The latest articles on DEV Community by instanceofGod (@instanceofgod). https://dev.to/instanceofgod https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F476942%2F6f47c250-511a-46f0-b526-f4718b536d38.jpeg https://dev.to/instanceofgod en instanceofGod Tue, 17 Mar 2026 16:41:57 +0000 https://dev.to/instanceofgod/pin-encryption-decryption-with-rsa-in-nodejs-22d1 https://dev.to/instanceofgod/pin-encryption-decryption-with-rsa-in-nodejs-22d1 <h2> Table of Contents </h2> <ol> <li>Why PIN encryption matters</li> <li>Core terms defined</li> <li>How RSA works</li> <li>Anatomy of a key pair</li> <li>The OpenSSLUtil class, line by line</li> <li>The full encrypt → transmit → decrypt flow</li> <li>Working with keys in the terminal</li> <li>Common pitfalls &amp; security notes</li> <li>Conclusion</li> </ol> <h2> 1. Why PIN encryption matters </h2> <p>Every time a user taps their 4-digit PIN into a mobile banking app or payment terminal, those four digits travel from device to server. If they travel as plain text — say, <code>{"pin": "1234"}</code> — anyone who can intercept the HTTP request, peek at server logs, or read a database dump will see that PIN immediately. That is a catastrophic failure mode.</p> <p>The solution is asymmetric encryption. The server holds a private key that it never shares. The client has a copy of the corresponding public key. The client encrypts the PIN before it leaves the device, and only the server — with its private key — can decrypt it. No intermediary, no log, no network sniffer can read the PIN in transit.</p> <p>The code snippet in this article is a production-ready implementation of this pattern, built on Node.js's built-in <code>crypto</code> module using RSA-OAEP encryption with SHA-256 — the modern, recommended approach. This article walks through every part of it, explaining the concepts before the code.</p> <h2> 2. Core terms defined </h2> <p>Before touching a single line of code, you need a working vocabulary. These terms will come up again and again.</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Term</th> <th>Definition</th> </tr> </thead> <tbody> <tr> <td><strong>Plaintext</strong></td> <td>The original readable data before any encryption. In our case, the PIN — e.g. the string <code>"1234"</code>.</td> </tr> <tr> <td><strong>Ciphertext</strong></td> <td>The scrambled output after encryption. Looks like random bytes. Example: a 256-byte binary blob that encodes to a long base64 string.</td> </tr> <tr> <td><strong>Encryption</strong></td> <td>The process of transforming plaintext into ciphertext using a key and an algorithm. Without the correct decryption key, ciphertext is meaningless.</td> </tr> <tr> <td><strong>Decryption</strong></td> <td>The reverse: transforming ciphertext back into plaintext using the correct key.</td> </tr> <tr> <td><strong>RSA</strong></td> <td>Rivest–Shamir–Adleman. A widely used <em>asymmetric</em> encryption algorithm based on the mathematical difficulty of factoring very large numbers.</td> </tr> <tr> <td><strong>Asymmetric encryption</strong></td> <td>A scheme that uses <em>two different keys</em>: a public key to encrypt, and a private key to decrypt. You can freely share the public key — knowing it does not help you decrypt.</td> </tr> <tr> <td><strong>Symmetric encryption</strong></td> <td>A scheme that uses the <em>same key</em> for both encryption and decryption (e.g. AES). Fast, but the key must be shared securely — which is the hard part.</td> </tr> <tr> <td><strong>Public key</strong></td> <td>One half of the RSA key pair. Safe to share with anyone. Used to <em>encrypt</em> data or <em>verify</em> signatures.</td> </tr> <tr> <td><strong>Private key</strong></td> <td>The other half. Must be kept secret. Used to <em>decrypt</em> data or <em>create</em> signatures. If an attacker gets this, all security is lost.</td> </tr> <tr> <td><strong>OAEP padding</strong></td> <td>Optimal Asymmetric Encryption Padding. The modern, secure padding scheme for RSA. Uses a hash function (SHA-256 in this codebase) to produce randomised, tamper-resistant ciphertext. Resistant to padding oracle attacks.</td> </tr> <tr> <td><strong>PKCS#8</strong></td> <td>A standard format for encoding private keys. Node.js v17+ requires private keys to be in PKCS#8 format (begins with <code>-----BEGIN PRIVATE KEY-----</code>).</td> </tr> <tr> <td><strong>PEM format</strong></td> <td>Privacy Enhanced Mail. A base64-encoded wrapper for certificates and keys with a human-readable header and footer. The <code>-----BEGIN ...-----</code> / <code>-----END ...-----</code> lines you see in key files.</td> </tr> <tr> <td><strong>Base64</strong></td> <td>An encoding (not encryption!) that converts binary data into printable ASCII characters. Used to safely include binary ciphertext in JSON or URL parameters.</td> </tr> <tr> <td><strong>Digital signature</strong></td> <td>A cryptographic proof that a message was created by the holder of a private key and has not been tampered with. Created with the private key; verified with the public key.</td> </tr> <tr> <td><strong>Buffer</strong></td> <td>Node.js's representation of raw binary data. Crypto operations work on Buffers, not JavaScript strings.</td> </tr> <tr> <td><strong>SHA-256</strong></td> <td>A cryptographic hash function that produces a fixed 256-bit digest of any input. Used both in OAEP padding and in the signing algorithm.</td> </tr> </tbody> </table></div> <h2> 3. How RSA works </h2> <p>You do not need to understand the mathematics in depth, but a conceptual model will prevent a lot of confusion later.</p> <p>RSA relies on a simple fact: multiplying two large prime numbers together is easy, but factoring the result back into those two primes is computationally infeasible. The public and private keys are derived from this relationship — one cannot be practically computed from the other.</p> <p><strong>Encryption with the public key:</strong></p> <ul> <li>Anyone can encrypt a message</li> <li>Freely distribute your public key</li> <li>OAEP padding makes output non-deterministic</li> <li>Only the private key holder can read it</li> </ul> <p><strong>Decryption with the private key:</strong></p> <ul> <li>Only the key holder can decrypt</li> <li>Private key never leaves the server</li> <li>Decryption always yields the same original plaintext</li> <li>Losing the private key = losing access</li> </ul> <p>A common analogy: the public key is like an open padlock you hand to everyone. Anyone can snap it shut (encrypt). Only you have the physical key that opens it (decrypt).</p> <blockquote> <p><strong>Note — RSA is not for bulk data</strong></p> <p>RSA can only encrypt data smaller than its key size minus padding overhead. A 2048-bit key with OAEP-SHA256 can encrypt at most ~190 bytes of data. This is perfect for short secrets like PINs, passwords, or symmetric keys — but you would never RSA-encrypt a file. For large data, RSA is used to encrypt a random AES key, then AES encrypts the actual data. This hybrid approach is what TLS does.</p> </blockquote> <h2> 4. Anatomy of a key pair </h2> <p>The example gives you a 2048-bit RSA key pair. Let's understand what you are looking at.</p> <h3> The public key </h3> <p>Safe to share, embed in your mobile app, or publish in your documentation. It begins with:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnFBPODvVUdzXxGkXG0OP HQ0zDS3xf1uD7tY8mJKWrjSLMf2CeZtWYNlT2xq40R7x5VTn1rnKbgnBZg2ynyLh... -----END PUBLIC KEY----- </code></pre> </div> <p>This is PEM format — the binary key data encoded in base64, wrapped with header and footer lines. The actual key material is the base64 between the markers.</p> <h3> The private key (PKCS#8) </h3> <p>Never share this. It begins with <code>-----BEGIN PRIVATE KEY-----</code> (not <code>BEGIN RSA PRIVATE KEY</code>, which is the older PKCS#1 format). Node.js v17+ requires PKCS#8. This is why the setup guide includes a conversion command:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Convert PKCS#1 to PKCS#8 (Node.js v17+ requires this)</span> openssl pkcs8 <span class="nt">-topk8</span> <span class="nt">-nocrypt</span> <span class="nt">-in</span> old_private.pem <span class="nt">-out</span> new_private_pkcs8.pem </code></pre> </div> <h3> Key format summary </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Header line</th> <th>Format</th> <th>Used for</th> </tr> </thead> <tbody> <tr> <td><code>BEGIN RSA PRIVATE KEY</code></td> <td>PKCS#1</td> <td>Older OpenSSL tools. Not accepted by Node.js v17+.</td> </tr> <tr> <td><code>BEGIN PRIVATE KEY</code></td> <td>PKCS#8</td> <td>Modern standard. Required by Node.js <code>createPrivateKey</code>.</td> </tr> <tr> <td><code>BEGIN ENCRYPTED PRIVATE KEY</code></td> <td>PKCS#8 encrypted</td> <td>Private key protected with a passphrase.</td> </tr> <tr> <td><code>BEGIN PUBLIC KEY</code></td> <td>X.509 SubjectPublicKeyInfo</td> <td>Standard public key format.</td> </tr> </tbody> </table></div> <h2> 5. The OpenSSLUtil class, line by line </h2> <p>Now let's walk through the implementation. The class has three main responsibilities: loading the key pair, encrypting with the public key, and decrypting with the private key. There is also a bonus signing method.</p> <h3> Constructor and key loading </h3> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">class</span> <span class="nc">OpenSSLUtil</span> <span class="p">{</span> <span class="nf">constructor</span><span class="p">()</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nx">keyPair</span> <span class="o">=</span> <span class="k">this</span><span class="p">.</span><span class="nf">_readKeyPair</span><span class="p">();</span> <span class="c1">// Key parsing happens once at startup — not on every request.</span> <span class="p">}</span> <span class="nf">_readKeyPair</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="na">privateKey</span><span class="p">:</span> <span class="nx">privatePem</span><span class="p">,</span> <span class="nx">passphrase</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">config</span><span class="p">.</span><span class="nx">rsaConfig</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">privateKey</span> <span class="o">=</span> <span class="nx">crypto</span><span class="p">.</span><span class="nf">createPrivateKey</span><span class="p">({</span> <span class="na">key</span><span class="p">:</span> <span class="nx">privatePem</span><span class="p">,</span> <span class="na">format</span><span class="p">:</span> <span class="dl">'</span><span class="s1">pem</span><span class="dl">'</span><span class="p">,</span> <span class="p">...(</span><span class="nx">passphrase</span> <span class="o">&amp;&amp;</span> <span class="p">{</span> <span class="nx">passphrase</span> <span class="p">})</span> <span class="p">});</span> <span class="c1">// Derive the public key from the private key — no need to store both</span> <span class="kd">const</span> <span class="nx">publicKey</span> <span class="o">=</span> <span class="nx">crypto</span><span class="p">.</span><span class="nf">createPublicKey</span><span class="p">(</span><span class="nx">privateKey</span><span class="p">);</span> <span class="k">return</span> <span class="p">{</span> <span class="nx">privateKey</span><span class="p">,</span> <span class="nx">publicKey</span> <span class="p">};</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <blockquote> <p><strong>Why derive the public key from the private key?</strong></p> <p>A private key mathematically contains all the information needed to reconstruct the public key. Calling <code>crypto.createPublicKey(privateKey)</code> is safe, convenient, and avoids having to store or sync two separate key files. You only need to protect the private key.</p> </blockquote> <h3> Encrypt method — OAEP-SHA256 </h3> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nf">encrypt</span><span class="p">(</span><span class="nx">text</span><span class="p">)</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">encrypted</span> <span class="o">=</span> <span class="nx">crypto</span><span class="p">.</span><span class="nf">publicEncrypt</span><span class="p">(</span> <span class="p">{</span> <span class="na">key</span><span class="p">:</span> <span class="k">this</span><span class="p">.</span><span class="nx">keyPair</span><span class="p">.</span><span class="nx">publicKey</span><span class="p">,</span> <span class="na">padding</span><span class="p">:</span> <span class="nx">crypto</span><span class="p">.</span><span class="nx">constants</span><span class="p">.</span><span class="nx">RSA_PKCS1_OAEP_PADDING</span><span class="p">,</span> <span class="na">oaepHash</span><span class="p">:</span> <span class="dl">'</span><span class="s1">sha256</span><span class="dl">'</span> <span class="c1">// OAEP with SHA-256: secure, modern, tamper-resistant</span> <span class="p">},</span> <span class="nx">Buffer</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="nx">text</span><span class="p">)</span> <span class="c1">// convert string → binary Buffer</span> <span class="p">);</span> <span class="k">return</span> <span class="nx">encrypted</span><span class="p">.</span><span class="nf">toString</span><span class="p">(</span><span class="dl">'</span><span class="s1">base64</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// binary → base64 string</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">e</span><span class="p">)</span> <span class="p">{</span> <span class="nx">logger</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Could not encrypt data: </span><span class="dl">'</span><span class="p">,</span> <span class="nx">e</span><span class="p">);</span> <span class="k">return</span> <span class="kc">null</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Breaking this down step by step:</p> <ol> <li> <strong><code>Buffer.from(text)</code></strong> — Converts the string <code>"1234"</code> into raw bytes. RSA encryption operates on binary data, not JavaScript strings.</li> <li> <strong><code>RSA_PKCS1_OAEP_PADDING</code></strong> — Applies OAEP padding using SHA-256 as the hash function. OAEP uses a random seed internally, so encrypting the same PIN twice produces completely different ciphertexts — making brute-force and rainbow-table attacks impractical.</li> <li> <strong><code>oaepHash: 'sha256'</code></strong> — Specifies SHA-256 as the hash used inside the OAEP padding scheme. This must match on both encrypt and decrypt.</li> <li> <strong><code>.toString('base64')</code></strong> — Encodes the binary output as a base64 string, making it safe to include in JSON request bodies or HTTP headers.</li> </ol> <h3> Decrypt method — OAEP-SHA256 </h3> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nf">decrypt</span><span class="p">(</span><span class="nx">encrypted</span><span class="p">)</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="c1">// Accept either a base64 string or a raw Buffer</span> <span class="kd">const</span> <span class="nx">buffer</span> <span class="o">=</span> <span class="k">typeof</span> <span class="nx">encrypted</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">string</span><span class="dl">'</span> <span class="p">?</span> <span class="nx">Buffer</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="nx">encrypted</span><span class="p">,</span> <span class="dl">'</span><span class="s1">base64</span><span class="dl">'</span><span class="p">)</span> <span class="c1">// base64 string → binary Buffer</span> <span class="p">:</span> <span class="nx">encrypted</span><span class="p">;</span> <span class="c1">// already a Buffer, use as-is</span> <span class="kd">const</span> <span class="nx">decrypted</span> <span class="o">=</span> <span class="nx">crypto</span><span class="p">.</span><span class="nf">privateDecrypt</span><span class="p">(</span> <span class="p">{</span> <span class="na">key</span><span class="p">:</span> <span class="k">this</span><span class="p">.</span><span class="nx">keyPair</span><span class="p">.</span><span class="nx">privateKey</span><span class="p">,</span> <span class="na">padding</span><span class="p">:</span> <span class="nx">crypto</span><span class="p">.</span><span class="nx">constants</span><span class="p">.</span><span class="nx">RSA_PKCS1_OAEP_PADDING</span><span class="p">,</span> <span class="na">oaepHash</span><span class="p">:</span> <span class="dl">'</span><span class="s1">sha256</span><span class="dl">'</span> <span class="c1">// must match what was used in encrypt()</span> <span class="p">},</span> <span class="nx">buffer</span> <span class="p">);</span> <span class="k">return</span> <span class="nx">decrypted</span><span class="p">.</span><span class="nf">toString</span><span class="p">(</span><span class="dl">'</span><span class="s1">utf8</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// binary → original string</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">e</span><span class="p">)</span> <span class="p">{</span> <span class="nx">logger</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Could not decrypt data: </span><span class="dl">'</span><span class="p">,</span> <span class="nx">e</span><span class="p">);</span> <span class="k">return</span> <span class="kc">null</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <blockquote> <p><strong>Warning — Padding scheme and hash must match on both ends</strong></p> <p>Both <code>encrypt()</code> and <code>decrypt()</code> use <code>RSA_PKCS1_OAEP_PADDING</code> with <code>oaepHash: 'sha256'</code>. If you encrypt with one hash and attempt to decrypt with another, decryption will silently fail and return <code>null</code>. Always keep these parameters consistent across your entire stack — including any client-side or terminal-based encryption.</p> </blockquote> <h3> Sign method </h3> <p>Signing is separate from encryption. A signature does not hide the content — it <em>proves authorship</em> and integrity. You sign with your private key; anyone with your public key can verify the signature.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nf">sign</span><span class="p">(</span><span class="nx">text</span><span class="p">)</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">sign</span> <span class="o">=</span> <span class="nx">crypto</span><span class="p">.</span><span class="nf">createSign</span><span class="p">(</span><span class="dl">'</span><span class="s1">SHA256</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// 1. Feed the data into the sign object</span> <span class="nx">sign</span><span class="p">.</span><span class="nf">update</span><span class="p">(</span><span class="nx">text</span><span class="p">,</span> <span class="dl">'</span><span class="s1">utf8</span><span class="dl">'</span><span class="p">);</span> <span class="nx">sign</span><span class="p">.</span><span class="nf">end</span><span class="p">();</span> <span class="c1">// 2. Finalize: hash the data with SHA-256, then RSA-sign the hash</span> <span class="k">return</span> <span class="nx">sign</span><span class="p">.</span><span class="nf">sign</span><span class="p">(</span><span class="k">this</span><span class="p">.</span><span class="nx">keyPair</span><span class="p">.</span><span class="nx">privateKey</span><span class="p">,</span> <span class="dl">'</span><span class="s1">base64</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">e</span><span class="p">)</span> <span class="p">{</span> <span class="nx">logger</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Could not sign data: </span><span class="dl">'</span><span class="p">,</span> <span class="nx">e</span><span class="p">);</span> <span class="k">return</span> <span class="kc">null</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>The signing algorithm does two things internally: it first runs <code>SHA256(text)</code> to produce a 32-byte digest, then RSA-encrypts that digest with the private key. The result is a 256-byte (2048-bit) signature, returned as base64.</p> <h3> Module export as singleton </h3> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Export a single shared instance (not the class itself)</span> <span class="nx">module</span><span class="p">.</span><span class="nx">exports</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">OpenSSLUtil</span><span class="p">();</span> <span class="c1">// Usage elsewhere in the codebase:</span> <span class="kd">const</span> <span class="nx">openssl</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">./utils/openssl-util</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">encryptedPin</span> <span class="o">=</span> <span class="nx">openssl</span><span class="p">.</span><span class="nf">encrypt</span><span class="p">(</span><span class="dl">'</span><span class="s1">1234</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">recoveredPin</span> <span class="o">=</span> <span class="nx">openssl</span><span class="p">.</span><span class="nf">decrypt</span><span class="p">(</span><span class="nx">encryptedPin</span><span class="p">);</span> </code></pre> </div> <p>Exporting <code>new OpenSSLUtil()</code> rather than the class itself means the key parsing happens once at startup. Every module that requires this file gets the same instance with the already-loaded keys — no repeated I/O or parsing overhead per request.</p> <h2> 6. The full encrypt → transmit → decrypt flow </h2> <p>Here is the complete lifecycle of a PIN from a client device to a server response, as the codebase implements it.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Client has public key ↓ User enters PIN ↓ Encrypt with public key (OAEP-SHA256) ↓ Base64 encode ↓ HTTPS POST ↓ Server decrypts with private key ↓ Plaintext PIN </code></pre> </div> <h3> Step 1 — Client encrypts the PIN (terminal simulation) </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Encrypt "1234" using OAEP with SHA-256 and output as base64</span> <span class="nb">echo</span> <span class="nt">-n</span> <span class="s2">"1234"</span> | openssl pkeyutl <span class="nt">-encrypt</span> <span class="nt">-pubin</span> <span class="nt">-inkey</span> public.pem <span class="se">\</span> <span class="nt">-pkeyopt</span> rsa_padding_mode:oaep <span class="nt">-pkeyopt</span> rsa_oaep_md:sha256 | <span class="nb">base64</span> <span class="c"># Output:</span> mK9xZq2Tp7fVnBsLuR4dAe8cWyOhXiGj... <span class="c"># Run again — you'll get a completely different string (OAEP is non-deterministic)</span> </code></pre> </div> <h3> Step 2 — Client sends the encrypted PIN </h3> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"pin"</span><span class="p">:</span><span class="w"> </span><span class="s2">"mK9xZq2Tp7fVnBsLuR4dAe8cWyOhXiGj..."</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <blockquote> <p><strong>Why is this safe even over plain HTTP?</strong></p> <p>Even if an attacker intercepts this JSON, they see only the base64 ciphertext — not the PIN. Without the private key (which never leaves the server), they cannot decrypt it. That said, you should still use HTTPS. Defence in depth means multiple layers of protection.</p> </blockquote> <h3> Step 3 — Server decrypts and verifies </h3> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">openssl</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">../../utils/openssl-util</span><span class="dl">'</span><span class="p">);</span> <span class="nx">router</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="dl">'</span><span class="s1">/</span><span class="dl">'</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">username</span><span class="p">,</span> <span class="nx">pin</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">body</span><span class="p">;</span> <span class="c1">// Decrypt the incoming base64 string back to plaintext</span> <span class="kd">const</span> <span class="nx">decryptedPin</span> <span class="o">=</span> <span class="nx">openssl</span><span class="p">.</span><span class="nf">decrypt</span><span class="p">(</span><span class="nx">pin</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">decryptedPin</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">400</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Invalid encrypted PIN</span><span class="dl">'</span> <span class="p">});</span> <span class="p">}</span> <span class="c1">// Never store the raw PIN — hash it before comparison</span> <span class="kd">const</span> <span class="nx">pinHash</span> <span class="o">=</span> <span class="nx">crypto</span> <span class="p">.</span><span class="nf">createHash</span><span class="p">(</span><span class="dl">'</span><span class="s1">sha256</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">update</span><span class="p">(</span><span class="nx">decryptedPin</span><span class="p">)</span> <span class="p">.</span><span class="nf">digest</span><span class="p">(</span><span class="dl">'</span><span class="s1">hex</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// Compare hash against what is stored in the database</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">findUserByPhone</span><span class="p">(</span><span class="nx">phonenumber</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">user</span> <span class="o">||</span> <span class="nx">user</span><span class="p">.</span><span class="nx">pinHash</span> <span class="o">!==</span> <span class="nx">pinHash</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">401</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Invalid credentials</span><span class="dl">'</span> <span class="p">});</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">token</span> <span class="o">=</span> <span class="nf">generateSessionToken</span><span class="p">(</span><span class="nx">user</span><span class="p">.</span><span class="nx">id</span><span class="p">);</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">({</span> <span class="nx">token</span> <span class="p">});</span> <span class="p">});</span> </code></pre> </div> <h2> 7. Working with keys in the terminal </h2> <p>The provided setup guide includes several OpenSSL terminal commands. Here is what each one does and when to use it.</p> <h3> Generate a fresh key pair </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Generate a 2048-bit RSA private key and immediately convert to PKCS#8</span> openssl genrsa 2048 | openssl pkcs8 <span class="nt">-topk8</span> <span class="nt">-nocrypt</span> <span class="nt">-out</span> private_pkcs8.pem <span class="c"># Derive the public key from the private key</span> openssl rsa <span class="nt">-in</span> private_pkcs8.pem <span class="nt">-pubout</span> <span class="nt">-out</span> public.pem </code></pre> </div> <h3> Encrypt a PIN for testing (OAEP) </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Encrypt "1234" using OAEP with SHA-256 and output as base64</span> <span class="nb">echo</span> <span class="nt">-n</span> <span class="s2">"1234"</span> | openssl pkeyutl <span class="nt">-encrypt</span> <span class="nt">-pubin</span> <span class="nt">-inkey</span> public.pem <span class="se">\</span> <span class="nt">-pkeyopt</span> rsa_padding_mode:oaep <span class="nt">-pkeyopt</span> rsa_oaep_md:sha256 | <span class="nb">base64</span> <span class="c"># Verify round-trip: decrypt the output back to the original PIN</span> <span class="nb">echo</span> <span class="s2">"mK9xZq2..."</span> | <span class="nb">base64</span> <span class="nt">-d</span> | openssl pkeyutl <span class="nt">-decrypt</span> <span class="se">\</span> <span class="nt">-inkey</span> private_pkcs8.pem <span class="nt">-pkeyopt</span> rsa_padding_mode:oaep <span class="nt">-pkeyopt</span> rsa_oaep_md:sha256 <span class="c"># Output: 1234</span> </code></pre> </div> <h3> Convert the key to a JSON-safe escaped string </h3> <p>Config files like <code>config.json</code> cannot store multi-line strings. The private key PEM has newlines, so you need to escape them as <code>\n</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Node.js method</span> node <span class="nt">-e</span> <span class="s2">"console.log(require('fs').readFileSync('private_pkcs8.pem','utf8').replace(/</span><span class="se">\n</span><span class="s2">/g,'</span><span class="se">\\</span><span class="s2">n'))"</span> <span class="c"># Python method (often more reliable across platforms)</span> python3 <span class="nt">-c</span> <span class="s2">"print(open('private_pkcs8.pem').read().replace('</span><span class="se">\n</span><span class="s2">', '</span><span class="se">\\</span><span class="s2">n'))"</span> <span class="c"># awk method</span> <span class="nb">awk</span> <span class="s1">'NF {printf "%s\\n", $0} END {print ""}'</span> private_pkcs8.pem </code></pre> </div> <p>The resulting single-line string can be pasted directly into your config:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"config"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"privateKey"</span><span class="p">:</span><span class="w"> </span><span class="s2">"-----BEGIN PRIVATE KEY-----</span><span class="se">\n</span><span class="s2">MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEA...</span><span class="se">\n</span><span class="s2">-----END PRIVATE KEY-----</span><span class="se">\n</span><span class="s2">"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <blockquote> <p><strong>Warning — Never commit private keys to version control</strong></p> <p>The private key in this article is a test key. Never commit a real private key to a git repository, even a private one. Store keys in environment variables, a secrets manager (AWS Secrets Manager, HashiCorp Vault), or an encrypted config service.</p> </blockquote> <h2> 8. Common pitfalls &amp; security notes </h2> <h3> Don't log decrypted PINs </h3> <p>The <code>catch</code> blocks in the utility log errors. Never add a <code>console.log(decryptedPin)</code> for debugging. Application logs often end up in log aggregation platforms, and PINs in plaintext in logs are a compliance violation.</p> <h3> Singleton means shared state </h3> <p>The module exports <code>new OpenSSLUtil()</code> — a singleton. The key pair is shared across all requests. This is fine if keys are read-only after initialization. But if you ever implement key rotation, you need to handle the transition carefully to avoid decryption failures on in-flight requests.</p> <h3> OAEP encryption is non-deterministic — that's a feature </h3> <p>Encrypting <code>"1234"</code> twice will produce two completely different ciphertexts. OAEP padding incorporates a random seed on every operation. This means an attacker cannot use a pre-computed rainbow table to map ciphertexts back to PINs, and cannot tell whether two encrypted values are the same PIN. Each encryption is cryptographically unique.</p> <h3> Encryption vs signing — knowing when to use each </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Scenario</th> <th>Use</th> <th>Why</th> </tr> </thead> <tbody> <tr> <td>Sending a PIN from client to server</td> <td>Encrypt (public key, OAEP)</td> <td>Keeps PIN confidential in transit</td> </tr> <tr> <td>Server proves a response came from it</td> <td>Sign (private key)</td> <td>Client can verify with public key</td> </tr> <tr> <td>Client proves a request came from it</td> <td>Sign with client's private key</td> <td>Requires client-side key management</td> </tr> <tr> <td>Storing a PIN for comparison</td> <td>Hash (bcrypt / SHA-256)</td> <td>One-way — even server can't recover plaintext</td> </tr> </tbody> </table></div> <h2> 9. Conclusion </h2> <p>PIN encryption with RSA-OAEP in Node.js is a well-trodden pattern that, when implemented correctly, provides strong guarantees: a PIN that leaves a client device is unreadable to anyone who intercepts it, because only the server's private key can unlock it.</p> <p>The key ideas to carry forward are:</p> <ol> <li> <strong>Asymmetric encryption</strong> solves the key-distribution problem. Share the public key freely; guard the private key absolutely.</li> <li> <strong>OAEP with SHA-256</strong> is the modern, secure padding choice. It is non-deterministic, tamper-resistant, and immune to padding oracle attacks — use it for all new RSA encryption.</li> <li> <strong>Buffer ↔ string conversions</strong> are explicit in Node.js. Always know whether you are working with binary data or a string, and which encoding (base64, utf8, hex) bridges them.</li> <li> <strong>PKCS#8 is the modern format.</strong> If you see <code>BEGIN RSA PRIVATE KEY</code>, convert it before passing it to Node.js v17+.</li> <li> <strong>Encryption is not storage.</strong> After decrypting a PIN on the server, hash it before comparing to the stored value. RSA encryption is for transit security, not at-rest security.</li> </ol> <p>From here, your natural next steps are implementing key rotation, considering hybrid encryption (RSA wrapping an AES key) for any payloads larger than a short PIN, and exploring the browser's WebCrypto API for client-side encryption using the same OAEP scheme.</p> security encryption beginners node instanceofGod Fri, 20 Feb 2026 20:02:38 +0000 https://dev.to/instanceofgod/building-a-production-ready-rag-application-with-fastapi-langchain-and-google-gemini-a-deep-dive-37jl https://dev.to/instanceofgod/building-a-production-ready-rag-application-with-fastapi-langchain-and-google-gemini-a-deep-dive-37jl <p>Picture this: You’ve just deployed a shiny new AI assistant for your company. Your stakeholders are thrilled. Then, a highly-valued client asks it a crucial question about your brand-new, unreleased product documentation. The AI, possessing all the confidence in the world, proceeds to completely hallucinate an answer based on what it read on the internet two years ago. </p> <p>This is the fatal flaw of standard Large Language Models (LLMs). Out of the box, they are incredibly articulate but fundamentally ignorant about <em>your</em> proprietary, real-time, or deeply domain-specific data. They confidently guess when they don't know the answer.</p> <p>Enter <strong>Retrieval-Augmented Generation (RAG)</strong>—the silver bullet for LLM hallucination. </p> <p>Think of RAG as giving your AI an open-book test. Instead of relying on its static memory, a RAG system securely searches your private databases for the exact, relevant context and injects it directly into the prompt <em>before</em> the LLM generates a response. You instantly transform a generic AI into a precise domain expert on your custom data.</p> <p>While there are plenty of simple "hello world" RAG tutorials out there, building something that scales requires careful software design. In this comprehensive deep-dive tutorial, we aren't just writing toy Jupyter cells. I will walk you through building a modular, multi-storage, production-ready RAG web service from scratch using FastAPI, LangChain, and Google Gemini—an architecture that you can actually deploy to the real world.</p> <h2> 1. Our Technology Stack </h2> <p>Instead of bloated orchestrators, we'll build on a lean, highly performant stack:</p> <ul> <li> <strong>FastAPI</strong>: A modern, wildly fast web framework for building our backend API. It gives us async capabilities, automatic data validation, and built-in Swagger UI.</li> <li> <strong>LangChain &amp; LCEL</strong>: The leading framework to orchestrate LLM workflows. We'll heavily utilize LangChain Expression Language (LCEL) for declarative, readable pipelines.</li> <li> <strong>Google Generative AI (Gemini)</strong>: We'll power our system using two models: <ul> <li> <code>gemini-embedding-001</code> for mapping text to vectors.</li> <li> <code>gemini-2.5-flash</code> for blindingly fast and intelligent text generation.</li> </ul> </li> <li> <strong>Durable Vector Stores</strong>: To store and query embeddings, our application dynamically supports: <ul> <li> <strong>Pinecone</strong>: A fully managed, cloud-native vector database.</li> <li> <strong>FAISS</strong>: Facebook AI Similarity Search for blistering local performance.</li> <li> <strong>Cloud Backups</strong>: Built-in support for synchronizing our FAISS indexes with <strong>AWS S3</strong> or <strong>Google Cloud Storage (GCS)</strong>.</li> </ul> </li> </ul> <h2> 2. Project Architecture </h2> <p>Before jumping into the implementation, let's map out our project structure. A good RAG application separates the HTTP layer, the orchestration layer, and the data layer.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>rag-app/ ├── main.py # FastAPI application entry point ├── endpoints.py # API route definitions ├── rag.py # Core RAG logic &amp; LLM orchestration ├── vector_stores/ # Vector Database integrations │ ├── __init__.py │ ├── pinecone_store.py # Managed Cloud Vector DB │ ├── faiss_store.py # Local Disk FAISS │ ├── s3_store.py # AWS S3 backed FAISS │ └── gcs_store.py # Google Cloud Storage backed FAISS ├── data/ # Your raw PDFs, TXTs, MDs, etc. ├── .env # Environment variables └── requirements.txt # Dependencies </code></pre> </div> <p>To follow along, make sure your core dependencies are installed:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>pip <span class="nb">install </span>fastapi uvicorn langchain langchain-core langchain-google-genai langchain-pinecone pinecone pydantic python-dotenv faiss-cpu google-cloud-storage boto3 </code></pre> </div> <h2> 3. The Data Layer: Multi-Backend Vector Stores </h2> <p>Vector stores hold our document "embeddings" (mathematical representations of text in n-dimensional space). This allows us to perform rapid "similarity searches" using cosine similarity or euclidean distance to find text chunks semantically related to a user's question.</p> <p>Because production environments vary, we designed our data layer to be dynamic based on environment variables.</p> <h3> Option A: Cloud-Native with Pinecone </h3> <p>For a fully managed experience, we use Pinecone (<code>vector_stores/pinecone_store.py</code>):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">os</span> <span class="kn">from</span> <span class="n">langchain_pinecone</span> <span class="kn">import</span> <span class="n">PineconeVectorStore</span> <span class="kn">from</span> <span class="n">langchain_text_splitters</span> <span class="kn">import</span> <span class="n">RecursiveCharacterTextSplitter</span> <span class="kn">from</span> <span class="n">langchain_community.document_loaders</span> <span class="kn">import</span> <span class="n">DirectoryLoader</span> <span class="kn">from</span> <span class="n">pinecone</span> <span class="kn">import</span> <span class="n">Pinecone</span> <span class="k">def</span> <span class="nf">setup_pinecone</span><span class="p">(</span><span class="n">embeddings</span><span class="p">,</span> <span class="n">data_dir</span><span class="p">):</span> <span class="sh">"""</span><span class="s">Setup Pinecone vector store</span><span class="sh">"""</span> <span class="n">index_name</span> <span class="o">=</span> <span class="n">os</span><span class="p">.</span><span class="nf">getenv</span><span class="p">(</span><span class="sh">"</span><span class="s">PINECONE_INDEX_NAME</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">rag-index</span><span class="sh">"</span><span class="p">)</span> <span class="n">pc</span> <span class="o">=</span> <span class="nc">Pinecone</span><span class="p">(</span><span class="n">api_key</span><span class="o">=</span><span class="n">os</span><span class="p">.</span><span class="nf">getenv</span><span class="p">(</span><span class="sh">"</span><span class="s">PINECONE_API_KEY</span><span class="sh">"</span><span class="p">))</span> <span class="n">index</span> <span class="o">=</span> <span class="n">pc</span><span class="p">.</span><span class="nc">Index</span><span class="p">(</span><span class="n">index_name</span><span class="p">)</span> <span class="c1"># Idempotency: Avoid re-processing if the index is already populated </span> <span class="k">if</span> <span class="n">index</span><span class="p">.</span><span class="nf">describe_index_stats</span><span class="p">()[</span><span class="sh">'</span><span class="s">total_vector_count</span><span class="sh">'</span><span class="p">]</span> <span class="o">&gt;</span> <span class="mi">0</span><span class="p">:</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Loading existing Pinecone index...</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="nc">PineconeVectorStore</span><span class="p">(</span><span class="n">index</span><span class="o">=</span><span class="n">index</span><span class="p">,</span> <span class="n">embedding</span><span class="o">=</span><span class="n">embeddings</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Creating new Pinecone index from documents...</span><span class="sh">"</span><span class="p">)</span> <span class="n">loader</span> <span class="o">=</span> <span class="nc">DirectoryLoader</span><span class="p">(</span><span class="n">data_dir</span><span class="p">,</span> <span class="n">glob</span><span class="o">=</span><span class="sh">"</span><span class="s">**/*.*</span><span class="sh">"</span><span class="p">)</span> <span class="n">documents</span> <span class="o">=</span> <span class="n">loader</span><span class="p">.</span><span class="nf">load</span><span class="p">()</span> <span class="c1"># Chunk the documents to prevent hitting LLM context windows </span> <span class="n">splitter</span> <span class="o">=</span> <span class="nc">RecursiveCharacterTextSplitter</span><span class="p">(</span><span class="n">chunk_size</span><span class="o">=</span><span class="mi">500</span><span class="p">,</span> <span class="n">chunk_overlap</span><span class="o">=</span><span class="mi">50</span><span class="p">)</span> <span class="n">document_chunks</span> <span class="o">=</span> <span class="n">splitter</span><span class="p">.</span><span class="nf">split_documents</span><span class="p">(</span><span class="n">documents</span><span class="p">)</span> <span class="k">return</span> <span class="n">PineconeVectorStore</span><span class="p">.</span><span class="nf">from_documents</span><span class="p">(</span><span class="n">document_chunks</span><span class="p">,</span> <span class="n">embeddings</span><span class="p">,</span> <span class="n">index_name</span><span class="o">=</span><span class="n">index_name</span><span class="p">)</span> </code></pre> </div> <p><strong>Key Takeaways here:</strong></p> <ol> <li> <strong>Idempotency</strong>: We check <code>index.describe_index_stats()</code> to ensure we don't ingest the same data multiple times on server restarts.</li> <li> <strong>Chunking</strong>: <code>RecursiveCharacterTextSplitter</code> breaks huge documents into smaller 500-character chunks with a 50-character overlap (to prevent cutting ideas in half).</li> </ol> <h3> Option B: Local &amp; Cloud-Backed FAISS </h3> <p>If you don't want to use a managed service, FAISS is incredibly fast. However, FAISS runs in-memory. To make it durable across deployments, we've implemented loaders that sync the index directory to S3 or GCS.</p> <p>Here is a look at our GCS implementation (<code>vector_stores/gcs_store.py</code>):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">google.cloud</span> <span class="kn">import</span> <span class="n">storage</span> <span class="kn">from</span> <span class="n">langchain_community.vectorstores</span> <span class="kn">import</span> <span class="n">FAISS</span> <span class="c1"># ... imports omitted for brevity </span> <span class="k">def</span> <span class="nf">save_faiss_to_gcs</span><span class="p">(</span><span class="n">vector_store</span><span class="p">,</span> <span class="n">bucket_name</span><span class="p">,</span> <span class="n">gcs_prefix</span><span class="o">=</span><span class="sh">"</span><span class="s">faiss_index</span><span class="sh">"</span><span class="p">):</span> <span class="n">local_path</span> <span class="o">=</span> <span class="sh">"</span><span class="s">/faiss_index</span><span class="sh">"</span> <span class="n">vector_store</span><span class="p">.</span><span class="nf">save_local</span><span class="p">(</span><span class="n">local_path</span><span class="p">)</span> <span class="n">client</span> <span class="o">=</span> <span class="n">storage</span><span class="p">.</span><span class="nc">Client</span><span class="p">()</span> <span class="n">bucket</span> <span class="o">=</span> <span class="n">client</span><span class="p">.</span><span class="nf">bucket</span><span class="p">(</span><span class="n">bucket_name</span><span class="p">)</span> <span class="c1"># Upload local FAISS index files to GCS </span> <span class="k">for</span> <span class="nb">file</span> <span class="ow">in</span> <span class="n">os</span><span class="p">.</span><span class="nf">listdir</span><span class="p">(</span><span class="n">local_path</span><span class="p">):</span> <span class="n">blob</span> <span class="o">=</span> <span class="n">bucket</span><span class="p">.</span><span class="nf">blob</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">gcs_prefix</span><span class="si">}</span><span class="s">/</span><span class="si">{</span><span class="nb">file</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="n">blob</span><span class="p">.</span><span class="nf">upload_from_filename</span><span class="p">(</span><span class="n">os</span><span class="p">.</span><span class="n">path</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="n">local_path</span><span class="p">,</span> <span class="nb">file</span><span class="p">))</span> <span class="k">def</span> <span class="nf">load_faiss_from_gcs</span><span class="p">(</span><span class="n">embeddings</span><span class="p">,</span> <span class="n">bucket_name</span><span class="p">,</span> <span class="n">gcs_prefix</span><span class="o">=</span><span class="sh">"</span><span class="s">faiss_index</span><span class="sh">"</span><span class="p">):</span> <span class="c1"># Downloads files back from GCS to local disk before instantiating FAISS </span> <span class="c1"># ... </span> <span class="k">return</span> <span class="n">FAISS</span><span class="p">.</span><span class="nf">load_local</span><span class="p">(</span><span class="n">local_path</span><span class="p">,</span> <span class="n">embeddings</span><span class="p">,</span> <span class="n">allow_dangerous_deserialization</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> </code></pre> </div> <p>Our <code>setup_faiss_gcs</code> function tries to load from GCS first; if the index isn't there, it creates it locally from the <code>data/</code> folder and then pushes it to the bucket. We have an identical setup for AWS S3 using <code>boto3</code>.</p> <h2> 4. The Brains: Orchestrating with LangChain (LCEL) </h2> <p>Now we need to glue together our embedding model, our vector store, our prompt, and our Gemini LLM. LangChain makes this elegant using the LangChain Expression Language (LCEL).</p> <p>Let's look at <code>rag.py</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">os</span> <span class="kn">from</span> <span class="n">dotenv</span> <span class="kn">import</span> <span class="n">load_dotenv</span> <span class="kn">from</span> <span class="n">langchain_google_genai</span> <span class="kn">import</span> <span class="n">GoogleGenerativeAIEmbeddings</span><span class="p">,</span> <span class="n">ChatGoogleGenerativeAI</span> <span class="kn">from</span> <span class="n">langchain_core.prompts</span> <span class="kn">import</span> <span class="n">ChatPromptTemplate</span> <span class="kn">from</span> <span class="n">langchain_core.runnables</span> <span class="kn">import</span> <span class="n">RunnablePassthrough</span> <span class="kn">from</span> <span class="n">langchain_core.output_parsers</span> <span class="kn">import</span> <span class="n">StrOutputParser</span> <span class="kn">from</span> <span class="n">vector_stores</span> <span class="kn">import</span> <span class="n">setup_faiss</span><span class="p">,</span> <span class="n">setup_pinecone</span><span class="p">,</span> <span class="n">setup_faiss_gcs</span><span class="p">,</span> <span class="n">setup_faiss_s3</span> <span class="nf">load_dotenv</span><span class="p">()</span> <span class="n">google_api_key</span> <span class="o">=</span> <span class="n">os</span><span class="p">.</span><span class="nf">getenv</span><span class="p">(</span><span class="sh">"</span><span class="s">GOOGLE_API_KEY</span><span class="sh">"</span><span class="p">)</span> <span class="n">data_dir</span> <span class="o">=</span> <span class="n">os</span><span class="p">.</span><span class="nf">getenv</span><span class="p">(</span><span class="sh">"</span><span class="s">DATA_DIR</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">data/</span><span class="sh">"</span><span class="p">)</span> <span class="n">vector_store_type</span> <span class="o">=</span> <span class="n">os</span><span class="p">.</span><span class="nf">getenv</span><span class="p">(</span><span class="sh">"</span><span class="s">VECTOR_STORE</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">faiss</span><span class="sh">"</span><span class="p">).</span><span class="nf">lower</span><span class="p">()</span> <span class="n">use_gcs</span> <span class="o">=</span> <span class="n">os</span><span class="p">.</span><span class="nf">getenv</span><span class="p">(</span><span class="sh">"</span><span class="s">USE_GCS_STORAGE</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">false</span><span class="sh">"</span><span class="p">).</span><span class="nf">lower</span><span class="p">()</span> <span class="o">==</span> <span class="sh">"</span><span class="s">true</span><span class="sh">"</span> <span class="n">use_s3</span> <span class="o">=</span> <span class="n">os</span><span class="p">.</span><span class="nf">getenv</span><span class="p">(</span><span class="sh">"</span><span class="s">USE_S3_STORAGE</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">false</span><span class="sh">"</span><span class="p">).</span><span class="nf">lower</span><span class="p">()</span> <span class="o">==</span> <span class="sh">"</span><span class="s">true</span><span class="sh">"</span> <span class="c1"># 1. Initialize the Generator LLM (Gemini 2.5 Flash) </span><span class="n">llm</span> <span class="o">=</span> <span class="nc">ChatGoogleGenerativeAI</span><span class="p">(</span><span class="n">model</span><span class="o">=</span><span class="sh">"</span><span class="s">gemini-2.5-flash</span><span class="sh">"</span><span class="p">,</span> <span class="n">google_api_key</span><span class="o">=</span><span class="n">google_api_key</span><span class="p">)</span> <span class="k">def</span> <span class="nf">setup_rag_system</span><span class="p">():</span> <span class="c1"># 2. Setup Embeddings </span> <span class="n">embeddings</span> <span class="o">=</span> <span class="nc">GoogleGenerativeAIEmbeddings</span><span class="p">(</span><span class="n">model</span><span class="o">=</span><span class="sh">"</span><span class="s">gemini-embedding-001</span><span class="sh">"</span><span class="p">,</span> <span class="n">google_api_key</span><span class="o">=</span><span class="n">google_api_key</span><span class="p">)</span> <span class="c1"># 3. Dynamically route to the right vector database </span> <span class="k">if</span> <span class="n">vector_store_type</span> <span class="o">==</span> <span class="sh">"</span><span class="s">pinecone</span><span class="sh">"</span><span class="p">:</span> <span class="n">vector_store</span> <span class="o">=</span> <span class="nf">setup_pinecone</span><span class="p">(</span><span class="n">embeddings</span><span class="p">,</span> <span class="n">data_dir</span><span class="p">)</span> <span class="k">elif</span> <span class="n">use_gcs</span><span class="p">:</span> <span class="n">vector_store</span> <span class="o">=</span> <span class="nf">setup_faiss_gcs</span><span class="p">(</span><span class="n">embeddings</span><span class="p">,</span> <span class="n">data_dir</span><span class="p">)</span> <span class="k">elif</span> <span class="n">use_s3</span><span class="p">:</span> <span class="n">vector_store</span> <span class="o">=</span> <span class="nf">setup_faiss_s3</span><span class="p">(</span><span class="n">embeddings</span><span class="p">,</span> <span class="n">data_dir</span><span class="p">)</span> <span class="k">else</span><span class="p">:</span> <span class="n">vector_store</span> <span class="o">=</span> <span class="nf">setup_faiss</span><span class="p">(</span><span class="n">embeddings</span><span class="p">,</span> <span class="n">data_dir</span><span class="p">)</span> <span class="c1"># 4. Create the Retriever (Fetch Top 5 most relevant chunks) </span> <span class="k">return</span> <span class="n">vector_store</span><span class="p">.</span><span class="nf">as_retriever</span><span class="p">(</span><span class="n">search_type</span><span class="o">=</span><span class="sh">"</span><span class="s">similarity</span><span class="sh">"</span><span class="p">,</span> <span class="n">search_kwargs</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">k</span><span class="sh">"</span><span class="p">:</span> <span class="mi">5</span><span class="p">})</span> <span class="k">def</span> <span class="nf">get_qa_chain</span><span class="p">():</span> <span class="n">retriever</span> <span class="o">=</span> <span class="nf">setup_rag_system</span><span class="p">()</span> <span class="c1"># 5. Construct the System Prompt </span> <span class="n">prompt</span> <span class="o">=</span> <span class="n">ChatPromptTemplate</span><span class="p">.</span><span class="nf">from_template</span><span class="p">(</span> <span class="sh">"</span><span class="s">Answer the question based strictly on the following context:</span><span class="se">\n\n</span><span class="s">{context}</span><span class="se">\n\n</span><span class="s">Question: {question}</span><span class="sh">"</span> <span class="p">)</span> <span class="k">def</span> <span class="nf">format_docs</span><span class="p">(</span><span class="n">docs</span><span class="p">):</span> <span class="k">return</span> <span class="sh">"</span><span class="se">\n\n</span><span class="sh">"</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="n">doc</span><span class="p">.</span><span class="n">page_content</span> <span class="k">for</span> <span class="n">doc</span> <span class="ow">in</span> <span class="n">docs</span><span class="p">)</span> <span class="c1"># 6. Build the LCEL Pipeline </span> <span class="n">chain</span> <span class="o">=</span> <span class="p">(</span> <span class="p">{</span><span class="sh">"</span><span class="s">context</span><span class="sh">"</span><span class="p">:</span> <span class="n">retriever</span> <span class="o">|</span> <span class="n">format_docs</span><span class="p">,</span> <span class="sh">"</span><span class="s">question</span><span class="sh">"</span><span class="p">:</span> <span class="nc">RunnablePassthrough</span><span class="p">()}</span> <span class="o">|</span> <span class="n">prompt</span> <span class="o">|</span> <span class="n">llm</span> <span class="o">|</span> <span class="nc">StrOutputParser</span><span class="p">()</span> <span class="p">)</span> <span class="k">return</span> <span class="n">chain</span> <span class="c1"># Create a singleton instance to use across API calls </span><span class="n">qa_chain_instance</span> <span class="o">=</span> <span class="nf">get_qa_chain</span><span class="p">()</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">get_rag_response</span><span class="p">(</span><span class="n">query</span><span class="p">:</span> <span class="nb">str</span><span class="p">):</span> <span class="k">return</span> <span class="n">qa_chain_instance</span><span class="p">.</span><span class="nf">invoke</span><span class="p">(</span><span class="n">query</span><span class="p">)</span> </code></pre> </div> <h3> Deep Dive into LCEL: How data relates </h3> <p>The most beautiful part of this script is Langchain's piping syntax:<br><br> <code>{"context": retriever | format_docs, ...} | prompt | llm | StrOutputParser()</code></p> <p>Here is exactly what happens when <code>qa_chain_instance.invoke("What is our refund policy?")</code> is called:</p> <ol> <li> <strong>Routing</strong>: The query <code>"What is our refund policy?"</code> is passed to the dictionary.</li> <li> <strong>Retrieval</strong>: For the <code>context</code> key, the query goes into the <code>retriever</code>. The retriever converts the text to a vector using <code>gemini-embedding-001</code>, searches Pinecone/FAISS, and returns the top 5 <code>Document</code> objects.</li> <li> <strong>Formatting</strong>: Those 5 documents are piped (<code>|</code>) into <code>format_docs</code>, which extracts the raw text and concatenates it with double newlines.</li> <li> <strong>Prompting</strong>: The filled dictionary (context + question) is piped into the <code>ChatPromptTemplate</code>, injecting the values into the string.</li> <li> <strong>Generation</strong>: The massive prompt is sent to <code>gemini-2.5-flash</code>.</li> <li> <strong>Parsing</strong>: Because ChatModels return metadata-heavy AI Message objects, the <code>StrOutputParser</code> extracts just the raw markdown string.</li> </ol> <p>All of this happens synchronously or asynchronously, abstracted cleanly into one chain.</p> <h2> 5. Exposing the Pipeline via FastAPI </h2> <p>To facilitate the deployment of this pipeline for operational use, we expose it over HTTP using <strong>FastAPI</strong>. By leveraging FastAPI's Pydantic integrations, we effortlessly add strict input validation and automatic OpenAPI (Swagger) documentation.</p> <p>In <code>endpoints.py</code>, we define the <code>/chat</code> route:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">fastapi</span> <span class="kn">import</span> <span class="n">APIRouter</span><span class="p">,</span> <span class="n">HTTPException</span> <span class="kn">from</span> <span class="n">pydantic</span> <span class="kn">import</span> <span class="n">BaseModel</span> <span class="kn">from</span> <span class="n">rag</span> <span class="kn">import</span> <span class="n">get_rag_response</span> <span class="n">router</span> <span class="o">=</span> <span class="nc">APIRouter</span><span class="p">()</span> <span class="c1"># Define our expected JSON Request Body </span><span class="k">class</span> <span class="nc">Payload</span><span class="p">(</span><span class="n">BaseModel</span><span class="p">):</span> <span class="n">chat_input</span><span class="p">:</span> <span class="nb">str</span> <span class="nd">@router.post</span><span class="p">(</span><span class="sh">"</span><span class="s">/chat</span><span class="sh">"</span><span class="p">)</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">query_rag_system</span><span class="p">(</span><span class="n">request</span><span class="p">:</span> <span class="n">Payload</span><span class="p">):</span> <span class="k">try</span><span class="p">:</span> <span class="c1"># Pass the input securely to our RAG service </span> <span class="n">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">get_rag_response</span><span class="p">(</span><span class="n">request</span><span class="p">.</span><span class="n">chat_input</span><span class="p">)</span> <span class="k">return</span> <span class="p">{</span><span class="sh">"</span><span class="s">input</span><span class="sh">"</span><span class="p">:</span> <span class="n">request</span><span class="p">.</span><span class="n">chat_input</span><span class="p">,</span> <span class="sh">"</span><span class="s">response</span><span class="sh">"</span><span class="p">:</span> <span class="n">response</span><span class="p">}</span> <span class="k">except</span> <span class="nb">Exception</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">HTTPException</span><span class="p">(</span><span class="n">status_code</span><span class="o">=</span><span class="mi">500</span><span class="p">,</span> <span class="n">detail</span><span class="o">=</span><span class="nf">str</span><span class="p">(</span><span class="n">e</span><span class="p">))</span> </code></pre> </div> <p>And in <code>main.py</code>, we strap it all together:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">fastapi</span> <span class="kn">import</span> <span class="n">FastAPI</span> <span class="kn">from</span> <span class="n">endpoints</span> <span class="kn">import</span> <span class="n">router</span> <span class="n">app</span> <span class="o">=</span> <span class="nc">FastAPI</span><span class="p">(</span><span class="n">title</span><span class="o">=</span><span class="sh">"</span><span class="s">RAG Application with Langchain and Gemini</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Register our route controllers </span><span class="n">app</span><span class="p">.</span><span class="nf">include_router</span><span class="p">(</span><span class="n">router</span><span class="p">)</span> </code></pre> </div> <h2> 6. Running, Testing, and Deployment Options </h2> <p>To fire up your robust new RAG server, spin up Uvicorn in your terminal:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>uvicorn main:app <span class="nt">--reload</span> </code></pre> </div> <p>By default, the server spins up on <code>http://127.0.0.1:8000</code>. Thanks to FastAPI, you instantly have an interactive UI available.</p> <ol> <li>Visit <code>http://127.0.0.1:8000/docs</code>.</li> <li>Open the <code>POST /chat</code> endpoint.</li> <li>Pass a payload into the <code>chat_input</code>. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"chat_input"</span><span class="p">:</span><span class="w"> </span><span class="s2">"What data formatting does our application support?"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Behind the scenes, the system will embed your query, search your data sources, generate a context-aware prompt, consult Google Gemini, and seamlessly stream back a laser-accurate answer over HTTP. </p> <h3> Deploying to Production </h3> <p>Because the entire app is stateless (state is managed by Pinecone/S3/GCS), you can quickly containerize this application with Docker. </p> <p>Example Docker command flow:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="k">FROM</span><span class="s"> python:3.11-slim</span> <span class="k">WORKDIR</span><span class="s"> /app</span> <span class="k">COPY</span><span class="s"> requirements.txt .</span> <span class="k">RUN </span>pip <span class="nb">install</span> <span class="nt">--no-cache-dir</span> <span class="nt">-r</span> requirements.txt <span class="k">COPY</span><span class="s"> . .</span> <span class="k">CMD</span><span class="s"> ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8080"]</span> </code></pre> </div> <p>Deploy the image to Google Cloud Run, AWS App Runner, or Railway, provide your <code>.env</code> variables, and you have an instantaneously scalable AI backend.</p> <h2> Conclusion &amp; Next Steps </h2> <p>Building an intelligent, context-aware chatbot doesn't require a messy monolith of code. By cleanly separating our concerns—FastAPI for networking, Langchain for orchestration, Pinecone/FAISS for storage, and Google Gemini for raw intelligence—we've crafted a highly scalable codebase.</p> <p>Where to go from here?</p> <ol> <li> <strong>Conversation Memory</strong>: Try wrapping our chain in <code>RunnableWithMessageHistory</code> to sustain complex, multi-turn chat interactions.</li> <li> <strong>Metadata Filtering</strong>: If you serve multiple users, update the Pinecone/FAISS retriever to apply metadata filtering based on <code>user_id</code>, ensuring strict data isolation per user.</li> <li> <strong>Agentic Workflows</strong>: Replace our linear chain with <code>langgraph</code> to allow the LLM to decide whether it needs to search the vector database, search the web, or use an API tool.</li> </ol> <p><strong>Happy Coding!</strong> Let me know in the comments how you plan to use RAG in your own projects, and if you have any questions setting up your vector indexes!</p> instanceofGod Fri, 13 Feb 2026 21:55:36 +0000 https://dev.to/instanceofgod/secure-pin-processing-a-deep-dive-into-iso-9564-1-pin-blocks-triple-des-and-rsa-2dip https://dev.to/instanceofgod/secure-pin-processing-a-deep-dive-into-iso-9564-1-pin-blocks-triple-des-and-rsa-2dip <p>In the modern payments landscape, security isn’t just a feature — it’s the absolute foundation. Every time you type your PIN into an ATM, a point-of-sale (POS) terminal, or a payment app, you are trusting a complex, global system with your financial identity. That simple 4-to-12 digit number initiates a sophisticated cryptographic handshake, orchestrated in milliseconds, to ensure your PIN remains a secret (never travels in “clear text”) from the moment it leaves your fingertips to the moment it’s verified by your bank.</p> <p>In this article, we’ll break down the mechanics of the <strong>ISO 9564–1 Format 0 (ISO-0)</strong> PIN block — the industry-standard recipe for protecting a PIN.</p> <p>More importantly, we’ll build a robust, full-stack architecture that uses a powerful combination of <strong>RSA-OAEP and AES</strong> (Advanced Encryption Standard) to keep this sensitive data secure all the way from the browser to the backend.</p> <blockquote> <p>Note on Security Standards: While many legacy systems still use Triple DES (3DES), it’s important to note that NIST deprecated 3DES in 2023 due to vulnerabilities (e.g., CVE-2016–2183) and its small 64-bit block size. Modern implementations should use AES-256 for symmetric encryption, which is what we’ll implement here.</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjo4jplj7kz0moqbxhlya.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjo4jplj7kz0moqbxhlya.png" alt="Secure PIN Processing" width="800" height="548"></a></p> <h2> Part 1: The Anatomy of an ISO-0 PIN Block </h2> <p>The ISO-0 format (also known as ANSI X9.8) is the classic, widely-adopted industry standard for protecting PINs. It works by combining the user’s PIN with their Card Number (<strong>PAN</strong>) using a bitwise <strong>XOR operation</strong>. Its genius lies in its simplicity: it combines the secret (<strong>PIN</strong>) with the known (PAN) to ensure the final encrypted block is unique to that specific card and transaction.</p> <p><strong>1. Constructing the PIN Field.</strong></p> <p>We start by creating a fixed-length, 8-byte (16 hex character) block dedicated to the PIN.</p> <ul> <li> <strong>First Nibble (4 bits)</strong>: The control digit. For Format 0, this is always 0. Second Nibble: The length of the PIN. A PIN 1234 has a length of 4, so we use 4.</li> <li> <strong>The PIN</strong>: The actual PIN digits, stored as hexadecimal characters. 1234 becomes 12 34.</li> <li> <strong>Padding</strong>: The remaining bytes are filled with the hexadecimal value F (1111 binary) to reach the full 8-byte length.</li> <li> <strong>Example</strong>: PIN 1234 becomes the 16-character hex string: 0 4 12 34 FF FF FF FF -&gt; 041234FFFFFFFFFF.</li> </ul> <p><strong>2. Constructing the PAN Field.</strong></p> <p>If we encrypted the PIN field directly, the same PIN for two different cards would produce the same encrypted block — a massive security vulnerability. To prevent this, we “salt” the PIN with the cardholder’s PAN. The standard method uses the last 12 digits of the card number, excluding the final check digit (the Luhn digit). This 12-digit number is then left-padded with zeros to create another 8-byte (16 hex character) block.</p> <p>Example: PAN 4012345678901234 (last digit 4 is the check digit). We take 012345678901 and pad it: 0000123456789012.</p> <p><strong>3. The XOR Operation: The Digital Blender.</strong></p> <p>The final Clear PIN Block is produced by XORing the PIN Field and the PAN Field together. XOR is a bitwise operation that compares two bits. If the bits are the same, the result is 0; if they are different, the result is 1.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>PIN Field: 04 12 34 FF FF FF FF FF PAN Field: 00 00 12 34 56 78 90 12 XOR Operation: --------------------------------- Clear PIN Block: 04 12 26 CB A9 87 6F ED </code></pre> </div> <p>This resulting 8-byte block is now ready for its final layer of protection: encryption. The beauty of XOR is that it’s mathematically reversible. When the bank receives the encrypted block, they decrypt it and XOR the result with the same PAN digits to retrieve the original PIN.</p> <h2> Part 2: The Architecture of Trust — Never Expose the Master Key </h2> <p>The formatting is only half the battle. The true test of a secure system is how it manages its cryptographic keys.</p> <p>A common mistake in payment app designs is placing the symmetric encryption key <strong>— the Zone PIN Key (ZPK)</strong> — directly on the frontend. This is a catastrophic security risk. If a malicious actor can inspect your JavaScript code, decompile your mobile app, or intercept network traffic, they can steal the key and decrypt any user’s PIN.</p> <p>The solution to this is a Hybrid Encryption Architecture. This approach leverages the strengths of two different types of cryptography to create a robust, defense-in-depth security model.</p> <p><strong>The Cryptographic Handshake Workflow</strong><br> Here is how a secure system handles a transaction:</p> <p><strong>1. Key Exchange (The Setup):</strong> When the client application (e.g., a web browser) starts, its first action is to request an RSA Public Key from the server. This key is designed for encryption only.<br> <strong>2. Frontend Encryption (The Seal):</strong> The user enters their PIN and PAN. The browser, using the Web Crypto API, performs a critical operation. It encrypts the raw JSON data containing the {pin, pan} using the server's RSA Public Key and the secure RSA-OAEP padding scheme. This is the seal. Because RSA is asymmetric, the frontend can encrypt data with the public key, but it is mathematically infeasible for it—or any attacker—to decrypt it. The private key is the only thing that can break the seal.<br> <strong>3. Secure Transmission (The Courier):</strong> The resulting encrypted binary blob is sent over HTTPS to the Node.js backend. Even if an attacker were to intercept this message, they would only see ciphertext that is useless without the private key.<br> <strong>4. Backend Processing (The Vault):</strong> Inside the secure environment of the server, the private key is used to decrypt the payload. Only now, with the raw pin and pan in memory, does the server perform the sensitive operations:<br> It constructs the ISO-0 clear PIN block using the XOR logic.<br> It then encrypts this block using the Zone PIN Key (ZPK) with the AES-256 algorithm.<br> This layered approach ensures that the most critical secret — the ZPK — remains safely inside the server’s “trusted zone” and is never exposed to the user’s device — a potentially hostile environment.</p> <h2> Part 3: Under the Hood — Implementation Highlights (AES Edition) </h2> <p>Let’s look at the code that brings this architecture to life, highlighting the critical security considerations at each layer — now updated to use AES.</p> <p><strong>Frontend: Sealing the Secret with Web Crypto (JavaScript)</strong></p> <p>Modern browsers provide the Web Crypto API, a powerful, native layer for performing secure cryptographic operations without relying on potentially vulnerable external libraries. This part remains unchanged, as it handles the RSA encryption layer.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>// The data to protect const dataToEncrypt = new TextEncoder().encode( JSON.stringify({ pin: userPIN, pan: userPAN }) ); const encryptedData = await window.crypto.subtle.encrypt( { name: "RSA-OAEP" }, importedPublicKey, dataToEncrypt ); </code></pre> </div> <p><strong>Backend: The Vault Logic with AES (Node.js)</strong></p> <p>On the server, we reconstruct the PIN block. A crucial detail here is the use of setAutoPadding(false). PIN block encryption is a very specific operation. The input must be exactly 8 bytes, and the output must be exactly 8 bytes. Standard block cipher padding schemes like PKCS#7 would alter the length, breaking the strict format required by the ISO standard.</p> <p>With AES, we must also specify the correct mode. For PIN block encryption, AES in ECB mode is typically used to maintain compatibility with legacy systems, though other modes can be used with careful IV management.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>const crypto = require('crypto'); /** * Encrypts an 8-byte clear PIN block using AES-256 * @param {Buffer} clearBlockBuffer - The 8-byte clear PIN block * @param {string} zpkHex - The Zone PIN Key in hex (32 bytes for AES-256) * @returns {Buffer} - The 8-byte encrypted PIN block */ function encryptPinBlockWithAES(clearBlockBuffer, zpkHex) { // Ensure we're working with a 32-byte key for AES-256 const key = Buffer.from(zpkHex, 'hex'); if (key.length !== 32) { throw new Error('AES-256 requires a 32-byte (64 hex character) key'); } // Create AES-256 cipher in ECB mode // Note: ECB mode is used here for PIN block compatibility const cipher = crypto.createCipheriv('aes-256-ecb', key, null); // CRITICAL: Disable automatic padding. PIN blocks are exactly 8 bytes. cipher.setAutoPadding(false); // Encrypt the 8-byte clear block to produce an 8-byte encrypted block return Buffer.concat([cipher.update(clearBlockBuffer), cipher.final()]); } // Example usage: // const encryptedPinBlock = encryptPinBlockWithAES(clearBlockBuffer, zpkHex); </code></pre> </div> <h2> Part 4: Beyond the PIN Block — The Wider World of Payment Security </h2> <p>While the ISO-0 PIN block is fundamental for “Card Present” transactions (like at an ATM or a chip-enabled terminal), it’s just one piece of a much larger security puzzle.</p> <p><strong>- CVV/CVC (Card Verification Value):</strong> This is the static 3 or 4-digit code printed on your card. It’s not a random number. It’s cryptographically calculated by the issuing bank using a secret Card Verification Key (CVK) and specific data from your card (like PAN and expiry date). It serves as proof that you are in physical possession of the card during a “Card Not Present” (online) transaction.<br> <strong>- 3D Secure (3DS):</strong> This is the protocol behind challenges like “Verified by Visa” or “Mastercard SecureCode.” It’s an active, real-time authentication layer that shifts liability for fraud from the merchant to the card issuer. By redirecting the user to their bank’s authentication page (or sending an OTP), it provides an extra layer of proof that the legitimate cardholder is initiating the transaction.<br> <strong>- Tokenization:</strong> Modern payment systems often replace sensitive PAN data with tokens. This further reduces risk by ensuring that even if data is intercepted, the actual card number isn’t exposed.</p> <p><strong>Conclusion: The Future of PIN Security</strong><br> Building secure payment systems is not about using a single, unbreakable lock. It’s about understanding how to combine different cryptographic primitives — like XOR for formatting, asymmetric RSA for secure key exchange, and symmetric AES for robust data encryption — into a cohesive, layered defense.</p> <p>By strictly separating the “encryption” layer on the client from the “translation and final sealing” layer on the server, we create a system where a user’s most sensitive data — their PIN — is protected from the moment it is typed until it reaches the secure confines of the banking switch. It’s a fascinating and critical field where mathematical principles are the bedrock of global financial trust.</p> <p>For a complete, runnable implementation of this architecture with AES encryption, check out thi <a href="https://github.com/nielvid/pin-blocks-3des-rsa" rel="noopener noreferrer">repository</a>. The code provides a practical, end-to-end example of the concepts discussed in this article.</p> security pin encryption fintech instanceofGod Sun, 21 Jul 2024 17:26:52 +0000 https://dev.to/instanceofgod/cloud-resume-api-challenge-with-gcp-c1j https://dev.to/instanceofgod/cloud-resume-api-challenge-with-gcp-c1j <p>The job search can be a competitive landscape, and having a standout resume is crucial. But what if your resume could be even more dynamic and accessible? Enter the Cloud Resume API Challenge, a fantastic opportunity to showcase your technical skills and create a modern, API-driven resume. </p> <p>The primary goal of the challenge is to construct a serverless API that can serve resume data in JSON format. In order to achieve the goal of the project i utilised google cloud resources, particularly Google Cloud Functions and Cloud Firestore, along with GitHub Actions for continuous delivery and continuous deployment (CI/CD).</p> <p>Not only did I gain valuable insights into the world of resume APIs, but I also honed my skills in several key areas which I decided to share with you here:</p> <p><strong>1. Cloud Functions</strong></p> <p>I delved into the world of cloud functions, a serverless execution environment that allows you to run code without managing servers. This was a great way to create a lightweight and scalable backend for my API.</p> <p><strong>2. Cloud Firestore</strong></p> <p>Cloud Firestore, a NoSQL database, served as the perfect storage solution for my resume data. Its flexible schema and ease of use made it a breeze to manage my information.</p> <p><strong>3. Google APIs</strong><br> Working with Google APIs provided a powerful way to interact with my Cloud Firestore data and expose it through the API.<br> Building the Cloud Function with Node.js</p> <p>For the challenge, I opted to use Node.js with JavaScript as my development environment. Here's a sample code snippet showcasing a basic Cloud Function that retrieves resume data from Firestore:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="kd">const</span> <span class="p">{</span> <span class="nx">Firestore</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">@google-cloud/firestore</span><span class="dl">'</span><span class="p">)</span> <span class="kd">const</span> <span class="nx">functions</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">@google-cloud/functions-framework</span><span class="dl">'</span><span class="p">)</span> <span class="kd">const</span> <span class="nx">dotenv</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">dotenv</span><span class="dl">'</span><span class="p">)</span> <span class="nx">dotenv</span><span class="p">.</span><span class="nf">config</span><span class="p">()</span> <span class="nx">functions</span><span class="p">.</span><span class="nf">http</span><span class="p">(</span><span class="dl">'</span><span class="s1">resume</span><span class="dl">'</span><span class="p">,</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">firestore</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Firestore</span><span class="p">({</span> <span class="na">projectId</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">PROJECT_ID</span> <span class="p">})</span> <span class="kd">const</span> <span class="nb">document</span> <span class="o">=</span> <span class="nx">firestore</span><span class="p">.</span><span class="nf">collection</span><span class="p">(</span><span class="dl">'</span><span class="s1">resume</span><span class="dl">'</span><span class="p">).</span><span class="nf">doc</span><span class="p">(</span><span class="dl">'</span><span class="s1">kZXU70VsRQ2OuDBAjE</span><span class="dl">'</span><span class="p">)</span> <span class="nb">document</span> <span class="p">.</span><span class="nf">get</span><span class="p">()</span> <span class="p">.</span><span class="nf">then</span><span class="p">((</span><span class="nx">data</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">res</span><span class="p">.</span><span class="nf">send</span><span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="nf">data</span><span class="p">()))</span> <span class="p">.</span><span class="k">catch</span><span class="p">((</span><span class="nx">err</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">})</span> <span class="p">})</span> </code></pre> </div> <p>This function retrieves data from a collection named "resume" in Firestore.</p> <p><strong>4. CI/CD with GitHub Actions</strong><br> I implemented a CI/CD pipeline using GitHub Actions to ensured automated deployment to cloud function whenever I pushed changes to my code.</p> <p>Beyond the Basics</p> <p>The Cloud Resume API Challenge offers a springboard for further exploration. Here are some ways to take your project to the next level:</p> <p>Authentication and Authorization: Implement mechanisms to control access to your resume data using authentication and authorization techniques.<br> Versioning: Integrate versioning to track changes to your resume data over time.<br> Additional Data Points: Include additional data points like portfolio links or project details to make your resume more interactive.<br> A Rewarding Journey</p> <p>Participating in the Cloud Resume API Challenge was a rewarding journey. It allowed me to showcase my technical skills, build a modern resume format, and gain valuable experience with cloud technologies. If you're looking for a way to stand out from the crowd and level up your technical expertise, I highly recommend giving this challenge a try!</p> instanceofGod Thu, 13 Jun 2024 10:44:01 +0000 https://dev.to/instanceofgod/4-ways-to-backup-mysql-database-to-a-csv-file-3e9j https://dev.to/instanceofgod/4-ways-to-backup-mysql-database-to-a-csv-file-3e9j <p>There are several methods to create a CSV backup of your MySQL database. Some third-party database management tools offer additional features for backing up to CSV.<br> If you prefer command-line control, the mysqldump utility is powerful and flexible. If you are familiar with the python programing language, there are packages to help you write python scripts to backup your database. The method you choose depends on your comfort level and technical expertise</p> <p>In this article, i share 4 different ways to backup your MySQL database to a CSV file.</p> <h2> Using <code>mysqldump</code> and <code>mysql</code> Command-Line Tools </h2> <ol> <li><strong>Export the Database to SQL File</strong></li> </ol> <p>Use <code>mysqldump</code> to create a dump of your database. This step is optional but useful for backing up the entire database structure and data.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> mysqldump <span class="nt">-u</span> username <span class="nt">-p</span> database_name <span class="o">&gt;</span> database_backup.sql </code></pre> </div> <p>Replace <code>username</code> with your MySQL username, <code>database_name</code> with the name of the database, and <code>database_backup.sql</code> with the name you want for your backup file.</p> <ol> <li><strong>Export Table to CSV File</strong></li> </ol> <p>You can export a specific table to a CSV file using the <code>SELECT</code> statement with <code>INTO OUTFILE</code> in MySQL. Here’s how you can do it:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code> <span class="k">SELECT</span> <span class="o">*</span> <span class="k">FROM</span> <span class="k">table_name</span> <span class="k">INTO</span> <span class="n">OUTFILE</span> <span class="s1">'/path/to/your/file.csv'</span> <span class="n">FIELDS</span> <span class="n">TERMINATED</span> <span class="k">BY</span> <span class="s1">','</span> <span class="n">ENCLOSED</span> <span class="k">BY</span> <span class="s1">'"'</span> <span class="n">LINES</span> <span class="n">TERMINATED</span> <span class="k">BY</span> <span class="s1">'</span><span class="se">\n</span><span class="s1">'</span><span class="p">;</span> </code></pre> </div> <p>Replace <code>table_name</code> with the name of the table you want to export, and <code>/path/to/your/file.csv</code> with the full path where you want to save the CSV file.</p> <ul> <li>Ensure the MySQL server has the appropriate permissions to write to the specified path.</li> <li>The <code>FIELDS TERMINATED BY ','</code> specifies that fields are separated by commas.</li> <li>The <code>ENCLOSED BY '"'</code> ensures that fields are enclosed in double quotes.</li> <li>The <code>LINES TERMINATED BY '\n'</code> specifies the end of a row.</li> </ul> <ol> <li><strong>Run the SQL Command</strong></li> </ol> <p>You can execute the SQL command directly through the MySQL shell or using a script. Here’s how to do it from the MySQL shell:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> mysql <span class="nt">-u</span> username <span class="nt">-p</span> database_name <span class="nt">-e</span> <span class="s2">"SELECT * FROM table_name INTO OUTFILE '/path/to/your/file.csv' FIELDS TERMINATED BY ',' ENCLOSED BY '</span><span class="se">\"</span><span class="s2">' LINES TERMINATED BY '</span><span class="se">\n</span><span class="s2">';"</span> </code></pre> </div> <p>Replace the placeholders with your actual database details.</p> <h3> Example in MySQL Shell </h3> <ol> <li>Log in to MySQL: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> mysql <span class="nt">-u</span> username <span class="nt">-p</span> </code></pre> </div> <ol> <li>Select the database: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code> <span class="n">USE</span> <span class="n">database_name</span><span class="p">;</span> </code></pre> </div> <ol> <li>Export the table: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code> <span class="k">SELECT</span> <span class="o">*</span> <span class="k">FROM</span> <span class="k">table_name</span> <span class="k">INTO</span> <span class="n">OUTFILE</span> <span class="s1">'/path/to/your/file.csv'</span> <span class="n">FIELDS</span> <span class="n">TERMINATED</span> <span class="k">BY</span> <span class="s1">','</span> <span class="n">ENCLOSED</span> <span class="k">BY</span> <span class="s1">'"'</span> <span class="n">LINES</span> <span class="n">TERMINATED</span> <span class="k">BY</span> <span class="s1">'</span><span class="se">\n</span><span class="s1">'</span><span class="p">;</span> </code></pre> </div> <p><strong><em>Permissions Note</em></strong></p> <ul> <li>Make sure the MySQL user has the <code>FILE</code> privilege to write files to the server.</li> <li>The directory specified in the <code>INTO OUTFILE</code> path must be writable by the MySQL server process.</li> </ul> <h2> Using a Bash Script </h2> <p>For automation, you can create a script (e.g., <code>db_backup.sh</code>) to export the table:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#!/bin/bash</span> <span class="nv">DB_USER</span><span class="o">=</span><span class="s2">"username"</span> <span class="nv">DB_PASS</span><span class="o">=</span><span class="s2">"password"</span> <span class="nv">DB_NAME</span><span class="o">=</span><span class="s2">"database_name"</span> <span class="nv">TABLE_NAME</span><span class="o">=</span><span class="s2">"table_name"</span> <span class="nv">OUTPUT_FILE</span><span class="o">=</span><span class="s2">"/path/to/your/file.csv"</span> mysql <span class="nt">-u</span> <span class="nv">$DB_USER</span> <span class="nt">-p</span><span class="nv">$DB_PASS</span> <span class="nt">-e</span> <span class="s2">"SELECT * FROM </span><span class="nv">$TABLE_NAME</span><span class="s2"> INTO OUTFILE '</span><span class="nv">$OUTPUT_FILE</span><span class="s2">' FIELDS TERMINATED BY ',' ENCLOSED BY '</span><span class="se">\"</span><span class="s2">' LINES TERMINATED BY '</span><span class="se">\n</span><span class="s2">';"</span> </code></pre> </div> <p>Make the script executable:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">chmod</span> +x db_backup.sh </code></pre> </div> <p>The run the script:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>./db_backup.sh </code></pre> </div> <h2> Using Python and the pandas library </h2> <ol> <li> <strong>Install the necessary packages</strong>: You need to install <code>pandas</code> and <code>mysql-connector-python</code> (or <code>PyMySQL</code>) to connect to the MySQL database and manipulate the data. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> pip <span class="nb">install </span>pandas mysql-connector-python </code></pre> </div> <ol> <li> <strong>Create a Python script</strong>: sample script to export a MySQL table to a CSV file using <code>pandas</code>. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight python"><code> <span class="kn">import</span> <span class="n">pandas</span> <span class="k">as</span> <span class="n">pd</span> <span class="kn">import</span> <span class="n">mysql.connector</span> <span class="c1"># Database configuration </span> <span class="n">db_config</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">'</span><span class="s">user</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">username</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">password</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">password</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">host</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">localhost</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">database</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">database_name</span><span class="sh">'</span> <span class="p">}</span> <span class="c1"># SQL query to select data from the table </span> <span class="n">query</span> <span class="o">=</span> <span class="sh">"</span><span class="s">SELECT * FROM table_name</span><span class="sh">"</span> <span class="c1"># Connect to the MySQL database </span> <span class="n">connection</span> <span class="o">=</span> <span class="n">mysql</span><span class="p">.</span><span class="n">connector</span><span class="p">.</span><span class="nf">connect</span><span class="p">(</span><span class="o">**</span><span class="n">db_config</span><span class="p">)</span> <span class="c1"># Read data from the database into a pandas DataFrame </span> <span class="n">df</span> <span class="o">=</span> <span class="n">pd</span><span class="p">.</span><span class="nf">read_sql</span><span class="p">(</span><span class="n">query</span><span class="p">,</span> <span class="n">connection</span><span class="p">)</span> <span class="c1"># Close the connection </span> <span class="n">connection</span><span class="p">.</span><span class="nf">close</span><span class="p">()</span> <span class="c1"># Export the DataFrame to a CSV file </span> <span class="n">output_file</span> <span class="o">=</span> <span class="sh">'</span><span class="s">/path/to/your/file.csv</span><span class="sh">'</span> <span class="n">df</span><span class="p">.</span><span class="nf">to_csv</span><span class="p">(</span><span class="n">output_file</span><span class="p">,</span> <span class="n">index</span><span class="o">=</span><span class="bp">False</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Data has been exported to </span><span class="si">{</span><span class="n">output_file</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <h3> Code Explanation </h3> <ol> <li> <p><strong>Database Configuration</strong>:</p> <ul> <li>Replace <code>'username'</code>, <code>'password'</code>, <code>'localhost'</code>, and <code>'database_name'</code> with your actual database credentials.</li> </ul> </li> <li> <p><strong>SQL Query</strong>:</p> <ul> <li>The <code>query</code> variable holds the SQL query to select all data from the specified table. Replace <code>'table_name'</code> with the name of the table you want to export.</li> </ul> </li> <li> <p><strong>Connecting to the Database</strong>:</p> <ul> <li>Establish a connection to the MySQL database using <code>mysql.connector.connect()</code> with the provided configuration.</li> </ul> </li> <li> <p><strong>Reading Data into a DataFrame</strong>:</p> <ul> <li>Use <code>pd.read_sql(query, connection)</code> to execute the query and load the data into a pandas DataFrame.</li> </ul> </li> <li> <p><strong>Closing the Connection</strong>:</p> <ul> <li>Close the database connection using <code>connection.close()</code>.</li> </ul> </li> <li> <p><strong>Exporting to CSV</strong>:</p> <ul> <li>Use <code>df.to_csv(output_file, index=False)</code> to export the DataFrame to a CSV file. Replace <code>'/path/to/your/file.csv'</code> with the desired file path for the CSV file.</li> </ul> </li> <li> <p><strong>Confirmation</strong>:</p> <ul> <li>Print a confirmation message indicating the location of the exported file.</li> </ul> </li> </ol> <h3> Running the Script </h3> <p>Save the script to a file, for example <code>export_to_csv.py</code>, and run it:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>python export_to_csv.py </code></pre> </div> <p>This script will connect to the specified MySQL database, execute the query to retrieve data from the specified table, and export the data to a CSV file.</p> <h2> Using csvkit to Export a MySQL Table to a CSV File </h2> <p>csvkit is a suite of command-line tools for converting to and working with CSV files. <br> To export a MySQL table to a CSV file using csvkit, you can use the csvsql command.<br> Certainly! <code>csvkit</code> is a suite of command-line tools for converting to and working with CSV files. To export a MySQL table to a CSV file using <code>csvkit</code>, you can use the <code>csvsql</code> command.</p> <ol> <li> <strong>Install <code>csvkit and mysql-connector-python</code></strong>: Make sure you have <code>csvkit and mysql-connector-python</code> installed. You can install it using pip: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> pip <span class="nb">install </span>csvkit mysql-connector-python </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">subprocess</span> <span class="kn">import</span> <span class="n">mysql.connector</span> <span class="c1"># Database configuration </span><span class="n">db_config</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">'</span><span class="s">user</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">username</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">password</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">password</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">host</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">localhost</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">database</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">database_name</span><span class="sh">'</span> <span class="p">}</span> <span class="c1"># Table name and output file </span><span class="n">table_name</span> <span class="o">=</span> <span class="sh">'</span><span class="s">table_name</span><span class="sh">'</span> <span class="n">output_file</span> <span class="o">=</span> <span class="sh">'</span><span class="s">/path/to/your/file.csv</span><span class="sh">'</span> <span class="c1"># Connect to the MySQL database to get the connection details </span><span class="n">connection</span> <span class="o">=</span> <span class="n">mysql</span><span class="p">.</span><span class="n">connector</span><span class="p">.</span><span class="nf">connect</span><span class="p">(</span><span class="o">**</span><span class="n">db_config</span><span class="p">)</span> <span class="n">cursor</span> <span class="o">=</span> <span class="n">connection</span><span class="p">.</span><span class="nf">cursor</span><span class="p">()</span> <span class="c1"># Construct the csvsql command </span><span class="n">csvsql_command</span> <span class="o">=</span> <span class="p">[</span> <span class="sh">'</span><span class="s">csvsql</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">--db</span><span class="sh">'</span><span class="p">,</span> <span class="sa">f</span><span class="sh">'</span><span class="s">mysql+mysqlconnector://</span><span class="si">{</span><span class="n">db_config</span><span class="p">[</span><span class="sh">"</span><span class="s">user</span><span class="sh">"</span><span class="p">]</span><span class="si">}</span><span class="s">:</span><span class="si">{</span><span class="n">db_config</span><span class="p">[</span><span class="sh">"</span><span class="s">password</span><span class="sh">"</span><span class="p">]</span><span class="si">}</span><span class="s">@</span><span class="si">{</span><span class="n">db_config</span><span class="p">[</span><span class="sh">"</span><span class="s">host</span><span class="sh">"</span><span class="p">]</span><span class="si">}</span><span class="s">/</span><span class="si">{</span><span class="n">db_config</span><span class="p">[</span><span class="sh">"</span><span class="s">database</span><span class="sh">"</span><span class="p">]</span><span class="si">}</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">--query</span><span class="sh">'</span><span class="p">,</span> <span class="sa">f</span><span class="sh">'</span><span class="s">SELECT * FROM </span><span class="si">{</span><span class="n">table_name</span><span class="si">}</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">--output</span><span class="sh">'</span><span class="p">,</span> <span class="n">output_file</span> <span class="p">]</span> <span class="c1"># Execute the csvsql command </span><span class="n">subprocess</span><span class="p">.</span><span class="nf">run</span><span class="p">(</span><span class="n">csvsql_command</span><span class="p">,</span> <span class="n">check</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="c1"># Close the connection </span><span class="n">cursor</span><span class="p">.</span><span class="nf">close</span><span class="p">()</span> <span class="n">connection</span><span class="p">.</span><span class="nf">close</span><span class="p">()</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Data has been exported to </span><span class="si">{</span><span class="n">output_file</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <ol> <li> <p><strong>Database Configuration</strong>:</p> <ul> <li>Replace <code>'username'</code>, <code>'password'</code>, <code>'localhost'</code>, and <code>'database_name'</code> with your actual database credentials.</li> </ul> </li> <li> <p><strong>Table Name and Output File</strong>:</p> <ul> <li>Replace <code>'table_name'</code> with the name of the table you want to export.</li> <li>Replace <code>'/path/to/your/file.csv'</code> with the desired file path for the CSV file.</li> </ul> </li> <li> <p><strong>Connecting to the Database</strong>:</p> <ul> <li>Establish a connection to the MySQL database using <code>mysql.connector.connect()</code> with the provided configuration.</li> </ul> </li> <li> <p><strong>Constructing the <code>csvsql</code> Command</strong>:</p> <ul> <li>Use <code>csvsql</code> with the <code>--db</code> option to specify the database connection string.</li> <li>The <code>--query</code> option specifies the SQL query to run.</li> <li>The <code>--output</code> option specifies the output file for the CSV data.</li> </ul> </li> <li> <p><strong>Executing the Command</strong>:</p> <ul> <li>Use <code>subprocess.run()</code> to execute the constructed <code>csvsql</code> command.</li> </ul> </li> <li> <p><strong>Closing the Connection</strong>:</p> <ul> <li>Close the database connection and cursor.</li> </ul> </li> <li> <p><strong>Confirmation</strong>:</p> <ul> <li>Print a confirmation message indicating the location of the exported file.</li> </ul> </li> </ol> <p>Save the script to a file, for example <code>export_to_csv_with_csvkit.py</code>, and run it:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>python export_to_csv_with_csvkit.py </code></pre> </div> <p>This script will connect to the specified MySQL database, execute the query to retrieve data from the specified table, and export the data to a CSV file using <code>csvkit</code>.</p> <p><strong><em>Note: The subprocess module in Python is used to spawn new processes, connect to their input/output/error pipes, and obtain their return codes</em></strong></p> <p>It allows you to run external commands and interact with them programmatically. This is especially useful for automating command-line tasks and integrating external tools into your Python scripts.</p> <p>Key Functions in subprocess<br> subprocess.run(): This function runs a command, waits for it to complete, and then returns a CompletedProcess instance.<br> subprocess.Popen(): This is a more powerful and flexible function for spawning new processes. It allows more complex interactions with the process.</p> <p>Example Usage<br> Here’s a simple example demonstrating the use of subprocess.run():<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">subprocess</span> <span class="c1"># Define the command to run </span><span class="n">command</span> <span class="o">=</span> <span class="p">[</span><span class="sh">'</span><span class="s">echo</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">Hello, World!</span><span class="sh">'</span><span class="p">]</span> <span class="c1"># Run the command </span><span class="n">result</span> <span class="o">=</span> <span class="n">subprocess</span><span class="p">.</span><span class="nf">run</span><span class="p">(</span><span class="n">command</span><span class="p">,</span> <span class="n">capture_output</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">text</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="c1"># Print the command's output </span><span class="nf">print</span><span class="p">(</span><span class="n">result</span><span class="p">.</span><span class="n">stdout</span><span class="p">)</span> </code></pre> </div> <p><strong><em>Explanation of Parameters:</em></strong></p> <p>command: A list where the first element is the command to run, and the subsequent elements are the arguments to the command.</p> <p>capture_output: If set to True, it captures the standard output and standard error.</p> <p>text: If set to True, the output is returned as a string instead of bytes.</p> <p>NOTE: the csvkit command an also be run as a one line command using if you have csvkitn installed. You can install csvkit with <code>pip install csvkit</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>csvsql <span class="nt">--db</span> mysql://[username]:[password]@localhost/[database_name] <span class="nt">--query</span> <span class="s2">"SELECT * FROM [table_name]"</span> <span class="o">&gt;</span> <span class="o">[</span>output_file.csv] </code></pre> </div> instanceofGod Sat, 01 Jun 2024 14:10:54 +0000 https://dev.to/instanceofgod/javascript-array-methods-26n https://dev.to/instanceofgod/javascript-array-methods-26n <p>JavaScript provides a rich set of array methods to manipulate and work with arrays. Here is a comprehensive list of these methods along with sample usage:</p> <p>Mutator Methods<br> These methods modify the array they are called on.</p> <h2> push() </h2> <p>Adds one or more elements to the end of an array and returns the new length of the array.</p> <p>sample:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">let</span> <span class="nx">arr</span> <span class="o">=</span> <span class="p">[</span><span class="mi">1</span><span class="p">,</span> <span class="mi">2</span><span class="p">,</span> <span class="mi">3</span><span class="p">];</span> <span class="nx">arr</span><span class="p">.</span><span class="nf">push</span><span class="p">(</span><span class="mi">4</span><span class="p">);</span> <span class="c1">// arr is now [1, 2, 3, 4]</span> </code></pre> </div> <h2> pop() </h2> <p>Removes the last element from an array and returns that element.</p> <p>sample:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">let</span> <span class="nx">arr</span> <span class="o">=</span> <span class="p">[</span><span class="mi">1</span><span class="p">,</span> <span class="mi">2</span><span class="p">,</span> <span class="mi">3</span><span class="p">];</span> <span class="kd">let</span> <span class="nx">lastElement</span> <span class="o">=</span> <span class="nx">arr</span><span class="p">.</span><span class="nf">pop</span><span class="p">();</span> <span class="c1">// arr is now [1, 2]; lastElement is 3</span> </code></pre> </div> <h2> shift() </h2> <p>Removes the first element from an array and returns that element.</p> <p>sample:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">let</span> <span class="nx">arr</span> <span class="o">=</span> <span class="p">[</span><span class="mi">1</span><span class="p">,</span> <span class="mi">2</span><span class="p">,</span> <span class="mi">3</span><span class="p">];</span> <span class="kd">let</span> <span class="nx">firstElement</span> <span class="o">=</span> <span class="nx">arr</span><span class="p">.</span><span class="nf">shift</span><span class="p">();</span> <span class="c1">// arr is now [2, 3]; firstElement is 1</span> </code></pre> </div> <h2> unshift() </h2> <p>Adds one or more elements to the beginning of an array and returns the new length of the array.</p> <p>sample:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">let</span> <span class="nx">arr</span> <span class="o">=</span> <span class="p">[</span><span class="mi">1</span><span class="p">,</span> <span class="mi">2</span><span class="p">,</span> <span class="mi">3</span><span class="p">];</span> <span class="nx">arr</span><span class="p">.</span><span class="nf">unshift</span><span class="p">(</span><span class="mi">0</span><span class="p">);</span> <span class="c1">// arr is now [0, 1, 2, 3]</span> </code></pre> </div> <h2> splice() </h2> <p>Adds and/or removes elements from an array.</p> <p>sample:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="kd">let</span> <span class="nx">arr</span> <span class="o">=</span> <span class="p">[</span><span class="mi">1</span><span class="p">,</span> <span class="mi">2</span><span class="p">,</span> <span class="mi">3</span><span class="p">,</span> <span class="mi">4</span><span class="p">];</span> <span class="nx">arr</span><span class="p">.</span><span class="nf">splice</span><span class="p">(</span><span class="mi">1</span><span class="p">,</span> <span class="mi">2</span><span class="p">,</span> <span class="dl">'</span><span class="s1">a</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">b</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// arr is now [1, 'a', 'b', 4]</span> </code></pre> </div> <h2> sort() </h2> <p>Sorts the elements of an array in place and returns the sorted array.</p> <p>sample:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="kd">let</span> <span class="nx">arr</span> <span class="o">=</span> <span class="p">[</span><span class="mi">3</span><span class="p">,</span> <span class="mi">1</span><span class="p">,</span> <span class="mi">4</span><span class="p">,</span> <span class="mi">1</span><span class="p">,</span> <span class="mi">5</span><span class="p">,</span> <span class="mi">9</span><span class="p">];</span> <span class="nx">arr</span><span class="p">.</span><span class="nf">sort</span><span class="p">();</span> <span class="c1">// arr is now [1, 1, 3, 4, 5, 9]</span> </code></pre> </div> <h2> reverse() </h2> <p>Reverses the order of the elements in an array in place.</p> <p>sample:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">let</span> <span class="nx">arr</span> <span class="o">=</span> <span class="p">[</span><span class="mi">1</span><span class="p">,</span> <span class="mi">2</span><span class="p">,</span> <span class="mi">3</span><span class="p">];</span> <span class="nx">arr</span><span class="p">.</span><span class="nf">reverse</span><span class="p">();</span> <span class="c1">// arr is now [3, 2, 1]</span> </code></pre> </div> <h2> Accessor Methods </h2> <p>These methods do not modify the array and typically return a new array or a single value.</p> <h2> concat() </h2> <p>Merges two or more arrays.</p> <p>sample:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">let</span> <span class="nx">arr1</span> <span class="o">=</span> <span class="p">[</span><span class="mi">1</span><span class="p">,</span> <span class="mi">2</span><span class="p">];</span> <span class="kd">let</span> <span class="nx">arr2</span> <span class="o">=</span> <span class="p">[</span><span class="mi">3</span><span class="p">,</span> <span class="mi">4</span><span class="p">];</span> <span class="kd">let</span> <span class="nx">newArr</span> <span class="o">=</span> <span class="nx">arr1</span><span class="p">.</span><span class="nf">concat</span><span class="p">(</span><span class="nx">arr2</span><span class="p">);</span> <span class="c1">// newArr is [1, 2, 3, 4]</span> </code></pre> </div> <h2> join() </h2> <p>Joins all elements of an array into a string.</p> <p>sample:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="kd">let</span> <span class="nx">arr</span> <span class="o">=</span> <span class="p">[</span><span class="mi">1</span><span class="p">,</span> <span class="mi">2</span><span class="p">,</span> <span class="mi">3</span><span class="p">];</span> <span class="kd">let</span> <span class="nx">str</span> <span class="o">=</span> <span class="nx">arr</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="dl">'</span><span class="s1">-</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// str is '1-2-3'</span> </code></pre> </div> <h2> slice() </h2> <p>Returns a shallow copy of a portion of an array into a new array.</p> <p>sample:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">let</span> <span class="nx">arr</span> <span class="o">=</span> <span class="p">[</span><span class="mi">1</span><span class="p">,</span> <span class="mi">2</span><span class="p">,</span> <span class="mi">3</span><span class="p">,</span> <span class="mi">4</span><span class="p">,</span> <span class="mi">5</span><span class="p">];</span> <span class="kd">let</span> <span class="nx">slicedArr</span> <span class="o">=</span> <span class="nx">arr</span><span class="p">.</span><span class="nf">slice</span><span class="p">(</span><span class="mi">1</span><span class="p">,</span> <span class="mi">3</span><span class="p">);</span> <span class="c1">// slicedArr is [2, 3]</span> </code></pre> </div> <h2> indexOf() </h2> <p>Returns the first index at which a given element can be found in the array.</p> <p>sample:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">let</span> <span class="nx">arr</span> <span class="o">=</span> <span class="p">[</span><span class="mi">1</span><span class="p">,</span> <span class="mi">2</span><span class="p">,</span> <span class="mi">3</span><span class="p">];</span> <span class="kd">let</span> <span class="nx">index</span> <span class="o">=</span> <span class="nx">arr</span><span class="p">.</span><span class="nf">indexOf</span><span class="p">(</span><span class="mi">2</span><span class="p">);</span> <span class="c1">// index is 1</span> </code></pre> </div> <h2> lastIndexOf() </h2> <p>Returns the last index at which a given element can be found in the array.</p> <p>sample:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">let</span> <span class="nx">arr</span> <span class="o">=</span> <span class="p">[</span><span class="mi">1</span><span class="p">,</span> <span class="mi">2</span><span class="p">,</span> <span class="mi">3</span><span class="p">,</span> <span class="mi">2</span><span class="p">];</span> <span class="kd">let</span> <span class="nx">index</span> <span class="o">=</span> <span class="nx">arr</span><span class="p">.</span><span class="nf">lastIndexOf</span><span class="p">(</span><span class="mi">2</span><span class="p">);</span> <span class="c1">// index is 3</span> </code></pre> </div> <h2> includes() </h2> <p>Determines whether an array includes a certain value.</p> <p>sample:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">let</span> <span class="nx">arr</span> <span class="o">=</span> <span class="p">[</span><span class="mi">1</span><span class="p">,</span> <span class="mi">2</span><span class="p">,</span> <span class="mi">3</span><span class="p">];</span> <span class="kd">let</span> <span class="nx">hasTwo</span> <span class="o">=</span> <span class="nx">arr</span><span class="p">.</span><span class="nf">includes</span><span class="p">(</span><span class="mi">2</span><span class="p">);</span> <span class="c1">// hasTwo is true</span> </code></pre> </div> <h2> toString() </h2> <p>Returns a string representing the array.</p> <p>sample:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">let</span> <span class="nx">arr</span> <span class="o">=</span> <span class="p">[</span><span class="mi">1</span><span class="p">,</span> <span class="mi">2</span><span class="p">,</span> <span class="mi">3</span><span class="p">];</span> <span class="kd">let</span> <span class="nx">str</span> <span class="o">=</span> <span class="nx">arr</span><span class="p">.</span><span class="nf">toString</span><span class="p">();</span> <span class="c1">// str is '1,2,3'</span> </code></pre> </div> <h2> toLocaleString() </h2> <p>Returns a localized string representing the array.</p> <p>sample:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="kd">let</span> <span class="nx">arr</span> <span class="o">=</span> <span class="p">[</span><span class="mi">1</span><span class="p">,</span> <span class="mi">2</span><span class="p">,</span> <span class="mi">3</span><span class="p">];</span> <span class="kd">let</span> <span class="nx">str</span> <span class="o">=</span> <span class="nx">arr</span><span class="p">.</span><span class="nf">toLocaleString</span><span class="p">();</span> <span class="c1">// str might vary based on locale</span> </code></pre> </div> <h2> Iteration Methods </h2> <p>These methods iterate over the array, typically applying a function to each element.</p> <h2> forEach() </h2> <p>Executes a provided function once for each array element.</p> <p>sample:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">let</span> <span class="nx">arr</span> <span class="o">=</span> <span class="p">[</span><span class="mi">1</span><span class="p">,</span> <span class="mi">2</span><span class="p">,</span> <span class="mi">3</span><span class="p">];</span> <span class="nx">arr</span><span class="p">.</span><span class="nf">forEach</span><span class="p">(</span><span class="nx">element</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">element</span><span class="p">));</span> <span class="c1">// logs 1, 2, 3</span> </code></pre> </div> <h2> map() </h2> <p>Creates a new array with the results of calling a provided function on every element.</p> <p>sample:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="kd">let</span> <span class="nx">arr</span> <span class="o">=</span> <span class="p">[</span><span class="mi">1</span><span class="p">,</span> <span class="mi">2</span><span class="p">,</span> <span class="mi">3</span><span class="p">];</span> <span class="kd">let</span> <span class="nx">doubled</span> <span class="o">=</span> <span class="nx">arr</span><span class="p">.</span><span class="nf">map</span><span class="p">(</span><span class="nx">x</span> <span class="o">=&gt;</span> <span class="nx">x</span> <span class="o">*</span> <span class="mi">2</span><span class="p">);</span> <span class="c1">// doubled is [2, 4, 6]</span> </code></pre> </div> <h2> filter() </h2> <p>Creates a new array with all elements that pass the test implemented by the provided function.</p> <p>sample:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">let</span> <span class="nx">arr</span> <span class="o">=</span> <span class="p">[</span><span class="mi">1</span><span class="p">,</span> <span class="mi">2</span><span class="p">,</span> <span class="mi">3</span><span class="p">,</span> <span class="mi">4</span><span class="p">];</span> <span class="kd">let</span> <span class="nx">evens</span> <span class="o">=</span> <span class="nx">arr</span><span class="p">.</span><span class="nf">filter</span><span class="p">(</span><span class="nx">x</span> <span class="o">=&gt;</span> <span class="nx">x</span> <span class="o">%</span> <span class="mi">2</span> <span class="o">===</span> <span class="mi">0</span><span class="p">);</span> <span class="c1">// evens is [2, 4]</span> </code></pre> </div> <h2> reduce() </h2> <p>Applies a function against an accumulator and each element to reduce it to a single value.</p> <p>sample:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">let</span> <span class="nx">arr</span> <span class="o">=</span> <span class="p">[</span><span class="mi">1</span><span class="p">,</span> <span class="mi">2</span><span class="p">,</span> <span class="mi">3</span><span class="p">,</span> <span class="mi">4</span><span class="p">];</span> <span class="kd">let</span> <span class="nx">sum</span> <span class="o">=</span> <span class="nx">arr</span><span class="p">.</span><span class="nf">reduce</span><span class="p">((</span><span class="nx">acc</span><span class="p">,</span> <span class="nx">curr</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">acc</span> <span class="o">+</span> <span class="nx">curr</span><span class="p">,</span> <span class="mi">0</span><span class="p">);</span> <span class="c1">// sum is 10</span> </code></pre> </div> <h2> reduceRight() </h2> <p>Applies a function against an accumulator and each element (from right to left) to reduce it to a single value.</p> <p>sample:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">let</span> <span class="nx">arr</span> <span class="o">=</span> <span class="p">[</span><span class="mi">1</span><span class="p">,</span> <span class="mi">2</span><span class="p">,</span> <span class="mi">3</span><span class="p">,</span> <span class="mi">4</span><span class="p">];</span> <span class="kd">let</span> <span class="nx">sum</span> <span class="o">=</span> <span class="nx">arr</span><span class="p">.</span><span class="nf">reduceRight</span><span class="p">((</span><span class="nx">acc</span><span class="p">,</span> <span class="nx">curr</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">acc</span> <span class="o">+</span> <span class="nx">curr</span><span class="p">,</span> <span class="mi">0</span><span class="p">);</span> <span class="c1">// sum is 10</span> </code></pre> </div> <h2> some() </h2> <p>Tests whether at least one element passes the test implemented by the provided function.</p> <p>sample:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">let</span> <span class="nx">arr</span> <span class="o">=</span> <span class="p">[</span><span class="mi">1</span><span class="p">,</span> <span class="mi">2</span><span class="p">,</span> <span class="mi">3</span><span class="p">];</span> <span class="kd">let</span> <span class="nx">hasEven</span> <span class="o">=</span> <span class="nx">arr</span><span class="p">.</span><span class="nf">some</span><span class="p">(</span><span class="nx">x</span> <span class="o">=&gt;</span> <span class="nx">x</span> <span class="o">%</span> <span class="mi">2</span> <span class="o">===</span> <span class="mi">0</span><span class="p">);</span> <span class="c1">// hasEven is true</span> </code></pre> </div> <h2> every() </h2> <p>Tests whether all elements pass the test implemented by the provided function.</p> <p>sample:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">let</span> <span class="nx">arr</span> <span class="o">=</span> <span class="p">[</span><span class="mi">1</span><span class="p">,</span> <span class="mi">2</span><span class="p">,</span> <span class="mi">3</span><span class="p">];</span> <span class="kd">let</span> <span class="nx">allPositive</span> <span class="o">=</span> <span class="nx">arr</span><span class="p">.</span><span class="nf">every</span><span class="p">(</span><span class="nx">x</span> <span class="o">=&gt;</span> <span class="nx">x</span> <span class="o">&gt;</span> <span class="mi">0</span><span class="p">);</span> <span class="c1">// allPositive is true</span> </code></pre> </div> <h2> find() </h2> <p>Returns the first element that satisfies the provided testing function.</p> <p>sample:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="kd">let</span> <span class="nx">arr</span> <span class="o">=</span> <span class="p">[</span><span class="mi">1</span><span class="p">,</span> <span class="mi">2</span><span class="p">,</span> <span class="mi">3</span><span class="p">];</span> <span class="kd">let</span> <span class="nx">found</span> <span class="o">=</span> <span class="nx">arr</span><span class="p">.</span><span class="nf">find</span><span class="p">(</span><span class="nx">x</span> <span class="o">=&gt;</span> <span class="nx">x</span> <span class="o">&gt;</span> <span class="mi">1</span><span class="p">);</span> <span class="c1">// found is 2</span> </code></pre> </div> <h2> findIndex() </h2> <p>Returns the index of the first element that satisfies the provided testing function.</p> <p>sample:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="kd">let</span> <span class="nx">arr</span> <span class="o">=</span> <span class="p">[</span><span class="mi">1</span><span class="p">,</span> <span class="mi">2</span><span class="p">,</span> <span class="mi">3</span><span class="p">];</span> <span class="kd">let</span> <span class="nx">index</span> <span class="o">=</span> <span class="nx">arr</span><span class="p">.</span><span class="nf">findIndex</span><span class="p">(</span><span class="nx">x</span> <span class="o">=&gt;</span> <span class="nx">x</span> <span class="o">&gt;</span> <span class="mi">1</span><span class="p">);</span> <span class="c1">// index is 1</span> </code></pre> </div> <h2> flat() </h2> <p>Creates a new array with all sub-array elements concatenated into it recursively up to the specified depth.</p> <p>sample:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">let</span> <span class="nx">arr</span> <span class="o">=</span> <span class="p">[</span><span class="mi">1</span><span class="p">,</span> <span class="p">[</span><span class="mi">2</span><span class="p">,</span> <span class="p">[</span><span class="mi">3</span><span class="p">,</span> <span class="mi">4</span><span class="p">]]];</span> <span class="kd">let</span> <span class="nx">flatArr</span> <span class="o">=</span> <span class="nx">arr</span><span class="p">.</span><span class="nf">flat</span><span class="p">(</span><span class="mi">2</span><span class="p">);</span> <span class="c1">// flatArr is [1, 2, 3, 4]</span> </code></pre> </div> <h2> flatMap() </h2> <p>First maps each element using a mapping function, then flattens the result into a new array.</p> <p>sample:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="kd">let</span> <span class="nx">arr</span> <span class="o">=</span> <span class="p">[</span><span class="mi">1</span><span class="p">,</span> <span class="mi">2</span><span class="p">,</span> <span class="mi">3</span><span class="p">];</span> <span class="kd">let</span> <span class="nx">flatMapped</span> <span class="o">=</span> <span class="nx">arr</span><span class="p">.</span><span class="nf">flatMap</span><span class="p">(</span><span class="nx">x</span> <span class="o">=&gt;</span> <span class="p">[</span><span class="nx">x</span><span class="p">,</span> <span class="nx">x</span> <span class="o">*</span> <span class="mi">2</span><span class="p">]);</span> <span class="c1">// flatMapped is [1, 2, 2, 4, 3, 6]</span> </code></pre> </div> <h2> entries() </h2> <p>Returns a new Array Iterator object that contains the key/value pairs for each index in the array.</p> <p>sample:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">let</span> <span class="nx">arr</span> <span class="o">=</span> <span class="p">[</span><span class="dl">'</span><span class="s1">a</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">b</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">c</span><span class="dl">'</span><span class="p">];</span> <span class="kd">let</span> <span class="nx">iterator</span> <span class="o">=</span> <span class="nx">arr</span><span class="p">.</span><span class="nf">entries</span><span class="p">();</span> <span class="k">for </span><span class="p">(</span><span class="kd">let</span> <span class="p">[</span><span class="nx">index</span><span class="p">,</span> <span class="nx">value</span><span class="p">]</span> <span class="k">of</span> <span class="nx">iterator</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">index</span><span class="p">,</span> <span class="nx">value</span><span class="p">);</span> <span class="c1">// logs 0 'a', 1 'b', 2 'c'</span> <span class="p">}</span> </code></pre> </div> <h2> keys() </h2> <p>Returns a new Array Iterator that contains the keys for each index in the array.</p> <p>sample:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">let</span> <span class="nx">arr</span> <span class="o">=</span> <span class="p">[</span><span class="dl">'</span><span class="s1">a</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">b</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">c</span><span class="dl">'</span><span class="p">];</span> <span class="kd">let</span> <span class="nx">iterator</span> <span class="o">=</span> <span class="nx">arr</span><span class="p">.</span><span class="nf">keys</span><span class="p">();</span> <span class="k">for </span><span class="p">(</span><span class="kd">let</span> <span class="nx">key</span> <span class="k">of</span> <span class="nx">iterator</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">key</span><span class="p">);</span> <span class="c1">// logs 0, 1, 2</span> <span class="p">}</span> </code></pre> </div> <h2> values() </h2> <p>Returns a new Array Iterator object that contains the values for each index in</p> instanceofGod Mon, 22 Apr 2024 11:21:47 +0000 https://dev.to/instanceofgod/securely-connecting-to-postgresql-on-a-virtual-machine-from-anywhere-4ank https://dev.to/instanceofgod/securely-connecting-to-postgresql-on-a-virtual-machine-from-anywhere-4ank <p><strong>Prerequisites:</strong></p> <ul> <li>A virtual machine set up on a cloud provider (AWS, Google Cloud, Azure) or a local virtualization platform (VirtualBox).</li> <li>Basic understanding of command line and Linux concepts.</li> </ul> <p>Deploying PostgreSQL on a Virtual Machine (VM) and connecting to it from anywhere involves several steps. This guide walks you through deploying PostgreSQL on a Virtual Machine (VM) and connecting to it remotely with enhanced security practices.</p> <p>Once your VM is running, you'll need to install PostgreSQL. This process varies depending on the operating system of your VM, but it generally involves downloading and installing the PostgreSQL package.</p> <p><strong>1. Install and Configure PostgreSQL</strong></p> <p><strong>1.1. Update and Install:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>apt update <span class="nb">sudo </span>apt <span class="nb">install </span>postgresql postgresql-contrib <span class="nt">-y</span> </code></pre> </div> <p><strong>1.2. Verify PostgreSQL user:</strong></p> <p>PostgreSQL creates a user named <code>postgres</code>. Verify its existence:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo cat</span> /etc/passwd | <span class="nb">grep</span> <span class="nt">-i</span> postgres postgres:x:113:120:PostgreSQL administrator,,,:/var/lib/postgresql:/bin/bash </code></pre> </div> <p>To connect to Postgres, switch to the <code>postgres</code> user and run psql:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo</span> <span class="nt">-i</span> <span class="nt">-u</span> postgres </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>psql <span class="nv">postgres</span><span class="o">=</span><span class="c">#</span> </code></pre> </div> <p><strong>1.3. Create a Secure User (Optional):</strong></p> <p>For better security, create a dedicated user for remote access instead of using the default <code>postgres</code> user. We'll create a user named ubuntu and grant them necessary privileges based on your specific needs. Avoid granting superuser access (equivalent to <code>root</code> in Linux) unless absolutely essential.</p> <p>To create a Postgres user run the following command which will give an interactive prompt for configuring the new user. For the sake of simplicity, the ubuntu user will be a superuser, which is the equivalent of being a root user on linux. The super user will have the ability to create/delete/modify databases and users.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>createuser <span class="nt">--interactive</span> Enter name of role to add: ubuntu Shall the new role be a superuser? <span class="o">(</span>y/n<span class="o">)</span> y <span class="c"># Set password for myuser (replace 'password' with a strong password)</span> ALTER USER ubuntu PASSWORD <span class="s1">'password'</span><span class="p">;</span> <span class="c"># Grant appropriate privileges (adjust as needed)</span> GRANT CONNECT ON DATABASE postgres TO ubuntu<span class="p">;</span> GRANT CREATE DATABASE TO ubuntu<span class="p">;</span> <span class="se">\q</span> <span class="nb">exit</span> </code></pre> </div> <p>Login to postgres using the <code>postgres</code> user for now to verify the new <code>ubuntu</code> user was created successfully<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>psql Type <span class="s2">"help"</span> <span class="k">for </span>help. <span class="nv">postgres</span><span class="o">=</span><span class="c"># \du</span> List of roles Role name | Attributes | Member of <span class="nt">-----------</span>+------------------------------------------------------------+----------- postgres | Superuser, Create role, Create DB, Replication, Bypass RLS | <span class="o">{}</span> ubuntu | Superuser, Create role, Create DB | <span class="o">{}</span> <span class="nv">postgres</span><span class="o">=</span><span class="c">#</span> </code></pre> </div> <p>Exit out of the psql by running <code>\q</code> and also exit out of the <code>postgres</code> user by running <code>exit</code> on the command line</p> <p>Let's try to run <code>psql</code> as the ubuntu user now. An error similar to the one below should be observed<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>psql psql: error: could not connect to server: FATAL: database <span class="s2">"ubuntu"</span> does not exist </code></pre> </div> <p>The reason for this is that Postgres by default tries to connect to a database that is the same name as the user. Since the user is <code>ubuntu</code> it tries to connect to a database called <code>ubuntu</code> as well which does not exist. We can go in and create a database called <code>ubuntu</code> so that it will automatically connect, however I find this unnecessary. Instead we can pass in the <code>-d</code> flag and connect to a database that we know exists like the <code>postgres</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>psql <span class="nt">-d</span> postgres </code></pre> </div> <p>With the above steps we have successfully installed and configured Postgres on the server.</p> <ol> <li> Configure PostgreSQL to accept connections from any location. </li> </ol> <p>By default PostgreSQL is configured to be bound to “localhost”, on port 5432 . It means any attempt to connect to the postgresql server from outside the machine will be refused.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>netstat <span class="nt">-nlt</span> Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 127.0.0.1:5432 0.0.0.0:<span class="k">*</span> LISTEN </code></pre> </div> <p>To allow your postgres server to accept connection from any location or a specific location (IP address), you will need to edit two files:</p> <p>i.<code>pg_hba.conf</code></p> <p><strong>ii.<code>postgresql.conf</code></strong></p> <p>You can use the following command to easily locate the files on your server<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo</span> <span class="nt">-u</span> postgres psql <span class="nt">-c</span> <span class="s2">"SHOW hba_file"</span> <span class="nt">-c</span> <span class="s2">"SHOW config_file"</span> </code></pre> </div> <h3> <code>pg_hba.conf</code> </h3> <p>From <a href="https://www.postgresql.org/docs/11/auth-pg-hba-conf.html" rel="noopener noreferrer">20.1. The pg_hba.conf File</a>: "_Client authentication is controlled by a configuration file, which traditionally is named pg_hba.conf and is stored in the database cluster's data directory. (HBA stands for host-based authentication.) _"<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>host all all 0.0.0.0/0 trust host all all ::/0 trust </code></pre> </div> <h3> <code>postgresql.conf</code> </h3> <p>The configuration file comes with helpful hints to get this working</p> <p>To allow your Postgres server to accept connection from any location or a specific location (IP address), change the listen_addresses from ‘localhost’ to the IP address of the server you want to connect from. To allow for connection from anywhere( not advised), change ‘localhost” to “*”.</p> <p>Remember, exposing your database to the internet comes with security risks. Always ensure you have strong, unique passwords and consider setting up additional security measures.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="n">listen_addresses</span> <span class="o">=</span> <span class="s1">'localhost'</span> <span class="o">#</span> <span class="n">what</span> <span class="n">IP</span> <span class="n">address</span><span class="p">(</span><span class="n">es</span><span class="p">)</span> <span class="k">to</span> <span class="k">listen</span> <span class="k">on</span><span class="p">;</span> <span class="o">#</span> <span class="n">comma</span><span class="o">-</span><span class="n">separated</span> <span class="n">list</span> <span class="k">of</span> <span class="n">addresses</span><span class="p">;</span> <span class="o">#</span> <span class="k">defaults</span> <span class="k">to</span> <span class="s1">'localhost'</span><span class="p">;</span> <span class="n">use</span> <span class="s1">'*'</span> <span class="k">for</span> <span class="k">all</span> <span class="o">#</span> <span class="p">(</span><span class="n">change</span> <span class="n">requires</span> <span class="k">restart</span><span class="p">)</span> </code></pre> </div> <p>For a quick and dirty solution just change it to<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="n">listen_addresses</span> <span class="o">=</span> <span class="s1">'*'</span> </code></pre> </div> <h3> Restart postgres </h3> <p>After the configuration, you will need to restart the postgres server. Once PostgreSQL is restarted, it will start listening on all IP addresses. </p> <p>To restart PostgreSQL:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">sudo </span>systemctl restart postgresql@11-main <span class="c"># change 11 to the version of your postgres</span> <span class="c"># or</span> <span class="nv">$ </span>pg_ctl restart </code></pre> </div> <ol> <li><strong>Open Postgres port on server firewall rule</strong></li> </ol> <p>Remember to open the port that PostgreSQL uses (default is 5432) on your VM's firewall. This step will depend on your VM's operating system and firewall settings.</p> <p>Finally, you can connect to your PostgreSQL database from anywhere using a PostgreSQL client. You'll need your VM's public IP address, the database name, and the login credentials.</p> <ol> <li><strong>Secure Remote Connection with SSH Tunneling</strong></li> </ol> <p>Another option to securely connect to postgres server is by using SSH Tunneling. To enable secure remote access, we'll leverage SSH Tunneling. This creates an encrypted tunnel between your local machine and the VM, allowing you to connect to PostgreSQL through this secure channel.</p> <p><strong>4.1. Establish an SSH Tunnel:</strong></p> <p>Use your preferred SSH client to create a tunnel. Here's an example command:</p> <p><strong>Bash</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>ssh <span class="nt">-L</span> 5433:localhost:5432 &lt;username&gt;@&lt;VM_IP_Address&gt; </code></pre> </div> <p><strong>Replace the placeholders:</strong></p> <ul> <li> <code>&lt;username&gt;</code> with your VM username.</li> <li> <code>&lt;VM_IP_Address&gt;</code> with the public IP address of your VM.</li> </ul> <p>This command creates a local port (5433) on your machine that forwards traffic to the PostgreSQL port (5432) on the VM.</p> <p><strong>4.2 Connect to PostgreSQL Remotely:</strong></p> <p><strong>Use a PostgreSQL client on your local machine and connect to:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>localhost:5433 <span class="c"># Port you forwarded in the tunnel (5433)</span> </code></pre> </div> <p><strong>Use the credentials of the user you created (e.g., <code>ubuntu</code>).</strong></p> <p>The steps above establish a secure connection using SSH Tunneling. To further enhance security, consider these additional measures:</p> <ul> <li><strong>Never modify <code>listen_addresses</code> in <code>postgresql.conf</code> to <code>'*'</code>. This exposes your database server to the entire internet, making it vulnerable to attacks.</strong></li> <li><strong>Configure firewall rules on your VM to restrict access to the PostgreSQL port (default 5432) from only your specific IP address. This adds an extra layer of protection.</strong></li> <li> <strong>Implement strong password policies and enforce secure user authentication methods. Utilize the <code>pg_hba.conf</code> file to control which users can connect from where and how they can authenticate.</strong> Refer to PostgreSQL documentation for detailed configuration options.</li> </ul> <p><strong>5. Conclusion:</strong></p> <p>By following these steps, you can securely connect to your PostgreSQL database on a VM from anywhere or by using SSH tunneling. Remember, security should be a top priority. Implement the additional security measures mentioned above to create a more robust defense for your database server.</p> <p>For further details on PostgreSQL configuration and security best practices, refer to the official PostgreSQL documentation <a href="https://www.postgresql.org/docs/" rel="noopener noreferrer">https://www.postgresql.org/docs/</a>.</p> <p><em>Helpful link and references:</em></p> <ol> <li><a href="https://stackoverflow.com/questions/24504680/connect-to-postgres-server-on-google-compute-engine" rel="noopener noreferrer">https://stackoverflow.com/questions/24504680/connect-to-postgres-server-on-google-compute-engine</a></li> </ol> instanceofGod Mon, 16 May 2022 13:56:26 +0000 https://dev.to/instanceofgod/enable-password-authentication-in-aws-ec2-instance-376b https://dev.to/instanceofgod/enable-password-authentication-in-aws-ec2-instance-376b <p>Password authentication is disabled by default in aws ec2 instance. The only way to access your server is by using ssh with -i flag and followed by private key attached to the server.</p> <p>However, there are scenarios when you may need to access the server with just username and password. Take note that this method of accessing your server is not encouraged, as it could open your server to attacks. </p> <h3> How to Enable Password Authentication in EC2 </h3> <p>First, you have to ssh into your server with your private key to set password for the user and also make some changes to the sshd_config file.</p> <p>The steps to enable password authentication are highlighted below:</p> <ul> <li>Login to server </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>ssh -i privatekey username@host_ip </code></pre> </div> <ul> <li>Setup a password for the user using the passwd command </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>sudo passwd username </code></pre> </div> <ul> <li>Open and modify the <code>sshd_config</code> file. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>sudo vim /etc/ssh/sshd_config </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>nano /etc/ssh/sshd_config </code></pre> </div> <p>If you prefer to use nano as editor</p> <p>Changes the PasswordAuthentication line from ‘no’ to ‘yes’<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>PasswordAuthentication yes </code></pre> </div> <ul> <li>Enable root login, Change value from “<strong>prohibit-password</strong>” to “<strong>yes”</strong> (Optional) </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>PermitRootLogin <span class="nb">yes</span> </code></pre> </div> <ul> <li>Restart the “<strong>sshd</strong>” service using the following command. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>sudo service sshd restart or sudo systemctl restart ssh </code></pre> </div> <p>That’s all you have to do. Now you can login to the ec2 server using the password you set for the user, without the private key.</p> <p>When you type the command below, you will be prompted to enter your password!</p> aws ec2 ssh password instanceofGod Mon, 16 Aug 2021 22:03:27 +0000 https://dev.to/instanceofgod/a-beginners-journey-into-web-development-2d72 https://dev.to/instanceofgod/a-beginners-journey-into-web-development-2d72 <p>Hey, thinking of starting a career into web development but don't know how and where to begin?</p> <p>One of the most difficult decision to make by beginners when venturing into web development is how to begin, and what resources are available to aid their learning.</p> <p>If this is where you find yourself now, like me, when I first started learning web development ( I wish I had seen and read an article like this then), this article will help to provide a roadmap to help you to learn faster and better.</p> <h2> Start from the Basic. </h2> <p>As foundation is important in construction, so is it in software development. Starting from the basic means starting from ground up, learning the foundational concepts of <strong>HTML</strong> such as tags, semantics, structure, layout etc. Want to Start Learning HTML now, <a href="https://www.tutorialrepublic.com/html-tutorial/" rel="noopener noreferrer">**https://www.tutorialrepublic.com/html-tutorial/</a>** is one of the good site to start your journey into web development.</p> <p>You need to understand how to arrange elements on the web page, that is, putting elements where they ought to be on the page. One good tool that than help you achieve this is <a href="https://figma.com" rel="noopener noreferrer">FIGMA</a>. Learn more about figma <a href="https://www.figma.com/resources/learn-design/" rel="noopener noreferrer">**HERE</a> <a href="https://trydesignlab.com/figma-101-course/introduction-to-figma/" rel="noopener noreferrer">https://trydesignlab.com/figma-101-course/introduction-to-figma/</a>**</p> <h2> Advance to Aesthetics </h2> <p>After you are comfortable with html and have a good knowledge of laying out your page, giving your code good visual appearance with <strong>CSS</strong> is the next step. CSS is used for styling your HTML pages. While HTML is like an unpainted building, CSS is the 'paint' that makes the we page appealing to the eyes. </p> <p>Other Things to learn includes Version Control. Want to know more about Version Control using GIT, go to : <a href="https://www.freecodecamp.org/news/learn-the-basics-of-git-in-under-10-minutes-da548267cc91/" rel="noopener noreferrer"><strong>https://www.freecodecamp.org/news/learn-the-basics-of-git-in-under-10-minutes-da548267cc91/</strong></a></p> <h3> Choose a Programming Language </h3> <p>There are several programming languages that does different or same thing in different ways. </p> <p>You will need to decide your goal and objective for the future before deciding which one to learn first. Of course, you can learn many languages over time, but it is better to pick one and be a master of it, than not being able to do anything productive with the knowledge of several programming languages.</p> <p><strong>Examples of Programming language</strong> are: PHP, Python, Java, JavaScript, Go, Rust, C#, C++, MySql, Kotlin, Ruby, Perl and many more. Make proper research about the language, what you can use it to achieve, whether it fulfils your future goal as a software developer. </p> <p>Fortunately, the internet abounds with resources- Video, Articles, Guides or Courses to make your learning journey smooth and sound. You can checkout the following resource:</p> <p>PHP - <a href="https://www.w3schools.com/php/default.asp" rel="noopener noreferrer">https://www.w3schools.com/php/default.asp</a></p> <p>JavaScript - <a href="https://www.w3schools.com/js/default.asp" rel="noopener noreferrer">https://www.w3schools.com/js/default.asp</a></p> <p>Python - <a href="https://www.w3schools.com/python/default.asp" rel="noopener noreferrer">https://www.w3schools.com/python/default.asp</a></p> <p>Go - <a href="https://www.w3schools.com/go/index.php" rel="noopener noreferrer">https://www.w3schools.com/go/index.php</a></p> programing webdev beginners softwaredevelopment instanceofGod Thu, 18 Mar 2021 11:39:57 +0000 https://dev.to/instanceofgod/eslint-prettier-husky-configuration-for-project-5f5a https://dev.to/instanceofgod/eslint-prettier-husky-configuration-for-project-5f5a <h2> Setting up Prettier with ESLint, and also checking commit with husky. </h2> <p>You will need to install Eslint, Prettier and Pre-Commit.<br> The 3 packages does different things, their usefulness are highlighted below: </p> <ul> <li>ESLint - For Linting, and Enforcing Style Guide.</li> <li>Prettier -  For Code Formatting.</li> <li>Pre-Commit - For Making sure code that's being committed is followed guidelines and is formatted properly.</li> </ul> <h2> Installation </h2> <p>The packages can be installed locally in your project or globally:</p> <h3> <strong>Setting up ESLint</strong> </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm install --save-dev eslint </code></pre> </div> <p>After installing eslint, you then need to set it up, that is, configure it.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npx eslint --init </code></pre> </div> <p>Sample of the text that will be inside the eslintrc.json file<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"extends"</span><span class="p">:</span><span class="err"> </span><span class="p">[</span><span class="s2">"airbnb"</span><span class="p">,</span><span class="err"> </span><span class="s2">"prettier"</span><span class="w"> </span><span class="s2">"eslint:recommended"</span><span class="p">],</span><span class="w"> </span><span class="nl">"plugins"</span><span class="p">:</span><span class="err"> </span><span class="p">[</span><span class="s2">"prettier"</span><span class="p">],</span><span class="w"> </span><span class="nl">"rules"</span><span class="p">:</span><span class="err"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"semi"</span><span class="p">:</span><span class="err"> </span><span class="p">[</span><span class="s2">"error"</span><span class="p">,</span><span class="err"> </span><span class="s2">"always"</span><span class="p">],</span><span class="w"> </span><span class="nl">"quotes"</span><span class="p">:</span><span class="err"> </span><span class="p">[</span><span class="s2">"error"</span><span class="p">,</span><span class="err"> </span><span class="s2">"double"</span><span class="p">]</span><span class="w"> </span><span class="nl">"prettier/prettier"</span><span class="p">:</span><span class="err"> </span><span class="p">[</span><span class="s2">"error"</span><span class="p">]</span><span class="w"> </span><span class="err">//</span><span class="w"> </span><span class="err">if</span><span class="w"> </span><span class="err">you</span><span class="w"> </span><span class="err">choose</span><span class="w"> </span><span class="err">to</span><span class="w"> </span><span class="err">use</span><span class="w"> </span><span class="err">prettier</span><span class="w"> </span><span class="err">rules.</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h3> <strong>Setting up Prettier</strong> </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm install --save-dev prettier eslint-config-prettier eslint-plugin-prettier </code></pre> </div> <p>Then create .prettierrc file in your project’s root directory.</p> <p>You can type echo {} .prettierrc in your terminal to create the file<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">touch</span> <span class="o">{}</span> .prettierrc </code></pre> </div> <p>This will be where you configure your prettier formatting settings.</p> <p>Sample of the settings you can configure inside the prettierrc.json file<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="w"> </span><span class="p">{</span><span class="err"> </span><span class="w"> </span><span class="nl">"useTabs"</span><span class="p">:</span><span class="err"> </span><span class="kc">true</span><span class="p">,</span><span class="w"> </span><span class="nl">"tabSize"</span><span class="p">:</span><span class="err"> </span><span class="mi">2</span><span class="p">,</span><span class="w"> </span><span class="nl">"semi"</span><span class="p">:</span><span class="err"> </span><span class="kc">true</span><span class="p">,</span><span class="w"> </span><span class="nl">"singleQuote"</span><span class="p">:</span><span class="err"> </span><span class="kc">true</span><span class="p">,</span><span class="w"> </span><span class="nl">"trailingComma"</span><span class="p">:</span><span class="err"> </span><span class="s2">"es5"</span><span class="p">,</span><span class="w"> </span><span class="nl">"bracketSpacing"</span><span class="p">:</span><span class="err"> </span><span class="kc">true</span><span class="p">,</span><span class="w"> </span><span class="nl">"parser"</span><span class="p">:</span><span class="s2">"typescript"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h2> Setting up <strong>Pre-commit and Pre-push</strong> </h2> <p>This is a pretty important step. This will ensure that before any developer in your team commits any code, the changes made by him are validated with <br> EsLint, and the code is properly formatted.</p> <p>The fastest way to start using lint-staged is to run following command in your terminal:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight html"><code>npx mrm lint-staged </code></pre> </div> <p>It will install and configure <strong><a href="https://github.com/typicode/husky" rel="noopener noreferrer">husky</a></strong> and lint-staged depending on code quality tools from <code>package.json</code> dependencies, so please make sure you install (<code>npm install --save-dev</code>) and configure all code quality tools like <strong><a href="https://prettier.io/" rel="noopener noreferrer">Prettier</a></strong>, <strong><a href="https://eslint.org/" rel="noopener noreferrer">ESlint</a></strong> prior that.</p> <h3> Another alternative to implement this;  we will need to configure some packages </h3> <ol> <li>The First package we need is <strong>husky</strong> which will make adding  these hooks very easy.</li> <li>We also need a package called <strong>lint-staged</strong> that will let us  check only the pages which are changed. So, only the staged files are checked and the rest of the code  remains untouched.</li> <li> <strong>pretty quick</strong> will check for any unformatted files and  format them using Prettier.</li> </ol> <h3> Installation of the packages </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm install <span class="nt">--save-dev</span> husky lint-staged pretty-quick </code></pre> </div> <p>After installing these packages we need to add configuration for these in our package.json file<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="nl">"lint-staged"</span><span class="p">:</span><span class="err"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"*.js"</span><span class="p">:</span><span class="err"> </span><span class="s2">"eslint --cache --fix"</span><span class="w"> </span><span class="p">}</span><span class="err">,</span><span class="w"> </span><span class="nl">"husky"</span><span class="p">:</span><span class="err"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"hooks"</span><span class="p">:</span><span class="err"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"pre-commit"</span><span class="p">:</span><span class="err"> </span><span class="s2">"lint-staged &amp;&amp; pretty-quick --staged"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>As the name suggests, when you're trying to commit the changes, this will run both commands  "lint-staged and pretty-quick".</p> <ul> <li>The lint-staged will run eslint command on javascript files  that are staged,</li> <li>The pretty-quick will format the JavaScript files if they  aren't using Prettier.</li> </ul> <p>If any of the staged files are not properly linted or formatted this will give you a warning and will stop you from committing the<br> changes in the code.</p>