class="n">content</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">os</span><span class="o">.</span><span class="n">ReadFile</span><span class="p">(</span><span class="n">storeName</span> <span class="o">+</span> <span class="s">".json"</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="c">// Parse it.</span> <span class="k">var</span> <span class="n">data</span> <span class="n">Data</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">json</span><span class="o">.</span><span class="n">Unmarshal</span><span class="p">(</span><span class="n">content</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">data</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="k">return</span> <span class="n">data</span><span class="p">,</span> <span class="no">nil</span> <span class="p">}</span> <span class="k">func</span> <span class="n">Set</span><span class="p">(</span><span class="n">storeName</span> <span class="kt">string</span><span class="p">,</span> <span class="n">data</span> <span class="n">Data</span><span class="p">,</span> <span class="n">overwrite</span> <span class="kt">bool</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="c">// Serialize the data.</span> <span class="n">out</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">json</span><span class="o">.</span><span class="n">MarshalIndent</span><span class="p">(</span><span class="n">data</span><span class="p">,</span> <span class="s">""</span><span class="p">,</span> <span class="s">" "</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="k">if</span> <span class="n">overwrite</span> <span class="p">{</span> <span class="c">// Write file (overwrite existing file).</span> <span class="k">return</span> <span class="n">os</span><span class="o">.</span><span class="n">WriteFile</span><span class="p">(</span><span class="n">storeName</span><span class="o">+</span><span class="s">".json"</span><span class="p">,</span> <span class="n">out</span><span class="p">,</span> <span class="n">os</span><span class="o">.</span><span class="n">ModePerm</span><span class="p">)</span> <span class="p">}</span> <span class="c">// Check if file doesn't exist.</span> <span class="k">if</span> <span class="n">_</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">os</span><span class="o">.</span><span class="n">Stat</span><span class="p">(</span><span class="n">storeName</span> <span class="o">+</span> <span class="s">".json"</span><span class="p">);</span> <span class="n">errors</span><span class="o">.</span><span class="n">Is</span><span class="p">(</span><span class="n">err</span><span class="p">,</span> <span class="n">os</span><span class="o">.</span><span class="n">ErrNotExist</span><span class="p">)</span> <span class="p">{</span> <span class="c">// Write file.</span> <span class="k">return</span> <span class="n">os</span><span class="o">.</span><span class="n">WriteFile</span><span class="p">(</span><span class="n">storeName</span><span class="o">+</span><span class="s">".json"</span><span class="p">,</span> <span class="n">out</span><span class="p">,</span> <span class="n">os</span><span class="o">.</span><span class="n">ModePerm</span><span class="p">)</span> <span class="p">}</span> <span class="k">return</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <p>Fungsi <code>Set</code> untuk memformat data menjadi JSON dan menulisnya ke file, sedangkan fungsi <code>Get</code> untuk membaca file JSON dan mengonversinya menjadi data.</p> <p>Dan isi file <code>pkg/store/seeder.go</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">store</span> <span class="k">func</span> <span class="n">Seed</span><span class="p">()</span> <span class="kt">error</span> <span class="p">{</span> <span class="n">users</span> <span class="o">:=</span> <span class="n">Data</span><span class="p">{</span> <span class="s">"rI3sMqctRUv9Cv9CdvJIV"</span><span class="o">:</span> <span class="n">Item</span><span class="p">{</span> <span class="s">"name"</span><span class="o">:</span> <span class="s">"Agni"</span><span class="p">,</span> <span class="s">"role"</span><span class="o">:</span> <span class="s">"Owner"</span><span class="p">,</span> <span class="p">},</span> <span class="s">"ELjvSoCYudoMnlEYlhCjP"</span><span class="o">:</span> <span class="n">Item</span><span class="p">{</span> <span class="s">"name"</span><span class="o">:</span> <span class="s">"Bisma"</span><span class="p">,</span> <span class="s">"role"</span><span class="o">:</span> <span class="s">"Maintainer"</span><span class="p">,</span> <span class="p">},</span> <span class="s">"5hkcRZcrOWTxaeFhq3EdD"</span><span class="o">:</span> <span class="n">Item</span><span class="p">{</span> <span class="s">"name"</span><span class="o">:</span> <span class="s">"Catur"</span><span class="p">,</span> <span class="s">"role"</span><span class="o">:</span> <span class="s">"Developer"</span><span class="p">,</span> <span class="p">},</span> <span class="p">}</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">Set</span><span class="p">(</span><span class="s">"users"</span><span class="p">,</span> <span class="n">users</span><span class="p">,</span> <span class="no">false</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="k">return</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <p>Fungsi <code>Seed</code> akan membuatkan data awal jika belum ada.</p> <p>Sekarang gunakan fungsi tersebut di entry point aplikasi, yaitu file <code>main.go</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">main</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"how-to-hybrid-auth/pkg/store"</span> <span class="p">)</span> <span class="k">func</span> <span class="n">main</span><span class="p">()</span> <span class="p">{</span> <span class="c">// Seed some data.</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">store</span><span class="o">.</span><span class="n">Seed</span><span class="p">();</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="nb">panic</span><span class="p">(</span><span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Jika kita jalankan aplikasi dengan perintah:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>go run main.go </code></pre> </div> <p>Maka akan muncul file <code>users.json</code>, yang berisi data awal seperti definisi di atas.</p> <h3> 2. Membuat Access Token </h3> <p>Di sini kita mulai menggunakan Fiber, diawali dengan sebuah endpoint API untuk membuat Access Token.</p> <p>Ubah file <code>main.go</code> seperti berikut:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">main</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"log"</span> <span class="s">"github.com/gofiber/fiber/v2"</span> <span class="s">"how-to-hybrid-auth/pkg/getaccess"</span> <span class="s">"how-to-hybrid-auth/pkg/store"</span> <span class="p">)</span> <span class="k">func</span> <span class="n">main</span><span class="p">()</span> <span class="p">{</span> <span class="c">// Seed some data.</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">store</span><span class="o">.</span><span class="n">Seed</span><span class="p">();</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="nb">panic</span><span class="p">(</span><span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="c">// Create Fiber app.</span> <span class="n">app</span> <span class="o">:=</span> <span class="n">fiber</span><span class="o">.</span><span class="n">New</span><span class="p">()</span> <span class="c">// External endpoints.</span> <span class="n">app</span><span class="o">.</span><span class="n">Post</span><span class="p">(</span><span class="s">"/get-access"</span><span class="p">,</span> <span class="n">getaccess</span><span class="o">.</span><span class="n">Handle</span><span class="p">)</span> <span class="n">log</span><span class="o">.</span><span class="n">Fatal</span><span class="p">(</span><span class="n">app</span><span class="o">.</span><span class="n">Listen</span><span class="p">(</span><span class="s">":3000"</span><span class="p">))</span> <span class="p">}</span> </code></pre> </div> <p>Untuk memfungsikan endpoint tersebut, pertama siapkan satu fungsi khusus untuk membuat token JWT di file <code>pkg/jwt/jwt.go</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">jwtutil</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"time"</span> <span class="s">"github.com/golang-jwt/jwt/v4"</span> <span class="p">)</span> <span class="k">const</span> <span class="p">(</span> <span class="n">SigMethod</span> <span class="o">=</span> <span class="s">"HS256"</span> <span class="n">SigKey</span> <span class="o">=</span> <span class="s">"2022terceS"</span> <span class="n">Issuer</span> <span class="o">=</span> <span class="s">"localhost"</span> <span class="n">Audience</span> <span class="o">=</span> <span class="s">"localhost"</span> <span class="p">)</span> <span class="c">// Sign creates a token from the specified claims.</span> <span class="k">func</span> <span class="n">Sign</span><span class="p">(</span><span class="n">claims</span> <span class="n">jwt</span><span class="o">.</span><span class="n">MapClaims</span><span class="p">,</span> <span class="n">expiresIn</span> <span class="n">time</span><span class="o">.</span><span class="n">Duration</span><span class="p">)</span> <span class="kt">string</span> <span class="p">{</span> <span class="n">claims</span><span class="p">[</span><span class="s">"iss"</span><span class="p">]</span> <span class="o">=</span> <span class="n">Issuer</span> <span class="n">claims</span><span class="p">[</span><span class="s">"aud"</span><span class="p">]</span> <span class="o">=</span> <span class="n">Audience</span> <span class="n">now</span> <span class="o">:=</span> <span class="n">time</span><span class="o">.</span><span class="n">Now</span><span class="p">()</span> <span class="n">claims</span><span class="p">[</span><span class="s">"iat"</span><span class="p">]</span> <span class="o">=</span> <span class="n">now</span><span class="o">.</span><span class="n">Unix</span><span class="p">()</span> <span class="n">claims</span><span class="p">[</span><span class="s">"exp"</span><span class="p">]</span> <span class="o">=</span> <span class="n">now</span><span class="o">.</span><span class="n">Add</span><span class="p">(</span><span class="n">expiresIn</span><span class="p">)</span><span class="o">.</span><span class="n">Unix</span><span class="p">()</span> <span class="n">token</span> <span class="o">:=</span> <span class="n">jwt</span><span class="o">.</span><span class="n">NewWithClaims</span><span class="p">(</span><span class="n">jwt</span><span class="o">.</span><span class="n">GetSigningMethod</span><span class="p">(</span><span class="n">SigMethod</span><span class="p">),</span> <span class="n">claims</span><span class="p">)</span> <span class="n">out</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="n">token</span><span class="o">.</span><span class="n">SignedString</span><span class="p">([]</span><span class="kt">byte</span><span class="p">(</span><span class="n">SigKey</span><span class="p">))</span> <span class="k">return</span> <span class="n">out</span> <span class="p">}</span> </code></pre> </div> <p>Di sini kita menggunakan signing method yang mudah dulu, yaitu <strong>HS256</strong>, di mana signing key yang digunakan sifatnya <strong>simetris</strong>: Key yang digunakan <em>sama persis</em> untuk signing dan verifikasi JWT.<sup>[2]</sup></p> <p>Issuer = Pihak yang menerbitkan JWT. Audience = Pihak yang menggunakan JWT.<br> Jika dibuat sama, bisa bermaksud bahwa JWT diterbitkan dan digunakan sendiri. Meskipun itu bukan berarti JWT tersebut tidak akan berpindah tangan.<br> Setidaknya antara aplikasi server dan aplikasi client sudah termasuk dua pihak yang berbeda. JWT diterbitkan oleh server, kemudian "dipinjamkan" ke client, tetapi hanya server yang berhak untuk memverifikasinya.</p> <p>Setelah itu buat fungsi handler yang dipasangkan ke endpoint <code>/get-access</code> itu tadi, yaitu di file <code>pkg/getaccess/handler.go</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">getaccess</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"github.com/gofiber/fiber/v2"</span> <span class="s">"github.com/golang-jwt/jwt/v4"</span> <span class="n">jwtutil</span> <span class="s">"how-to-hybrid-auth/pkg/jwt"</span> <span class="s">"how-to-hybrid-auth/pkg/store"</span> <span class="p">)</span> <span class="k">type</span> <span class="p">(</span> <span class="n">findUser</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">ID</span> <span class="kt">string</span> <span class="s">`form:"id"`</span> <span class="p">}</span> <span class="n">accessResponse</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">AccessToken</span> <span class="kt">string</span> <span class="s">`json:"access_token"`</span> <span class="p">}</span> <span class="p">)</span> <span class="k">func</span> <span class="n">Handle</span><span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">fiber</span><span class="o">.</span><span class="n">Ctx</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="c">// Find user by ID.</span> <span class="n">fUser</span> <span class="o">:=</span> <span class="nb">new</span><span class="p">(</span><span class="n">findUser</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">c</span><span class="o">.</span><span class="n">BodyParser</span><span class="p">(</span><span class="n">fUser</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="n">users</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">store</span><span class="o">.</span><span class="n">Get</span><span class="p">(</span><span class="s">"users"</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="n">user</span><span class="p">,</span> <span class="n">ok</span> <span class="o">:=</span> <span class="n">users</span><span class="p">[</span><span class="n">fUser</span><span class="o">.</span><span class="n">ID</span><span class="p">]</span> <span class="k">if</span> <span class="o">!</span><span class="n">ok</span> <span class="p">{</span> <span class="k">return</span> <span class="n">c</span><span class="o">.</span><span class="n">SendStatus</span><span class="p">(</span><span class="n">fiber</span><span class="o">.</span><span class="n">StatusNotFound</span><span class="p">)</span> <span class="p">}</span> <span class="c">// Generate access token.</span> <span class="n">accessClaims</span> <span class="o">:=</span> <span class="n">jwt</span><span class="o">.</span><span class="n">MapClaims</span><span class="p">{</span> <span class="s">"sub"</span><span class="o">:</span> <span class="n">fUser</span><span class="o">.</span><span class="n">ID</span><span class="p">,</span> <span class="p">}</span> <span class="k">for</span> <span class="n">k</span><span class="p">,</span> <span class="n">v</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">user</span> <span class="p">{</span> <span class="n">accessClaims</span><span class="p">[</span><span class="n">k</span><span class="p">]</span> <span class="o">=</span> <span class="n">v</span> <span class="p">}</span> <span class="n">accessToken</span> <span class="o">:=</span> <span class="n">jwtutil</span><span class="o">.</span><span class="n">Sign</span><span class="p">(</span><span class="n">accessClaims</span><span class="p">,</span> <span class="m">5</span><span class="o">*</span><span class="n">time</span><span class="o">.</span><span class="n">Minute</span><span class="p">)</span> <span class="k">return</span> <span class="n">c</span><span class="o">.</span><span class="n">JSON</span><span class="p">(</span><span class="n">accessResponse</span><span class="p">{</span><span class="n">accessToken</span><span class="p">})</span> <span class="p">}</span> </code></pre> </div> <p>Fungsi <code>getaccess.Handle</code> akan mencari user berdasarkan ID. Jika ada, maka ambil semua informasi dari user tersebut menjadi claim-claim JWT, kemudian operkan ke fungsi <code>jwtutil.Sign</code> untuk digabungkan dengan beberapa claim khusus.<br> Untuk demo ini, expiresIn (masa berlaku JWT) kita buat 5 menit saja, yang kira-kira cukup untuk melihat perubahan dari valid menjadi expired.<br> Terakhir dilakukan signing, sehingga menghasilkan token JWT.</p> <p>Karena sampai di bagian ini kita sudah menggunakan beberapa dependency ekstra (3rd party packages), antara lain <code>gofiber/fiber/v2</code> dan <code>golang-jwt/jwt/v4</code>, maka kita perlu panggil perintah berikut:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>go mod tidy </code></pre> </div> <p>Dengan begitu semua dependency tersebut menjadi tersedia untuk project ini.</p> <p>Sekarang jalankan lagi aplikasi:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>go run main.go </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxtzfzt3y9ajankgb958v.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxtzfzt3y9ajankgb958v.png" alt="Fiber startup message" width="334" height="128"></a></p> <p>Itu menunjukkan bahwa aplikasi ini berjalan dengan Fiber, berupa server HTTP di port 3000.</p> <p>Kita coba panggil endpoint yang dibuat tadi.<br> Tambahkan satu request di Postman seperti berikut:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Feqouc19wz1kyz7ptyej9.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Feqouc19wz1kyz7ptyej9.png" alt="Postman - POST /get-access" width="751" height="364"></a></p> <ul> <li>Method: POST</li> <li>URL: <a href="http://localhost:3000/get-access" rel="noopener noreferrer">http://localhost:3000/get-access</a> </li> <li>Body: x-www-form-urlencoded <ul> <li>id: { salah satu ID user }</li> </ul> </li> </ul> <p>Setelah klik Send, maka akan dapat jawaban seperti berikut:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"access_token"</span><span class="p">:</span><span class="w"> </span><span class="s2">"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJsb2NhbGhvc3QiLCJleHAiOjE2NTI5NzA2MzYsImlhdCI6MTY1Mjk3MDMzNiwiaXNzIjoibG9jYWxob3N0IiwibmFtZSI6IkNhdHVyIiwicm9sZSI6IkRldmVsb3BlciIsInN1YiI6IjVoa2NSWmNyT1dUeGFlRmhxM0VkRCJ9.Qo70QaMH0NVo11i8u1uXgJssor1iAtGruXPiWG2PGF0"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h3> 3. Bedah Singkat Token JWT </h3> <p>Coba salin jawaban <code>access_token</code> di atas, atau yang Anda tes sendiri, ke website <a href="https://jwt.io" rel="noopener noreferrer">jwt.io</a>.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxw4dzbvpi5t1q41aoe0b.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxw4dzbvpi5t1q41aoe0b.png" alt="Copas token JWT ke jwt.io" width="800" height="482"></a></p> <p>Di situ kita bisa mengintip isi dari token, ada tiga bagian: Header, Payload dan Signature.</p> <ul> <li>Bagian Header tidak saya jelaskan.</li> <li>Bagian Payload berisi semua claim yang sudah disiapkan sebelumnya.</li> <li>Bagian Signature digunakan untuk verifikasi. Bisa coba salin signing key yang didefinisikan di source code: "2022terceS".</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcnanaqctbarttgmd4syk.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcnanaqctbarttgmd4syk.png" alt="Signature Verified di jwt.io" width="800" height="277"></a></p> <p>Sekarang status di pojok kiri-bawah menjadi "Signature Verified".</p> <p>Nah, token yang bisa di-parse sebelum diverifikasi seperti itu berarti dia termasuk jenis <strong>JWS</strong> (<strong>J</strong>SON <strong>W</strong>eb <strong>S</strong>ignature).<br> Jenis lainnya adalah <strong>JWE</strong> (<strong>J</strong>SON <strong>W</strong>eb <strong>E</strong>ncryption), yang isinya terenkripsi dan membutuhkan sebuah secret key untuk membukanya.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fr7dpi5knbn3yr9mf3jbx.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fr7dpi5knbn3yr9mf3jbx.png" alt="JWT berjenis JWS atau JWE" width="800" height="688"></a></p> <p>Jadi sebuah token JWT pasti berbentuk salah satu dari dua jenis tersebut.<br> Yang biasanya digunakan adalah JWS, berisi tiga bagian yang disebutkan di atas. Sedangkan JWE berisi lima bagian, dan salah satu metode enkripsinya adalah AES256-GCM.<sup>[3]</sup><sup>[4]</sup></p> <h3> 4. JWT Middleware (Parse + Verifikasi) </h3> <p>Middleware untuk JWT termasuk <a href="https://github.com/gofiber/fiber#-external-middleware" rel="noopener noreferrer">salah satu</a> yang dibuat oleh para maintainer Fiber, jadi kita tinggal memanfaatkannya saja.</p> <p>Isi file <code>pkg/authenticate/handler.go</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">authenticate</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"github.com/gofiber/fiber/v2"</span> <span class="n">jwtware</span> <span class="s">"github.com/gofiber/jwt/v3"</span> <span class="n">jwtutil</span> <span class="s">"how-to-hybrid-auth/pkg/jwt"</span> <span class="p">)</span> <span class="k">func</span> <span class="n">New</span><span class="p">()</span> <span class="n">fiber</span><span class="o">.</span><span class="n">Handler</span> <span class="p">{</span> <span class="k">return</span> <span class="n">jwtware</span><span class="o">.</span><span class="n">New</span><span class="p">(</span><span class="n">jwtware</span><span class="o">.</span><span class="n">Config</span><span class="p">{</span> <span class="n">SigningMethod</span><span class="o">:</span> <span class="n">jwtutil</span><span class="o">.</span><span class="n">SigMethod</span><span class="p">,</span> <span class="n">SigningKey</span><span class="o">:</span> <span class="p">[]</span><span class="kt">byte</span><span class="p">(</span><span class="n">jwtutil</span><span class="o">.</span><span class="n">SigKey</span><span class="p">),</span> <span class="n">ContextKey</span><span class="o">:</span> <span class="s">"auth"</span><span class="p">,</span> <span class="p">})</span> <span class="p">}</span> </code></pre> </div> <p>Supaya project mengenali dependency yang baru ditambahkan, panggil lagi perintah berikut:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>go mod tidy </code></pre> </div> <p>Signing method dan signing key yang digunakan adalah yang ditetapkan di file <code>pkg/jwt/jwt.go</code>.<br> Dengan konfigurasi minimal seperti di atas, maka otomatis dilakukan verifikasi:</p> <ul> <li>Signature.</li> <li>Expiration.</li> </ul> <p>Jika butuh memverifikasi hal lain, misalnya Audience, maka harus ditulis secara custom:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">authenticate</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"fmt"</span> <span class="s">"github.com/gofiber/fiber/v2"</span> <span class="n">jwtware</span> <span class="s">"github.com/gofiber/jwt/v3"</span> <span class="s">"github.com/golang-jwt/jwt/v4"</span> <span class="n">jwtutil</span> <span class="s">"how-to-hybrid-auth/pkg/jwt"</span> <span class="p">)</span> <span class="k">func</span> <span class="n">New</span><span class="p">()</span> <span class="n">fiber</span><span class="o">.</span><span class="n">Handler</span> <span class="p">{</span> <span class="k">return</span> <span class="n">jwtware</span><span class="o">.</span><span class="n">New</span><span class="p">(</span><span class="n">jwtware</span><span class="o">.</span><span class="n">Config</span><span class="p">{</span> <span class="n">SigningMethod</span><span class="o">:</span> <span class="n">jwtutil</span><span class="o">.</span><span class="n">SigMethod</span><span class="p">,</span> <span class="n">SigningKey</span><span class="o">:</span> <span class="p">[]</span><span class="kt">byte</span><span class="p">(</span><span class="n">jwtutil</span><span class="o">.</span><span class="n">SigKey</span><span class="p">),</span> <span class="n">ContextKey</span><span class="o">:</span> <span class="s">"auth"</span><span class="p">,</span> <span class="n">SuccessHandler</span><span class="o">:</span> <span class="k">func</span><span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">fiber</span><span class="o">.</span><span class="n">Ctx</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="n">auth</span> <span class="o">:=</span> <span class="n">c</span><span class="o">.</span><span class="n">Locals</span><span class="p">(</span><span class="s">"auth"</span><span class="p">)</span><span class="o">.</span><span class="p">(</span><span class="o">*</span><span class="n">jwt</span><span class="o">.</span><span class="n">Token</span><span class="p">)</span> <span class="n">claims</span> <span class="o">:=</span> <span class="n">auth</span><span class="o">.</span><span class="n">Claims</span><span class="o">.</span><span class="p">(</span><span class="n">jwt</span><span class="o">.</span><span class="n">MapClaims</span><span class="p">)</span> <span class="c">// Verify audience.</span> <span class="k">if</span> <span class="o">!</span><span class="n">claims</span><span class="o">.</span><span class="n">VerifyAudience</span><span class="p">(</span><span class="n">jwtutil</span><span class="o">.</span><span class="n">Audience</span><span class="p">,</span> <span class="no">true</span><span class="p">)</span> <span class="p">{</span> <span class="n">msg</span> <span class="o">:=</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"Invalid JWT audience. Expected: %s"</span><span class="p">,</span> <span class="n">jwtutil</span><span class="o">.</span><span class="n">Audience</span><span class="p">)</span> <span class="k">return</span> <span class="n">c</span><span class="o">.</span><span class="n">Status</span><span class="p">(</span><span class="n">fiber</span><span class="o">.</span><span class="n">StatusUnauthorized</span><span class="p">)</span><span class="o">.</span><span class="n">SendString</span><span class="p">(</span><span class="n">msg</span><span class="p">)</span> <span class="p">}</span> <span class="k">return</span> <span class="n">c</span><span class="o">.</span><span class="n">Next</span><span class="p">()</span> <span class="p">},</span> <span class="p">})</span> <span class="p">}</span> </code></pre> </div> <p>Middleware ini belum bisa digunakan jika belum ada endpoint yang dituju. Jadi kita langsung beranjak ke poin berikutnya.</p> <h3> 5. Meminta Data Profil Pengguna </h3> <p>Buat fungsi handler di file <code>pkg/getprofile/handler.go</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">getprofile</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"github.com/gofiber/fiber/v2"</span> <span class="s">"github.com/golang-jwt/jwt/v4"</span> <span class="p">)</span> <span class="k">var</span> <span class="n">reservedClaims</span> <span class="o">=</span> <span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="k">struct</span><span class="p">{}{</span> <span class="s">"iss"</span><span class="o">:</span> <span class="p">{},</span> <span class="s">"aud"</span><span class="o">:</span> <span class="p">{},</span> <span class="s">"exp"</span><span class="o">:</span> <span class="p">{},</span> <span class="s">"nbf"</span><span class="o">:</span> <span class="p">{},</span> <span class="s">"iat"</span><span class="o">:</span> <span class="p">{},</span> <span class="s">"sub"</span><span class="o">:</span> <span class="p">{},</span> <span class="s">"jti"</span><span class="o">:</span> <span class="p">{},</span> <span class="p">}</span> <span class="k">func</span> <span class="n">Handle</span><span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">fiber</span><span class="o">.</span><span class="n">Ctx</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="n">auth</span> <span class="o">:=</span> <span class="n">c</span><span class="o">.</span><span class="n">Locals</span><span class="p">(</span><span class="s">"auth"</span><span class="p">)</span><span class="o">.</span><span class="p">(</span><span class="o">*</span><span class="n">jwt</span><span class="o">.</span><span class="n">Token</span><span class="p">)</span> <span class="n">claims</span> <span class="o">:=</span> <span class="n">auth</span><span class="o">.</span><span class="n">Claims</span><span class="o">.</span><span class="p">(</span><span class="n">jwt</span><span class="o">.</span><span class="n">MapClaims</span><span class="p">)</span> <span class="c">// Extract profile from JWT claims.</span> <span class="n">profile</span> <span class="o">:=</span> <span class="n">claims</span> <span class="k">for</span> <span class="n">k</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">reservedClaims</span> <span class="p">{</span> <span class="nb">delete</span><span class="p">(</span><span class="n">profile</span><span class="p">,</span> <span class="n">k</span><span class="p">)</span> <span class="p">}</span> <span class="k">return</span> <span class="n">c</span><span class="o">.</span><span class="n">JSON</span><span class="p">(</span><span class="n">profile</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>Profil pengguna diekstrak dari claim-claim JWT, dengan mengeliminasi tujuh claim khusus (jika ada) yang disebut dengan <strong>reserved claims</strong>.<sup>[5]</sup></p> <p>Dan ubah file <code>main.go</code> seperti berikut:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">main</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"log"</span> <span class="s">"github.com/gofiber/fiber/v2"</span> <span class="s">"how-to-hybrid-auth/pkg/authenticate"</span> <span class="s">"how-to-hybrid-auth/pkg/getaccess"</span> <span class="s">"how-to-hybrid-auth/pkg/getprofile"</span> <span class="s">"how-to-hybrid-auth/pkg/store"</span> <span class="p">)</span> <span class="k">func</span> <span class="n">main</span><span class="p">()</span> <span class="p">{</span> <span class="c">// Seed some data.</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">store</span><span class="o">.</span><span class="n">Seed</span><span class="p">();</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="nb">panic</span><span class="p">(</span><span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="c">// Create Fiber app.</span> <span class="n">app</span> <span class="o">:=</span> <span class="n">fiber</span><span class="o">.</span><span class="n">New</span><span class="p">()</span> <span class="c">// External endpoints.</span> <span class="n">app</span><span class="o">.</span><span class="n">Post</span><span class="p">(</span><span class="s">"/get-access"</span><span class="p">,</span> <span class="n">getaccess</span><span class="o">.</span><span class="n">Handle</span><span class="p">)</span> <span class="c">// JWT middleware.</span> <span class="n">app</span><span class="o">.</span><span class="n">Use</span><span class="p">(</span><span class="n">authenticate</span><span class="o">.</span><span class="n">New</span><span class="p">())</span> <span class="c">// Internal endpoints.</span> <span class="n">app</span><span class="o">.</span><span class="n">Post</span><span class="p">(</span><span class="s">"/get-profile"</span><span class="p">,</span> <span class="n">getprofile</span><span class="o">.</span><span class="n">Handle</span><span class="p">)</span> <span class="n">log</span><span class="o">.</span><span class="n">Fatal</span><span class="p">(</span><span class="n">app</span><span class="o">.</span><span class="n">Listen</span><span class="p">(</span><span class="s">":3000"</span><span class="p">))</span> <span class="p">}</span> </code></pre> </div> <p>Jadi umumnya JWT middleware itu ditempatkan setelah endpoint-endpoint eksternal dan sebelum endpoint-endpoint internal.</p> <p>Jalankan lagi aplikasi:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>go run main.go </code></pre> </div> <p>Kemudian ke Postman dan tambahkan satu request lagi:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2a4p2t3dh1hgnszz15mc.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2a4p2t3dh1hgnszz15mc.png" alt="Postman - POST /get-profile" width="800" height="335"></a></p> <ul> <li>Method: POST</li> <li>URL: <a href="http://localhost:3000/get-profile" rel="noopener noreferrer">http://localhost:3000/get-profile</a> </li> <li>Body: none</li> <li>Authorization: Bearer Token</li> </ul> <p>Isikan Access Token ke kolom yang tersedia.</p> <p>Jika token tidak valid atau sudah expired, maka akan dapat jawaban "Invalid or expired JWT".</p> <p>Sedangkan jika valid, maka akan dapat jawaban seperti berikut:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Catur"</span><span class="p">,</span><span class="w"> </span><span class="nl">"role"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Developer"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h2> Keterbatasan JWT </h2> <p>JWT memang dirancang untuk pertukaran informasi. Namun satu problem yang jelas adalah ketika misalnya data profil diubah dan kita butuh agar perubahan tersebut langsung berdampak terhadap penggunaan aplikasi, maka pada kondisi tersebut JWT tidak bisa diandalkan.<br> Jika untuk melihat perubahan itu harus melakukan penerbitan ulang JWT, maka sepertinya itu skenario yang terlalu memaksakan, tidak praktis.</p> <p>Fakta yang ada di lapangan, oleh berbagai sistem penyedia identitas (identity provider), yaitu antara dua kemungkinan:</p> <ul> <li>Token JWT bukan sebagai Access Token, melainkan hanya sebagai ID Token. Ini yang dilakukan oleh Apple.<sup>[6]</sup> </li> <li>Pihak provider menyediakan endpoint <code>/userinfo</code> dan butuh Access Token untuk memanggilnya. Ini yang dilakukan oleh Auth0.<sup>[7]</sup> </li> </ul> <p>Dalam kasus Apple, mereka tidak peduli terhadap perubahan profil pengguna dan cukup ID Token itu yang dijadikan patokan, selama masih valid.<br> Dari sisi aplikasi, bisa menetapkan durasi expiration, seperti yang ada di library <code>albenik-go/apple-sign-in</code> pada fungsi <a href="https://pkg.go.dev/github.com/albenik-go/apple-sign-in#Client.ValidateCode" rel="noopener noreferrer"><code>Client.ValidateCode</code></a>.</p> <p>Dalam kasus Auth0, Access Token yang digunakan untuk memanggil endpoint <code>/userinfo</code> bersifat opaque (tidak transparan). Artinya ketika aplikasi memperoleh Access Token, tidak untuk di-parse, sebab bukan JWT.</p> <h2> Userinfo: Tantangan dan Solusinya </h2> <p>Kita tahu bahwa urusan otentikasi dapat dikelola secara internal maupun eksternal.</p> <p>Meskipun di atas sudah disebutkan tentang keterbatasan pada JWT dan keunggulan adanya endpoint <code>/userinfo</code>, tapi kadang kita dihadapkan pada tantangan ketika aplikasinya harus mendukung beberapa penyedia identitas, contohnya Google dan Facebook.</p> <ul> <li>Google punya endpoint <code>/userinfo</code>.</li> <li>Facebook punya endpoint <code>/me</code>.</li> </ul> <p>Kalau hanya satu sumber data, kita bisa mengandalkannya. Tapi kalau lebih dari satu, itu juga menjadi masalah.<br> Mungkin endpoint tersebut hanya berguna untuk membantu pendaftaran pengguna, untuk mengisi profil di awal. Yang berarti aplikasi harus menyimpan data profil secara lokal.<br> Dalam kasus yang seperti ini, tidak ada bedanya antara penyedia identitas menggunakan endpoint <code>/userinfo</code> atau ID Token, karena hanya diakses sekali untuk masing-masing pengguna.</p> <p>Jadi dapat diambil kesimpulan bahwa harusnya selalu ada data profil lokal aplikasi, baik itu otentikasinya secara internal maupun eksternal.</p> <p>Sekarang untuk penyesuaian yang diperlukan di aplikasi demo kita:</p> <p>Di file <code>pkg/getaccess/handler.go</code>, baris 35-49:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="n">_</span><span class="p">,</span> <span class="n">ok</span> <span class="o">:=</span> <span class="n">users</span><span class="p">[</span><span class="n">fUser</span><span class="o">.</span><span class="n">ID</span><span class="p">]</span> <span class="k">if</span> <span class="o">!</span><span class="n">ok</span> <span class="p">{</span> <span class="k">return</span> <span class="n">c</span><span class="o">.</span><span class="n">SendStatus</span><span class="p">(</span><span class="n">fiber</span><span class="o">.</span><span class="n">StatusNotFound</span><span class="p">)</span> <span class="p">}</span> <span class="c">// Generate access token.</span> <span class="n">accessClaims</span> <span class="o">:=</span> <span class="n">jwt</span><span class="o">.</span><span class="n">MapClaims</span><span class="p">{</span> <span class="s">"sub"</span><span class="o">:</span> <span class="n">fUser</span><span class="o">.</span><span class="n">ID</span><span class="p">,</span> <span class="p">}</span> <span class="n">accessToken</span> <span class="o">:=</span> <span class="n">jwtutil</span><span class="o">.</span><span class="n">Sign</span><span class="p">(</span><span class="n">accessClaims</span><span class="p">,</span> <span class="m">5</span><span class="o">*</span><span class="n">time</span><span class="o">.</span><span class="n">Minute</span><span class="p">)</span> </code></pre> </div> <p>Di situ kita hanya membutuhkan informasi ID pengguna dan tidak menyertakan informasi lainnya untuk pembuatan Access Token.</p> <p>Kemudian di file <code>pkg/getprofile/handler.go</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">getprofile</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"github.com/gofiber/fiber/v2"</span> <span class="s">"github.com/golang-jwt/jwt/v4"</span> <span class="s">"how-to-hybrid-auth/pkg/store"</span> <span class="p">)</span> <span class="k">var</span> <span class="n">reservedClaims</span> <span class="o">=</span> <span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="k">struct</span><span class="p">{}{</span> <span class="s">"iss"</span><span class="o">:</span> <span class="p">{},</span> <span class="s">"aud"</span><span class="o">:</span> <span class="p">{},</span> <span class="s">"exp"</span><span class="o">:</span> <span class="p">{},</span> <span class="s">"nbf"</span><span class="o">:</span> <span class="p">{},</span> <span class="s">"iat"</span><span class="o">:</span> <span class="p">{},</span> <span class="s">"sub"</span><span class="o">:</span> <span class="p">{},</span> <span class="s">"jti"</span><span class="o">:</span> <span class="p">{},</span> <span class="p">}</span> <span class="k">func</span> <span class="n">Handle</span><span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">fiber</span><span class="o">.</span><span class="n">Ctx</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="n">auth</span> <span class="o">:=</span> <span class="n">c</span><span class="o">.</span><span class="n">Locals</span><span class="p">(</span><span class="s">"auth"</span><span class="p">)</span><span class="o">.</span><span class="p">(</span><span class="o">*</span><span class="n">jwt</span><span class="o">.</span><span class="n">Token</span><span class="p">)</span> <span class="n">claims</span> <span class="o">:=</span> <span class="n">auth</span><span class="o">.</span><span class="n">Claims</span><span class="o">.</span><span class="p">(</span><span class="n">jwt</span><span class="o">.</span><span class="n">MapClaims</span><span class="p">)</span> <span class="c">// Extract user ID from JWT claims.</span> <span class="n">userID</span><span class="p">,</span> <span class="n">ok</span> <span class="o">:=</span> <span class="n">claims</span><span class="p">[</span><span class="s">"sub"</span><span class="p">]</span><span class="o">.</span><span class="p">(</span><span class="kt">string</span><span class="p">)</span> <span class="k">if</span> <span class="o">!</span><span class="n">ok</span> <span class="p">{</span> <span class="k">return</span> <span class="n">c</span><span class="o">.</span><span class="n">SendStatus</span><span class="p">(</span><span class="n">fiber</span><span class="o">.</span><span class="n">StatusNotFound</span><span class="p">)</span> <span class="p">}</span> <span class="c">// Find user by ID.</span> <span class="n">users</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">store</span><span class="o">.</span><span class="n">Get</span><span class="p">(</span><span class="s">"users"</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="n">user</span><span class="p">,</span> <span class="n">ok</span> <span class="o">:=</span> <span class="n">users</span><span class="p">[</span><span class="n">userID</span><span class="p">]</span> <span class="k">if</span> <span class="o">!</span><span class="n">ok</span> <span class="p">{</span> <span class="k">return</span> <span class="n">c</span><span class="o">.</span><span class="n">SendStatus</span><span class="p">(</span><span class="n">fiber</span><span class="o">.</span><span class="n">StatusNotFound</span><span class="p">)</span> <span class="p">}</span> <span class="k">return</span> <span class="n">c</span><span class="o">.</span><span class="n">JSON</span><span class="p">(</span><span class="n">user</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>Di situ pertama kita memastikan bahwa JWT berisi claim "sub", yang itu adalah ID pengguna. Setelah itu kita mencari data pengguna berdasarkan ID tersebut.</p> <p>Dengan begitu, hasil yang didapat akan selalu sesuai dengan data profil saat ini.</p> <p>Jawaban pertama:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Catur"</span><span class="p">,</span><span class="w"> </span><span class="nl">"role"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Developer"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Jawaban kedua setelah data berubah:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Catur"</span><span class="p">,</span><span class="w"> </span><span class="nl">"role"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Maintainer"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h2> Referensi </h2> <ol> <li><a href="https://doubleoctopus.com/security-wiki/network-architecture/stateless-authentication/" rel="noopener noreferrer">https://doubleoctopus.com/security-wiki/network-architecture/stateless-authentication/</a></li> <li><a href="https://youtu.be/XfjQ2qO4ca8" rel="noopener noreferrer">https://youtu.be/XfjQ2qO4ca8</a></li> <li><a href="https://developer.okta.com/blog/2020/12/21/beginners-guide-to-jwt" rel="noopener noreferrer">https://developer.okta.com/blog/2020/12/21/beginners-guide-to-jwt</a></li> <li><a href="https://medium.facilelogin.com/jwt-jws-and-jwe-for-not-so-dummies-b63310d201a3" rel="noopener noreferrer">https://medium.facilelogin.com/jwt-jws-and-jwe-for-not-so-dummies-b63310d201a3</a></li> <li><a href="https://auth0.com/docs/secure/tokens/json-web-tokens/json-web-token-claims" rel="noopener noreferrer">https://auth0.com/docs/secure/tokens/json-web-tokens/json-web-token-claims</a></li> <li><a href="https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_rest_api/authenticating_users_with_sign_in_with_apple" rel="noopener noreferrer">https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_rest_api/authenticating_users_with_sign_in_with_apple</a></li> <li><a href="https://auth0.com/docs/secure/tokens/access-tokens" rel="noopener noreferrer">https://auth0.com/docs/secure/tokens/access-tokens</a></li> </ol> <h2> Bacaan/Tontonan Lanjutan </h2> <ol> <li>Bagaimana cara logout ketika menggunakan JWT: <a href="https://medium.com/devgorilla/how-to-log-out-when-using-jwt-a8c7823e8a6" rel="noopener noreferrer">https://medium.com/devgorilla/how-to-log-out-when-using-jwt-a8c7823e8a6</a> </li> <li>Mengenal OpenID Connect: <a href="https://www.youtube.com/watch?v=6DxRTJN1Ffo&amp;list=PLKCk3OyNwIzuD_jxWu-JddooM2yjX5q99&amp;index=12" rel="noopener noreferrer">https://www.youtube.com/watch?v=6DxRTJN1Ffo&amp;list=PLKCk3OyNwIzuD_jxWu-JddooM2yjX5q99&amp;index=12</a> </li> </ol> go tutorial