DEV Community: Henrique A. Lavezzo

First voyage of a Rubist into Clojure

Henrique A. Lavezzo — Tue, 14 Jan 2020 01:47:18 +0000

Few days ago, I've decided to learn something new. But, not a new framework in a known language, in my safety zone. I wanted something, a new flame to expurge the ashes of daily issues that were consuming my motivation one month per time.

Then I have tried some languages, some tools, more than one time. I could list all techs that I've tried, but that not the focus of this post. And the fire was unexpected lit, after few minutes reading about Clojure. I felt the exact same feeling when I was tried Ruby by myself for the first time. That's was a clearly match!

My study flow is always evolving, and under strict adaptation. For Clojure studies, I've read a lot about language and functional paradigm. Write few random codes on lein repl, to train some basics of language. And after this read more about language.

After 3 days, I felt really confortable with language. And I would like to go deep, and try to build things on Clojure. That's right, I could write some codes from exercises list, but I always felt supressed when I face a list of exercises, and I subconsiously refuses to follow the exercises. (In fact, I had some problems in school classes with this kind of activities. Sometimes I was labelled "lazy student with good grades.")

Ok, list of exercises was out of options. On Ruby I really like to write granular code, and I have several "in company" private gems, and some public gems. And in Clojure we have clojars, the idea raises up. Let's build a clojar.

Recently I've a demand on Ruby code, to handle a realtime zipcode validation (we call CEP in Brazil), for boleto generation. (We'll stop here about the demand, thats other topic, we can talk about it in other post. Who knows? 😬 )

That's perfect, the idea was fresh in my brain. And the target service for consumption has a little outdated documentation. Then I will use this as point to research.

I've go into service sources, and tests, to learn and get new brand resources to insert into my clojar. I've tested all endpoints, and it's all clear, working perfectly. (At this point, I really in debt with this project. I'm perfect able to update the documentation. I've put in my TODO list)

The service return the REST pattern, an 200 code with body when data cames from API. And a 404 code when API does not returns nothing. When I receives a 200, its easy to return a map with contents to user, with cheshire.

(Note: When you call parse-string, to convert the json into map, all keys cames as string too. If you want to get symbol-like in clojure. You need to fill a argument/parameter with true. I really don't like it. Does not sound idiomatic.)

But when you get a 404 from service, clj-http raises a exception. The odds is always with us, we can perfectly handle this problem with slingshot, creating a custom catch for 404 code. I really like to throw exceptions, it's more than a error for me. We can express unexpected behaviors, and handle with a situation without a cascade of conditionals (Let the destiny defines what you do).
And I choose to throw an custom exception for user, but more idiomatic. (:type ::nothing-returned)

Alongside this code flow, I built the tests, for sure. And I really like the clojure.test, it's simple and get the job done. One of the points what I really like, is the use of with-redefs. I could do mock all clj-http client requests, and set responses without problem, and everything is core builted in language. And I write tests to cover all critical points of the simple "clojar".

It's done! Tests covering the code. And I think, it's simple to use, and the source code is simple, and easier to maintain too.

Let's deploy on Clojars !

I needed to create an account, just like rubygems. And after some few adjustments on project.clj, I was able to deploy the lib.

Just executing lein deploy clojars. It's dead simple, like the website says. After some seconds, I get my clojar badge, and updates the README on GitHub.

After this, I built a simple Travis workflow, to test the code under openjdk-8 and openjdk-11 at every commit on master.

Conclusion

I found in Clojure a new way to think, and build things. I fell in my Ruby codes today, a huge influence of Clojure way to handle things. And I really like it.

If you have interest to see my "lib", here's url https://github.com/Rynaro/postmon-clj

Thanks for reading! 🎉

Setup simple SFTP server in minutes

Henrique A. Lavezzo — Thu, 12 Dec 2019 22:18:48 +0000

Context

One of most common ways to share files between companies is still FTP servers. And sometimes, you need to setup a FTP in-house, whether out compliance control, security, cost, or 'cause its simple enough to do it yourself.

I've one FTP server in company that I work. It's a simple FTP server, developed with Python, using pyftpdlib package, and aws S3 integration. We have a hook action, that send file into a folder mirror named bucket, to secure files, and after 15 days, we made a server FS clean, to guarantee healthy disk space level.

But recently, we get a specific trait from new partner, we need to expose an sftp server. In a quick search, pyftpdlib does not support sftp protocol. After this, I go to aws services, to see how much cost the use of AWS Transfer. It's easy to use service, but expensive for a small startup, and I don't think we need an entire service for this. In other situation, our monthly invoice will be affected by third-party factor, and one mistake made by our partner, could increase the invoice numbers.

Given the above factors, I decided to build a simple sftp from scratch.

DIY Setup

First of all, you'll need a server instance. In this case, I've used a DigitalOcean Droplet. My decision was driven by low-cost purposes.

I like Ubuntu server instances, and this "paper" uses the assumption the server is a Ubuntu server.

Packages

Make sure, your instance is updated.

# apt update && apt upgrade

Install vim, ~~or use nano~~.

# apt install vim

Create user

You'll need to create a user, for your third-party user. We'll call our friend, as partner here. Say hello to Partner.

# adduser --shell /bin/false partner

You can allow your Linux, to create home folders. But actually, I like to stay in front of situation.

Create user folder

If you allowed adduser to create home folders, then you don't need to create a permitted folder space.

# mkdir -p /var/sftp/partner/files

Remember to guarantee permissions to Partner in your home sweet home.

# chown partner:partner /var/sftp/partner
# chmod 755 /var/sftp/partner

SFTP access restrictions

Partner is a common user inside our server. And without other (recommended) security rules, Partner will be able to make an ssh connection. And we don't want this.

We'll create a rule at end of file of sshd_config, for sftp only restriction.

# vim /etc/ssh/sshd_config

The content:

Match User partner
    ForceCommand internal-sftp
    PasswordAuthentication yes
    ChrootDirectory /var/sftp/partner
    PermitTunnel no
    AllowAgentForwarding no
    AllowTcpForwarding no
    X11Forwarding no

Restart SSH Service

After configure Partner restriction, you'll need to restart SSH service to make sure changes take effect on server.

You can be disconnected after this. Just reconnect.

# systemctl restart ssh

Create password

Create a password for partner if didn’t create one yet.

# passwd partner

Testing sftp server

SFTP Connection

For sftp connection, try to connect in your server with partner credentials.

$ sftp partner@your-sftp-server

Type password, and if everything is alright, you'll enter inside partner sftp home folder.

SSH Connection

Partner should has access only to sftp and no ssh connections should be allowed. The test is simple, just try to connect with SSH.

$ ssh partner@your-sftp-server

Type password, hit enter. And you expect to receive this warning message.

This service allows sftp connections only.
Connection to your-sftp-server closed.

After this, you can send the partner credentials to Partner. 😂

This "tutorial" has the purpose to show a simple way to build an sftp server using only Linux resources. As you can see, this "tutorial" doesn't go deep inside major security efforts. But, you can easily enforce your security, using Linux resources too, or using the service providers (aws, Digital Ocean, etc) tools.