DEV Community: sonu sharma

Security of Blockchain Transactions vs. REST API Calls

sonu sharma — Thu, 19 Sep 2024 18:25:28 +0000

REST API Calls

Centralized: Typically, REST APIs are centralized, meaning they are controlled by a single entity.

Security: The security of REST API calls depends on the implementation. Common security measures include authentication, encryption, and input validation.

Trust: Users must trust the entity controlling the API to handle their data securely and fairly.

Blockchain Transactions

Decentralized: Blockchain transactions are decentralized, meaning they are not controlled by a single entity.

Security: The security of blockchain transactions is ensured through cryptographic algorithms and consensus mechanisms. Each transaction is verified by multiple nodes in the network.

Immutability: Once a transaction is confirmed and added to the blockchain, it cannot be altered or deleted.

Transparency: All transactions are publicly visible on the blockchain, ensuring transparency and accountability.

Answering the Question:

When someone asks how blockchain transactions are secure compared to REST API calls, you can explain the following:

Decentralization: Blockchain transactions are decentralized, meaning they are not controlled by a single entity. This reduces the risk of fraud and tampering.

Cryptographic Security: Blockchain transactions are secured using cryptographic algorithms, ensuring that only the intended recipient can access the data.

Consensus Mechanisms: Blockchain transactions are verified by multiple nodes in the network, ensuring that they are valid and secure.

Immutability: Once a transaction is confirmed and added to the blockchain, it cannot be altered or deleted. This ensures the integrity of the data.

Transparency: All transactions are publicly visible on the blockchain, ensuring transparency and accountability.

In contrast, REST API calls are centralized and rely on the security measures implemented by the entity controlling the API. While REST APIs can be secure, they do not offer the same level of decentralization, transparency, and immutability as blockchain transactions.

This post is AI generated, I take credit for the question whose AI answer I have copied here 🫶

Not an ideal notification service ?

sonu sharma — Thu, 19 Sep 2024 17:35:13 +0000

Expected notificaiton service 🚀

This is what I would build as a notification service. This notification service would take care of all the ideal functional and non-funcitonal desing requirements.

The startup's notification service 😎

But this is what I end up building.

How is your notification service built ?

ACID Transactions

sonu sharma — Sat, 07 Sep 2024 07:40:30 +0000

ACID Transactions

What is a Transaction any way ?

A transaction is a group of SQL commands whose results will be made available to the rest of the system as a unit when the transaction commits or not at all, if the transaction aborts.

Transactions are expected to be ACID.

ACID, an acronym for Atomicity, Consistency, Isolation and Durability defines a set of properties that ensure database transactions are processed reliably.

ACID is most often associated with transactions on a single database server, but distributed transactions extend that guarantee across multiple databases.

I found a good article on distributed transaction and it implementation - https://hazelcast.com/glossary/distributed-transaction

Some databases may not support distributed transactions like postgresql do not support distributed transactions.

Can you nest transactions ?

I would suggest read this article by Brent Ozar - https://www.brentozar.com/archive/2023/02/can-you-nest-transactions-in-sql-server/

Let’s see ACID properties one by one.

Atomicity: Atomicity ensures set of transaction is treated as an individual unit of work. It means either all the operations are successful or none of them are applied to the database.

If any of part of the transaction fails, the entire transaction is rolled back, and the database is restored to its previous consistent state.

Example : In a banking transaction Atomicity ensures either both credit and debit operation occur, or neither does.
```
BEGIN TRANSACTION;
UPDATE accounts SET balance = balance - 100 where account_id=1;
UPDARE accounts SET balance = balance + 100 where account_id=2;
COMMIT;
```
Consistency: Consistency ensures that a transactions brings the database from one valid state to another valid state. It means all the data integrity constraints such as foreign key, check constraints are satisfied before and after the transactions.
Isolation: Isolation ensures that transactions are executed in a way that they do not interfere with each other means the intermediate state of one transaction is invisible to another parallel transaction.

Isolation levels:

Read Uncommitted: Transactions can see uncommitted changes from other transactions.

Read Committed: Transactions can only see committed changes from other transactions.

Repeatable Read: Ensures that if a transactions read a row, it will read the same row consistently during its entire execution.

Serializable: Provides the highest level of isolation, ensuring transactions are executed serially.
```
-- Check Isolation Level in Postgresql

SHOW default_transaction_isolation;

-- output : `read committed`
```
Here is good read on ACID implementation in Posgresql - https://www.postgresql.org/files/developer/transactions.pdf
Durability: it ensures that once a transaction is committed, it will remains so, even in the event of a system failure. This means that committed data will not be lost.

ACID transaction has 4 phases Begin Transaction , Execute Transaciton , Commit Transaction , Rollback Transaction

Databases implement ACID transactions through a combination of techniques, including

Logging: Detailed records of all the transactions are kept, allowing for recovery in case of failure.
Locking: Data is locked during a transaction to prevent concurrent access and ensure isolation.
Tow-Phase Commit: A protocol used to coordinate the commitment of a transaction across multiple systems.

There are lot of techniques to implement transactions and use cases where transactions are used. At present it is a fundamental concept in database management systems that ensure data integrity, reliability and consistency.

By understanding and leveraging ACID transactions, developers can deliver a reliable and predictable applications.

Thank you so much for reading. ❤️

CAP Theorem

sonu sharma — Thu, 29 Aug 2024 03:54:51 +0000

It is a fundamental framework for understanding trade-offs when designing distributed systems.

Consistency (C): A distributed system is said to be highly consistent when every read receives the most recent write or an error.

Availability (A): A distributed system is said to be highly Available when every request (Read or Write) receives a non-error response, without guarantee that it contains the most recent write

Partition Tolerance (PT): A highly partition tolerant system continues to operate despite an arbitrary number of messages drop(delay) between nodes.

The CAP trade-off: Choosing 2 of 3: In the presence of network partition a distributed system must choose between Consistency or and Availability.

CP (Consistency and Partition Tolerance): During a partition, the system may reject some requests to maintain consistency.

AP (Availability and Partition Tolerance): During a partition, different nodes may return different values for the same data.

CA (Consistency and Availability): In the absence of partitions, a system can be both consistent and available. However the network partition are inevitable.

Practical strategies

Eventual consistency: This gives a good balance where an immediate consistency is not necessary like CDNs and DNS, eventually these will be updated with latest data.
Strong consistency: Financial applications can work with eventual consistency they need a strong consistency.
Tuneable consistency: Allows systems to adjust their consistency levels based on specific needs. Systems like Cassandra allow configuring the level of consistency on a per-query basis.
Quorum-Based Approaches: Use voting system among a group of nodes to ensure a certain level of consistency.

Comment the interesting ways you use this theorem.

Scalability

sonu sharma — Wed, 28 Aug 2024 03:37:11 +0000

Scalability is the property of system to evolve as the work load grows.

Types of work load

Users
New features
Data volume
Complexity in code
Geographical Reach

Ways to scale your system

Vertical scaling (Scale up) : adding more RAM / fast ram, it is effective but has limit to how effective it can be.
Horizontal scaling (Scale out) : adding additional machines to distribute work on these new added machines to reduce work load on a single machine.
Partitioning: Split the data across multiple nodes to distribute workload and avoid bottlenecks.
Load Balance: Having a lot of machines running is ineffective if the traffic is on single machine. Here comes load balances to distribute the traffic across machines.
Auto Scaling: Helps to automatically spin new machines when burst of traffic apprears.
Caching: Go to mechanism to improve latency of APIs. It is effective in reducing load on databases.
Content Delivery Network (CDNs): Used to serve static pages, images, videos results in faster load time.
Asynchronous Communication: Defer long-running tasks / non-critical tasks to background queues or message brokers. This ensures your main application remains responsive to users.
Microservices Architecture: Break down your service to small independent services so that these services can scaled independently.
Multi-region Deployment: Deploy the application in multiple data centers or cloud regions to reduce latency and improve redundancy.

Availability

sonu sharma — Wed, 28 Aug 2024 03:34:24 +0000

Availability is defined as the proportion of time a system is up and serving the traffic. It is defined in terms of percentage. Can also be divided into tiers of 2 nines (99%), 3 nines (99.9%), 4 nines (99.99%), 5 nines (99.999%) and 6 nines (99.9999 %).

Ways to improve Availability

Redundancy : It is a way of having backup components which can takeover when primary components fail.

Technique to Add Redundancy
1. Server Redundancy: Having multiple instance of the same server helps in distributing traffic across servers, ensuring if one fails other can provide service.
2. Database Redundancy: Creating a replica database that can takeover when primary database fails.
3. Geographic Redundancy: Distributing resources across multiple geographic locations to solve/mitigate the regional failures
Load Balancing: It distributes the incoming traffic across multiple servers to ensure that no single server becomes a bottleneck this improving performance and availability.

Technique to Add Load Balancing
1. Hardware Load Balancing: Physical devices that distributes traffic based on preconfigured rules.
2. Software Load Balancing: Software solutions that manage traffic distribution. Solutions like HAProxy, Nginx, or cloud-based solution like AWS Elastic Load Balancer.
Data Replication: It is a way of copying data to multiple locations either asynchronously or in realtime ensuring data is available even one location fails.

Technique of Data Replication
1. Synchronous Replication: Data is replicated in real-time to ensure consistency across location.
2. Asynchronous Replication: Date is replicated with delay, which can be more efficient but may result in slight data inconsistencies.
Failover Mechanism: Failover mechanism automatically witches to redundant system when a failure detected.

Techniques of Failover Mechanism
1. Active-Passive failover mechanism: A primary active component is backed by a passive standby component that takes over upon failure.
2. Active-Active failover mechanism: All components are active and share the load. If one fails, remaining components continue to handle the load seamlessly.
Monitoring & Alerts: Continuous health monitoring involves checking the status of the system components to detect failures early and trigger alert for immediate action.

Techniques for Monitoring & Alerts
1. Heartbeat Signals: Regular signals sent between components to check their status.
2. Health Check: Automated scripts or tools that perform regular check on components.
3. Alerting systems: Tools like PagerDuty or OpsGenie that notify administrators of any issues.

Best practices for Availability

Build for failure: Assume that components can go down at any moment and build the required fall back mechanisms
Implement Health Check
Use Multiple availability zones: Distribute the system across multiple data centers to prevent localized failures.
Practice chaos Engineering: Check reliability by intentionally introducing failures.
Implement Circuit Breakers: Prevent cascading failures by quickly cutting off problematic services
Use caching wisely: Caching can reduce load on databases.
Plan for capacity: Ensure your system can handle both expected and unexpected loads.

The System Design diary

sonu sharma — Tue, 27 Aug 2024 02:28:05 +0000

Dev diary

I will be posting my learnings on system design.

Revolutionise Authentication using Hanko

sonu sharma — Wed, 25 Oct 2023 20:22:31 +0000

Hanko Memes

It is an AI-based fun project which lets anyone create memes.
This project is part of a hackathon to create any functioning app that can be hosted online with Hanko auth integrated.
In this project OpenAI chat completion model generates a caption given a topic and audience.
Once the caption is generated user can use a meme template to add the generated caption thus producing a sharable meme.
Technologies: NextJs, Hanko Authentication, Supabase, ui.shadcn , Deployed on Netlify and Vercel

Working Application : https://hanko-memes.vercel.app

Run the project

Just clone [hanko-memes](https://github.com/sonu0702/ repo

Install all packages

   yarn install

.env file , generate your hanko api url

   copy content of .env.example into .env

Run the server

   npm run dev

The application connects with the backend server deployed on Netlify.
You can find the code in hanko-memes-be
If you want to check out just the frontend integration of
Hanko Authentication just check my frontend repo hanko-memes

For the frontend integration of the Hanko Authentication, I used hanko-nextjs-starter. It is very helpful and I would recommend this since it will give a clear picture of the authentication flow. The other which developers have is Hanko documentation.

So Hanko is a hands-down winner in enhancing experience user authentication and security.
This is my first time using a biometric authentication integration into a web application and Hanko made it very simple.

Application using Hanko

Login

This is the interface of login for users, they can login in using email or passkey, which will open an interface to use the finger biometric of your device,
in my case laptop.

Meme template, MyMemes and Generate meme are other features which I have added.

Meme Templates

Meme Template page lists all the meme templates which a user can use to write captions and personalise the meme.

Once you click on any of the Memes you will be redirected to the Meme Generator page.

Meme Generator

This is the most interesting feature actually. You just have to fill in Topic and Audience as shown in the screenshot and click on AI Captions, AI will generate captions for you.
or you can just type in top and bottom captions and then click on Generate Meme to create a shareable meme.

My Memes

Since you are logged into the application, the application stores the memes generated by you to be visible only to you.

Backend Integration of Hanko Auth

I have my backend code in hanko-memes-be. The most significant peace of code which I want to briefly touch upon is how to handle / very Hanko Auth Token.

Let me paste the code here

const jwt = require('jsonwebtoken');
const jwksClient = require('jwks-rsa');

authenticatedUserId: async (event) => {
    if (
      event.headers.authorization &&
      event.headers.authorization.split(" ")[0] === "Bearer"
    ) {
      let token = event.headers.authorization.split(" ")[1];
      let client = jwksClient({ jwksUri: `${process.env.HANKO_API_URL}/.well-known/jwks.json` })
      let signkey = await client.getSigningKey()
      let publicKey = signkey.getPublicKey();
      let verified = jwt.verify(token, publicKey, {})
      return verified.sub;
    } else {
      throw new Error(`Invalid user`)
    }
  }

It is as simple as it looks. Hanko has followed JWT token standards for user authentication.

I have used standard jsonwebtoken and jwks-rsa libraries. These libraries helped me get the public key using that I have verifed the JWT token to extract userId.

By participating in hanko hackathon hackathon I got to explore Hanko Authentication an awesome authentication library, OpenAI to generate meme captions and Next.Js 13.

Authentication is hard. Let FACEIO handle it for you

sonu sharma — Sun, 04 Dec 2022 07:01:11 +0000

There are very few companies which implement their own authentication system. This is because even big and advanced companies can fall prey to security attacks. This leads to awkward lawsuits and in some cases company's downfall.

Authentication systems are developed as components in a complex application or as a service. If the company is developing the authentication system for providing identity as a service then it makes sense to spend time and resources. But if it is being used as one of the components in a complex application then even the big and advanced companies try to use what is already tried and tested. This approach not only saves time and money but it will provide much-needed security for such an important component.

Developers have been developing and optimising the authentication system for a long time now. It is still a complex feature which needs dedicated time and resources. Handling user data is probably one of the most complex parts to get right in any application (web or not). There are just so many places for something to go wrong. It becomes really hard to ensure that your app is really secure.

It’s not just login form -> check username/password -> set the cookie. It has a lot of other things to think about:

Cookie security, Password requirements, Storing passwords in the database, Email vs username, Rate-limiting authentication attempts, Captcha, Password reset, 2FA, Force 2FA by admin configuration and whatnot.

This is why it is essential that you follow the latest best practices when designing an authentication system for your web application. Better yet, you could get someone more experienced to do it for you while you focus on the core features of your app.

This is where FACEIO comes in handy. In this case FACEIO “someone more experienced” will take care of authentication for us.

With FACEIO, you can leverage the experience of some of the smartest minds in software development to build an authentication system that has been battle tested for years and vetted by the pros in the industry.

FACEIO is a facial authentication framework that is to be implemented on websites or web applications via a simple JavaScript snippet. It authenticates users using face recognition instead of the traditional login/password pair or OTP code. It is a cross-browser, Cloud & On-Premise deployable.

In my opinion, it is the easiest way to add passwordless authentication to websites or web applications. Simply implement fio.js on your website, and you will be able to instantly authenticate your existing users, and enroll new ones via Face Recognition using their computer Webcam or smartphone frontal camera on their favourite browser.

Enough of theory, let me show you a working demo on how to integrate and use FACEIO facial authentication in a reactJS application.

This is the folder structure of my ReactJS application which I am going to use for FACEIO demo.

The first step in integration after setting up a ReactJS project is to integrate fio.js cdn within the public/index.html file as shown in the following section

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8" />
    <meta
      name="viewport"
      content="width=device-width, initial-scale=1, shrink-to-fit=no"
    />
    <meta name="theme-color" content="#000000" />
    <!--
      manifest.json provides metadata used when your web app is added to the
      homescreen on Android. See https://developers.google.com/web/fundamentals/engage-and-retain/web-app-manifest/
    -->
    <link rel="manifest" href="%PUBLIC_URL%/manifest.json" />
    <link rel="shortcut icon" href="%PUBLIC_URL%/favicon.ico" />
    <!--
      Notice the use of %PUBLIC_URL% in the tags above.
      It will be replaced with the URL of the `public` folder during the build.
      Only files inside the `public` folder can be referenced from the HTML.

      Unlike "/favicon.ico" or "favicon.ico", "%PUBLIC_URL%/favicon.ico" will
      work correctly both with client-side routing and a non-root public URL.
      Learn how to configure a non-root public URL by running `npm run build`.
    -->
    <title>React App</title>
  </head>

  <body>
    <noscript>
      You need to enable JavaScript to run this app.
    </noscript>
    <script src="https://cdn.faceio.net/fio.js"></script>
    <div id="root"></div>
    <!--
      This HTML file is a template.
      If you open it directly in the browser, you will see an empty page.

      You can add webfonts, meta tags, or analytics to this file.
      The build step will place the bundled scripts into the <body> tag.

      To begin the development, run `npm start` or `yarn start`.
      To create a production bundle, use `npm run build` or `yarn build`.
    -->
  </body>
</html>

As you can see I have added facio cdn link - https://cdn.faceio.net/fio.js within the <script></script> tag in index.html file like this

<script src="https://cdn.faceio.net/fio.js"></script>

The second part is easier than the first one. You just have to invoke either enroll() function to sign up new users for your application or invoke authenticate() function to sign in already authenticated users.

I have done this in my App.js file. But you are free to do it in any file. Let add the code snippet for you for better understanding.
src/App.js

import React, { useState, useEffect } from "react";
import "./styles.css";
import { handleError } from "./errorHandler";
let faceio;
export default function App() {
  const [faceid, setFaceId] = useState(null);
  const [accountExistString, setAccountExistString] = useState("");
  useEffect(() => {
    faceio = new faceIO("<application-id>");
  }, []);
  useEffect(() => {
    setAccountExistString("");
  }, [faceid]);
  const handleNewUser = async () => {
    try {
      let response = await faceio.enroll({
        locale: "auto"
      });
      setFaceId(response.facialId);
    } catch (error) {
      console.log("error", error);
      handleError(error);
      if (error === 20) {
        setAccountExistString("Your account exists, Please Sign In");
      }
      if (error === 9 || error === 6) {
        setAccountExistString("Something went wrong! Please try again!");
      }
      if (error === 13) {
        window.location.reload();
      }
    }
    console.log("This is done");
  };

  const handleAuthentication = async () => {
    try {
      let response = await faceio.authenticate({
        locale: "auto"
      });
      setFaceId(response.facialId);
    } catch (error) {
      if (error === 20) {
        window.location.reload();
      }
    }
  };

  const handleLogout = async () => {
    window.location.reload();
  };

  return (
    <div className="App">
      {faceid && (
        <>
          <div>
            <img src="./padlock.svg" alt="faceid" height="300" width="200" />
          </div>
          <h1>Face Identity Verified</h1>
          <button className={"mybutton"} onClick={handleLogout}>
            Logout
          </button>
        </>
      )}
      {!faceid && (
        <>
          <h1> Verify Face Identity</h1>
          <img src="./faceid.svg" alt="faceid" height="300" width="200" />
          <button className={"mybutton"} onClick={handleAuthentication}>
            Sign In
          </button>
          <button className={"mybutton"} onClick={handleNewUser}>
            Sign Up
          </button>
          {accountExistString && <h3>{accountExistString}</h3>}
        </>
      )}
    </div>
  );
}

There are three important things happening here

Initialise your faceio application using <application-id>. Application id you get by signing up FACEIO .
Onclick event handling for Sign In and Sign Up buttons. On Sign Up, I am invoking the following enroll() function of fio.js . And on Sign In, I am invoking authenticate() function to sign in enrolled users. I would suggest you go through the integration documentation to better understand the use of fio.js.
Handling errors from fio.js. I am handling all type errors from fio.js. You can find the error codes and their description in the following fio.js documentation. fio.js error codes.

For the full code, you can clone my faceiodemo GitHub repo using https://github.com/sonu0702/faceiodemo.git

Here is the preview of my demo app which I have deployed on vercel.

https://csb-kwbgjs-nq8tfdpqc-sonu0702.vercel.app/

FACEIO takes care of that too. If you tried my demo application you would know that once the face recognition is done you will require to input a PIN. This pin combined with facial recognition will be used to authenticate you.

As a developer, I can say that overall FACEIO gives a hassle-free frontend development experience. Frontend developers do not have to worry about creating a form, handling form errors and all other things which we have been dealing with for so long. For backend developers, FACEIO gives webhook events on creating new users. These events can be listened to and stored to authenticate other API flows of the application.

How to use Redis pub/sub to handle socket.io sessions across multiple instances ?

sonu sharma — Fri, 09 Sep 2022 02:36:19 +0000

When we use socket.io we are generally trying to publish messages to all the collaborators of the workspace in an application even though the origin of the message was one of the collaborator specially in a collaborative application.

In this scenario where a server must convey its message to multiple users, a socket client creates a room and adds users to this room. when any change (like app update , new comment) happens in this room that particular change must be conveyed to all the members of the room.

The information, that there is a room called xyz and there are some collaborators say a, b, c in the room is stored by a socket instance on a particular server instance.

When multiple instances of the application or server are created a new instance of socket is also created for the new instance of application. Now, when the changes of a room comes to this server this instance does not know about the room created by previous instance and also does not know about the members / collaborators of the room. Therefore new server instance can’t send the changes to those connected to the existing server. I have tried to explain the problem visually here.

Before going into the solution of the problem, let’s understand the technologies i have used along with some snippet of the actual code. I have written the server code in golang and i am using Postman as client. The two technologies i would like to brief you all are socket.io and Redis pub/sub.
If you are already familiar with the concepts just glance through my description to better understand the blog and solution provided by it.

Brief description on socket.io

Socket.io helps in delivering messages to client in real time. Behind the scene socket.io creates a bi-directional channel between server and client therefore enabling bidirectional communication between web client and server. For demo code I have used a golang server therefor i have used a golang library called go-socket.io . Some advance socket.io concepts which you should be aware are channel, event, namespace and rooms.

Golang code snippet for Connecting to a socket.io - find full code here

c.SocketServer.OnConnect("/", func(s socketio.Conn) error {
        log.Println("connected:", s.ID())
        return nil
    })

Golang code snippet for Disconnecting from a socket.io

c.SocketServer.OnDisconnect("/", func(s socketio.Conn, reason string) {
        fmt.Println("Disconnected ", s.ID(), "reason", reason)
        s.Leave(reason)
        fmt.Println("Disconnected ", s.ID())
    })

Brief description on rooms in socket.io

Room is a socket.io feature. By using this a server can send a message to a particular group/subscribers. In order for the clients to receive the messages of particular group they have be subscribed/joined to a particular namespace called room. Then the socket.io uses broadcast method of the socket object to send messages to all the subscribed clients.

Socket.io rooms can be used in Chat applications and application which use workspace and collaborator architecture. In chat application the message is broadcasted to the group and all the users of the group receive the message in real-time. In collaborative applications messages are broadcasted to a workspace so that collaborators can receive them. Here is pictorial view explaining concept of rooms in socket.io.

Golang code snippet explaining the room join functionality

c.SocketServer.OnEvent("/", "application",
        c.authenticate(c.authorize(func(s socketio.Conn, payload ApplicationSubscriptionPayload) error {
            log.Println("roomName : ", getRoomName(payload.Payload.WorkspaceId, payload.Payload.AppId),
                "payload : ", payload.Event)
            roomName := getRoomName(payload.Payload.WorkspaceId, payload.Payload.AppId)
            if payload.Event == Subscribe {
                sessionContext := getSessionContext(s)
                s.Join(roomName)
                log.Printf("subscribed : (%s), sessionId : %s, roomName : %s , allRooms : %v ",
                    sessionContext, s.ID(),
                    roomName, s.Rooms())
                newApplicationSubscriptionResponse := NewApplicationSubscriptionResponse("SUCCESS",
                    payload.Event, payload.Payload)
                s.Emit("application_response", newApplicationSubscriptionResponse)
                return nil
            }
            log.Printf("%s un subscribed to roomName : %s , allRooms : %v ", s.ID(),
                roomName, s.Rooms())
            s.Leave(getRoomName(payload.Payload.WorkspaceId, payload.Payload.AppId))
            newNodezapSubscriptionResponse := NewApplicationSubscriptionResponse("SUCCESS",
                payload.Event, payload.Payload)
            s.Emit("application_response", newNodezapSubscriptionResponse)
            return nil
        })))

In the given code snippet authenticate, authorize functions are optional. These functions are middleware which can be used to add some more context to the event. s.Join(roomName) function is used to join the given room name.

A sample payload which can be used to join the room is as given below it is specific to the application I have written.

{
    "event":"SUBSCRIBE",
    "payload":{
        "appId" :"test_app_id",
        "workspaceId" :"test_workspace_id"
    }
}

Let me explain Redis pub/sub which I am using as one of the solution for aforementioned problem.

Brief description on Redis Pub/Sub

First of all let’s understand Redis. It is an in-memory data structure store which is used as a database, cache, message broker, and streaming engine. Redis pub/sub is one the features of Redis. You can get official documentation of Redis pub/sub here . Let me give you a brief on few of the concepts of Redis pub/sub. There are two components in Redis pub/sub first one is Publisher. Its function is to send message payload to a given channel/Topic. Subscribers, these subscribe/unsubscribe to a particular topic. A message sent to a topic by a publisher is received by all subscribers subscribed to that topic. Given figure explains the principle of Redis pub/sub.

Golang code snippet explaining subscription to a channel

func (c *CacheStore) SubscribeSocketChannel(socketClient *Client) {
    ctx := context.Background()
    redisPubsub := c.RedisClient.Subscribe(ctx, storePubsubChannel)
    go func() {
        for msg := range redisPubsub.Channel() {
            switch msg.Channel {
            case storePubsubChannel:
                fmt.Println("received pubsub message:", msg.Payload)
                publishToSocketSubscribers(socketClient, msg.Payload)
            }
        }
    }()
}

Golang code snippet explaining publishing to a channel

func Publish(ctx context.Context, redisClient *redis.Client,
    workspaceId, appId string, payload interface{}) error {
    publishableData, err := getPublishPayload(workspaceId, appId, payload)
    if err != nil {
        return err
    }
    redisStore := NewCacheStore(ctx, redisClient)
    err = redisStore.PublishToSocketChannel(publishableData)
    if err != nil {
        return err
    }
    return nil
}

Now that, you all have some idea of technologies I have used we can derive a viable solution to above mentioned problem. In simple words the problem is that all the server instance do not have the side effect / changes so they are unable to convey the changes/side effects to socket room subscribers. This can be easily solved by sending the changes from origin server to all the instances of the server.

The Redis real time database store with pub/sub like functionality fits quite easily in this scenario to solve this problem. It can help us to publish the changed data across the server instances and then the subscribers at each server can receive the changes and then using socket this changes can be sent to all the subscribed collaborators/clients. Therefore using Redis pub/sub we can handle socket sessions across multiple instances of application.

I have uploaded the Golang server code and Postman collection of apis and also the documentation on how to use the web socket using postman as a client on Github - here

This post is in collaboration with Redis.

Learn more:

How to use Facial Recognition to Enhance user Experience ?

sonu sharma — Sun, 14 Aug 2022 09:57:00 +0000

Authentication technology is always changing. Businesses have to move beyond passwords and think of authentication as a means of enhancing user experience. Authentication methods like biometrics (facial authentication) eliminate the need to remember long and complex passwords. As a result of enhanced authentication methods and technologies, attackers will not be able to exploit passwords, and a data breach will be prevented.

What is facial authentication ?

It is an authentication system which authenticates and confirms identity of users instantly without Password, OTP codes, or security questions.

These facial authentication systems are powered by facial recognition engine which is the critical key component that is responsible for mapping each enrolled user’s face at real-time into a mathematical feature vector, better known as biometrics hash, which is in turn stored in a sand-boxed binary index.

Two of the best examples of facial recognition engine are PixLab Insight and AWS Rekognition.

FACEIO is a cross-browser, Cloud & On-Premise deployable, facial authentication framework, It is powered by PixLab Insight and AWS Rekognition facial recognition engine*,* with a client-side JavaScript library (fio.js) that integrates seamlessly with any website or web application desiring to offer secure facial recognition experience to their users. You can freely test the accuracy of both engines by creating a new application on the FACEIO Console.

What is expected from facial authentication ?

Facial authentication must remove dependency of Email, Phone Number, Pin and other personal details of users specially on web application where personal notification are not required.
Facial authentication should be functional across devices like web browsers as well as mobile phone. FACEIO is one such facial authentication system. A PWA (Progressive Web Application) can be used to make it available to mobile phones. This reduces cost of using multiple facial authentication services.
Should have Zero external dependency. Only standard technology implemented in plain JavaScript & CSS.
Should have defence grade accuracy with faster recognition speed powered by state-of-the-art facial recognition engines. FACEIO uses tried and tested PixLab Insight and AWS Rekognition facial recognition engines.

History of facial authentication ?

As we look forward to the future uses of Facial Recognition software, it’s good to take a step back and see how far we have come since the early beginnings.

The earliest pioneers of facial recognition were Woody Bledsoe, Helen Chan Wolf and Charles Bisson. In 1964 and 1965, Bledsoe, along with Wolf and Bisson began work using computers to recognise the human face.

FACEIO Facial Recognition - Present
FACEIO is a cross-browser, facial authentication framework that can be implemented on any website via simple JavaScript snippet to easily authenticate users via Face Recognition instead of the traditional login/password pair or OTP code.

FACEIO is the easiest way to add passwordless authentication to web based applications. Simply implement fio.js on your website, and you will be able to instantly authenticate your existing users, and enroll new ones via Face Recognition using their computer Webcam or smartphone frontal camera on their favorite browser.

Types of authentication systems ?

Password-based authentication

Passwords are the most common methods of authentication. Passwords can be in the form of a string of letters, numbers, or special characters. To protect yourself you need to create strong passwords that include a combination of all possible options.

However, passwords are prone to phishing attacks and bad hygiene that weakens effectiveness. An average person has about 25 different online accounts, but only 54% of users use different passwords across their accounts.

The truth is that there are a lot of passwords to remember. As a result, many people choose convenience over security. Most people use simple passwords instead of creating reliable passwords because they are easier to remember.

The bottom line is that passwords have a lot of weaknesses and are not sufficient in protecting online information. Hackers can easily guess user credentials by running through all possible combinations until they find a match.

Multi-factor authentication

Multi-Factor Authentication (MFA) is an authentication method that requires two or more independent ways to identify a user. Examples include codes generated from the user’s smartphone, Captcha tests, fingerprints, voice biometrics or facial recognition.

MFA authentication methods and technologies increase the confidence of users by adding multiple layers of security. MFA may be a good defence against most account hacks, but it has its own pitfalls. People may lose their phones or SIM cards and not be able to generate an authentication code.

Certificate-based authentication

Certificate-based authentication technologies identify users, machines or devices by using digital certificates. A digital certificate is an electronic document based on the idea of a driver’s license or a passport.

The certificate contains the digital identity of a user including a public key, and the digital signature of a certification authority. Digital certificates prove the ownership of a public key and issued only by a certification authority.

Users provide their digital certificates when they sign in to a server. The server verifies the credibility of the digital signature and the certificate authority. The server then uses cryptography to confirm that the user has a correct private key associated with the certificate.

Biometric authentication

Biometrics authentication is a security process that relies on the unique biological characteristics of an individual. Here are key advantages of using biometric authentication technologies:

Biological characteristics can be easily compared to authorized features saved in a database.
Biometric authentication can control physical access when installed on gates and doors.
You can add biometrics into your multi-factor authentication process.
Biometric authentication technologies are used by consumers, governments and private corporations including airports, military bases, and national borders. The technology is increasingly adopted due to the ability to achieve a high level of security without creating friction for the user. Common biometric authentication methods include:

Facial recognition—matches the different face characteristics of an individual trying to gain access to an approved face stored in a database. Face recognition can be inconsistent when comparing faces at different angles or comparing people who look similar, like close relatives. Facial liveness like ID R&D’s passive facial liveness prevents spoofing.
Fingerprint scanners—match the unique patterns on an individual’s fingerprints. Some new versions of fingerprint scanners can even assess the vascular patterns in people’s fingers. Fingerprint scanners are currently the most popular biometric technology for everyday consumers, despite their frequent inaccuracies. This popularity can be attributed to iPhones.
Speaker Recognition —also known as voice biometrics, examines a speaker’s speech patterns for the formation of specific shapes and sound qualities. A voice-protected device usually relies on standardized words to identify users, just like a password.
Eye scanners—include technologies like iris recognition and retina scanners. Iris scanners project a bright light towards the eye and search for unique patterns in the colored ring around the pupil of the eye. The patterns are then compared to approved information stored in a database. Eye-based authentication may suffer inaccuracies if a person wears glasses or contact lenses.

Token-based authentication

Token-based authentication technologies enable users to enter their credentials once and receive a unique encrypted string of random characters in exchange. You can then use the token to access protected systems instead of entering your credentials all over again. The digital token proves that you already have access permission. Use cases of token-based authentication include RESTful APIs that are used by multiple frameworks and clients.

Integrating facial Authentication in ReactJS project

It is very easy to integrate facial authentication provided by FACEIO in ReactJS project. We have to import fio.js on our site, initialize the library with our application Public ID, and finally perform facial authentication operation. The official integrating guides, with accompanying code samples are available to consult at faceio.net/integration-guide

Let me walk you through the steps i have used to integrate fio.js in my reactJS project. First and foremost i have used codesandbox to make a demo app for facial authentication. Codesandbox is my go to platform to create a demoable react apps.

<script src="https://cdn.faceio.net/fio.js"></script>

I have added this line of code in public/index.html file as shown here

Once the CDN for fio.js is added we will be able to use this library in our ReactJS project. Let’s initialise the faceio object in our app.js file.

useEffect(() => {
    faceio = new faceIO(<<faceio application id>>);
  }, []);

faceio variable is declared in globle scope within app.js. Once the component loads faceio variable will be initialised and will be available to use. <<faceio application id>> is required to initialise the application. You can obtain the application id by following the steps in https://faceio.net/integration-guide.

To start the Facial Recognition process, we have to simply call enroll() or authenticate(), the only two exported methods of the faceIO() class we instantiated earlier. enroll() is for on-boarding new users (enrollment) while authenticate() is for authenticating previously enrolled users (Identification/Sign-in).

i have created two functions which implements enroll() and authenticate() functions respectively.

const handleNewUser = async () => {
    try {
      let response = await faceio.enroll({
        locale: "auto",
        payload: {
          whoami: "1234543234"
        }
      });
      console.log("the response", response);
      console.log(` Unique Facial ID: ${response.facialId}
      Enrollment Date: ${response.timestamp}
      Gender: ${response.details.gender}
      Age Approximation: ${response.details.age}`);
    } catch (error) {
      console.log(error);
    }
    console.log("This is done");
  };

This function handles the new user onboarding, which get triggered as the result of onClick event of following button in my app component.

<button className={"mybutton"} onClick={handleNewUser}>
        Sign-in (Enroll)
</button>

On successful enrollment / onboarding of the user, enroll() function returns the following payload

{
    facialId : "0da974142bd048c2b0cb7e72aa83fb03fioa****",
    details : {
        age : 20,
        gender : "male"
    },
    timestamp : "2022-08-14T04:18:38"
}

facialId can be stored to recognise the users when they login.

In order for the user to login into our application we will implement authenticate() function given by faceio object.

const handleAuthentication = async () => {
    try {
      let response = await faceio.authenticate({
        locale: "auto"
      });

      console.log(` Unique Facial ID: ${response.facialId}
          PayLoad: ${response.payload}
          `);
    } catch (error) {
      console.log(error);
    }
  };

This function handles the user login, which get triggered as the result of onClick event of following button in my app component.

<button className={"mybutton"} onClick={handleAuthentication}>
        Log-in
</button>

As we were building this whole application using codesandbox we do not have to deploy any where we can just start using it.

Summary

Simply put as a developer we had four simple steps to get facial authentication using FACIO up and running for our users

Creating a new FACEIO application first: I Followed the Application Wizard on the FACEIO Console to create the application it is pretty simple.
It involved inputting an application name, selecting a facial recognition engine , cloud storage region, reviewing security options, customizing the Widget layout, and so forth...
Then implemented fio.js, the facial recognition JavaScript library on the website, and initialised it with my application Public ID.
Tested it out once, to know everything working fine

We are missing backend support for the facial authentication in this article. Will update this article as soon as i create a system design for the backend facial authentication and a demo able code to test my design.

useCallback the Hook

sonu sharma — Sat, 06 Aug 2022 12:23:00 +0000

My 2 cents on useCallback React hook.

useCallback hook memoizes the callback function passed to it as argument. In simple words it will not create another instance of same function until the value in second argument passed in the useCallback as array of dependency changes.

Simple way to test whether the passed callback function has changed is by the set test. When ever the useCallback hook is called, add the function returned to the set and check the size of the set. if the size has increased that means a new function instance has been created.

When you call useCallback hook with only one argument, that is without dependencies it does nothing.

I think i have got the basics right. But i am not able to solve un necessary re-rendering of <ShowProducts/> component.

First of all why it is a issue, it is a problem since i think ShowProducts re-rendering is unnecessary because looking at the props i am passing to this components are arrayOfProducts and a call back function to update how many times a item has been clicked / selected updateSelectedCount.

I understand that every time selectedCount changes a new instance of updateSelectedCount is generated so the ShowProducts component re-renders. But my question is why it should bother about the updateSelectedCount being changed.

My question is how i can stop re-rendering <ShowProducts/> keeping all the functionality intact.

DEV Community: sonu sharma

Security of Blockchain Transactions vs. REST API Calls

REST API Calls

Blockchain Transactions

Answering the Question:

Not an ideal notification service ?

Expected notificaiton service 🚀

The startup's notification service 😎

ACID Transactions

Can you nest transactions ?

Let’s see ACID properties one by one.

Isolation levels:

Databases implement ACID transactions through a combination of techniques, including

CAP Theorem

Practical strategies

Scalability

Availability

Ways to improve Availability

Best practices for Availability

The System Design diary

Dev diary

Revolutionise Authentication using Hanko

Hanko Memes

Run the project

Just clone [hanko-memes](https://github.com/sonu0702/ repo

Install all packages

.env file , generate your hanko api url

Run the server

Application using Hanko

Login

Meme Templates

Meme Generator

My Memes

Backend Integration of Hanko Auth

Authentication is hard. Let FACEIO handle it for you

How to use Redis pub/sub to handle socket.io sessions across multiple instances ?

Brief description on socket.io

Brief description on rooms in socket.io

Brief description on Redis Pub/Sub

How to use Facial Recognition to Enhance user Experience ?

What is facial authentication ?

What is expected from facial authentication ?

History of facial authentication ?

Types of authentication systems ?

Integrating facial Authentication in ReactJS project

Summary

useCallback the Hook

My 2 cents on useCallback React hook.