DEV Community: Xinecraft The latest articles on DEV Community by Xinecraft (@xinecraft). https://dev.to/xinecraft https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F445797%2F034a05ba-be3b-445a-b46e-4fa1b08cd06c.png DEV Community: Xinecraft https://dev.to/xinecraft en Releasing MineTrax 1.0.0-alpha! A Web Suite for Minecraft Servers. Xinecraft Thu, 02 Jun 2022 01:32:53 +0000 https://dev.to/xinecraft/releasing-minetrax-100-alpha-40dh https://dev.to/xinecraft/releasing-minetrax-100-alpha-40dh <p>Finally after 1 year of work and 6 months of procrastination on my hobby project I am finally releasing it.</p> <p>Check out here: <a href="https://minetrax.github.io" rel="noopener noreferrer">https://minetrax.github.io</a></p> <p>It is not complete! There are lot of features and improvements I want to do but currently I am in the drained out phase and probably feedbacks might help in it.</p> <h3> What is MineTrax? </h3> <p>MineTrax is a web suite &amp; analytics tool for your minecraft servers. Using it you can improve your server engagement by providing a unified dashboard for players to visit and view their player data, or you can keep everything private and use it only for analytics, choice is yours.</p> minecraft laravel javascript opensource TIL: MySQL timestamp column can't go beyond '2038-01-19 03:14:07' Xinecraft Mon, 03 Jan 2022 13:08:28 +0000 https://dev.to/xinecraft/did-you-know-mysql-timestamp-column-cant-go-beyond-2038-01-19-031407-29a8 https://dev.to/xinecraft/did-you-know-mysql-timestamp-column-cant-go-beyond-2038-01-19-031407-29a8 <p>MySQL 'timestamp' type column cannot store value beyond '2038-01-19 03:14:07' UTC, i.e., Int32 limit (2147483647).</p> <p>What do you think about Postgres timestamp column. Can they?</p> mysql discuss beginners postgres Protect your user password choices using Pwned Passwords API. Xinecraft Fri, 07 May 2021 20:34:12 +0000 https://dev.to/xinecraft/protect-your-user-password-choices-using-pwned-passwords-api-1c7j https://dev.to/xinecraft/protect-your-user-password-choices-using-pwned-passwords-api-1c7j <p>Most of the time users don't even know that their password is compromised in a data leak and they keep using it while registering at new sites.</p> <p>This is a very common reason which can lead to your user account getting compromised.</p> <p>To protect against it we can use <a href="https://haveibeenpwned.com/API/v3#PwnedPasswords" rel="noopener noreferrer">Pwned Password API</a> to check for user password leak during registration. Pwned Password API uses a <a href="https://en.wikipedia.org/wiki/K-anonymity" rel="noopener noreferrer">k-Anonymity model</a> to check for leaks without having to send actual user passwords to their server.</p> <h2> How to </h2> <h4> Step 1: </h4> <p>Create a SHA-1 hash of the password you want to test, and split the generated hash into 2 parts. First one contain first 5 letter and the other remaining.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">hash</span> <span class="o">=</span> <span class="nf">sha1</span><span class="p">(</span><span class="dl">"</span><span class="s2">admin@123</span><span class="dl">"</span><span class="p">)</span> <span class="c1">// 23D42F5F3F66498B2C8FF4C20B8C5AC826E47146</span> <span class="kd">const</span> <span class="nx">prefix</span> <span class="o">=</span> <span class="nx">hash</span><span class="p">.</span><span class="nf">slice</span><span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="mi">5</span><span class="p">)</span> <span class="c1">// 23D42</span> <span class="kd">const</span> <span class="nx">suffix</span> <span class="o">=</span> <span class="nx">hash</span><span class="p">.</span><span class="nf">slice</span><span class="p">(</span><span class="mi">5</span><span class="p">)</span> <span class="c1">// F5F3F66498B2C8FF4C20B8C5AC826E47146</span> </code></pre> </div> <h4> Step 2: </h4> <p>Now we need to hit the Pwned Password API with the first 5 letters of the hash.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Syntax: GET https://api.pwnedpasswords.com/range/{first 5 hash chars} Example: GET https://api.pwnedpasswords.com/range/23D42 </code></pre> </div> <p>If there is any match, API will respond with a 200 containing suffix of all matched prefixes, followed by a count of how many times it appears in the data set.<br> Example Response:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>F2304657BE5F09BF4C3B7437F5DDEE82E33:1 F2B1D579ED038F01B8D4D83361F9B00408A:2 F3422D62BF236E1E34035CCAED54E84EE8B:2 F3A46B097AB734EA1F28ED557413CEC03A5:3 F3F5E4A3788114EFBF26F4F7382864D6862:3 F4117F7EFB4ED0FE681051726EEA090E5AC:1 F43720FD73143B6E8A4A6B8C7E5A267AF32:1 F4E9AC75719EEE37231CE1A53CFF738C11B:2 F58377AC2990EAA2B6FEB595F973EE84ACD:1 F5BC40F7128B2A0A14D73781A000DD11959:2 F5C9F91934B26E4398080C1644003C546D6:9 F5D6D61A69CE393EE0B4B85E665162D5039:1 F5F1BB6CE22185813667B0EBE169A5EF7CD:12 F5F3F66498B2C8FF4C20B8C5AC826E47146:3423 F60C7D4EF1803230E8FD7E403047BCBAD55:1 F6117DEE59623D69DE06FCA2438F7BB8F85:2 F6601EF3EF8FDE535545A0FF350D4465D12:7 F6890FEC65093B4FF688C9812749F344673:3 F778202A2E4005DDF1127B277EFA268A8C2:1 ... </code></pre> </div> <h4> Step 3: </h4> <p>We can now process the response and search for the suffix and see how many times it appeared in the dataset.<br> In our case for password <code>admin@123</code> we can see its suffix <code>F5F3F66498B2C8FF4C20B8C5AC826E47146</code> appeared 3423 times which is bad.<br> We can then remind the user to choose a different password depending on our application stack.</p> <h4> Tip: </h4> <p>It's always good to add <strong>Add-Padding: true</strong> in the request Header as it further enhances privacy by returning 800-1000 results regardless of the number of hash suffixes returned by the service. <a href="https://www.troyhunt.com/enhancing-pwned-passwords-privacy-with-padding" rel="noopener noreferrer">Read the full blog post on padding</a>.</p> <h2> Implementations </h2> <p>We can either implement it manually by following the above steps or use a package.<br> This can be either in the frontend or backend as we wish.<br> Laravel, a very popular PHP framework recently added inbuild support for it.</p> <h4> PHP (Laravel) </h4> <p>In Laravel 8.39 and above we can now just use the Password Rule Object to check for compromised passwords.<br> Example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="cp">&lt;?php</span> <span class="nv">$request</span><span class="o">-&gt;</span><span class="nf">validate</span><span class="p">([</span> <span class="s1">'password'</span> <span class="o">=&gt;</span> <span class="p">[</span> <span class="s1">'required'</span><span class="p">,</span> <span class="s1">'confirmed'</span><span class="p">,</span> <span class="nc">Password</span><span class="o">::</span><span class="nb">min</span><span class="p">(</span><span class="mi">8</span><span class="p">)</span> <span class="o">-&gt;</span><span class="nf">mixedCase</span><span class="p">()</span> <span class="o">-&gt;</span><span class="nf">letters</span><span class="p">()</span> <span class="o">-&gt;</span><span class="nf">numbers</span><span class="p">()</span> <span class="o">-&gt;</span><span class="nf">symbols</span><span class="p">()</span> <span class="o">-&gt;</span><span class="nf">uncompromised</span><span class="p">(),</span> <span class="c1">// Check for leaks</span> <span class="p">],</span> <span class="p">]);</span> </code></pre> </div> <p>Under the hood Laravel will call the Pwned password API and handle the checking for you.<br> Here is the part of code which is responsible in case you want to use this in older Laravel versions.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="cp">&lt;?php</span> <span class="kn">namespace</span> <span class="nn">Illuminate\Validation</span><span class="p">;</span> <span class="kn">use</span> <span class="nc">Exception</span><span class="p">;</span> <span class="kn">use</span> <span class="nc">Illuminate\Contracts\Validation\UncompromisedVerifier</span><span class="p">;</span> <span class="kn">use</span> <span class="nc">Illuminate\Support\Str</span><span class="p">;</span> <span class="kd">class</span> <span class="nc">NotPwnedVerifier</span> <span class="kd">implements</span> <span class="nc">UncompromisedVerifier</span> <span class="p">{</span> <span class="cd">/** * The HTTP factory instance. * * @var \Illuminate\Http\Client\Factory */</span> <span class="k">protected</span> <span class="nv">$factory</span><span class="p">;</span> <span class="cd">/** * Create a new uncompromised verifier. * * @param \Illuminate\Http\Client\Factory $factory * @return void */</span> <span class="k">public</span> <span class="k">function</span> <span class="n">__construct</span><span class="p">(</span><span class="nv">$factory</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">factory</span> <span class="o">=</span> <span class="nv">$factory</span><span class="p">;</span> <span class="p">}</span> <span class="cd">/** * Verify that the given data has not been compromised in public breaches. * * @param array $data * @return bool */</span> <span class="k">public</span> <span class="k">function</span> <span class="n">verify</span><span class="p">(</span><span class="nv">$data</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$value</span> <span class="o">=</span> <span class="nv">$data</span><span class="p">[</span><span class="s1">'value'</span><span class="p">];</span> <span class="nv">$threshold</span> <span class="o">=</span> <span class="nv">$data</span><span class="p">[</span><span class="s1">'threshold'</span><span class="p">];</span> <span class="k">if</span> <span class="p">(</span><span class="k">empty</span><span class="p">(</span><span class="nv">$value</span> <span class="o">=</span> <span class="p">(</span><span class="n">string</span><span class="p">)</span> <span class="nv">$value</span><span class="p">))</span> <span class="p">{</span> <span class="k">return</span> <span class="kc">false</span><span class="p">;</span> <span class="p">}</span> <span class="p">[</span><span class="nv">$hash</span><span class="p">,</span> <span class="nv">$hashPrefix</span><span class="p">]</span> <span class="o">=</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="nf">getHash</span><span class="p">(</span><span class="nv">$value</span><span class="p">);</span> <span class="k">return</span> <span class="o">!</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="nf">search</span><span class="p">(</span><span class="nv">$hashPrefix</span><span class="p">)</span> <span class="o">-&gt;</span><span class="nf">contains</span><span class="p">(</span><span class="k">function</span> <span class="p">(</span><span class="nv">$line</span><span class="p">)</span> <span class="k">use</span> <span class="p">(</span><span class="nv">$hash</span><span class="p">,</span> <span class="nv">$hashPrefix</span><span class="p">,</span> <span class="nv">$threshold</span><span class="p">)</span> <span class="p">{</span> <span class="p">[</span><span class="nv">$hashSuffix</span><span class="p">,</span> <span class="nv">$count</span><span class="p">]</span> <span class="o">=</span> <span class="nb">explode</span><span class="p">(</span><span class="s1">':'</span><span class="p">,</span> <span class="nv">$line</span><span class="p">);</span> <span class="k">return</span> <span class="nv">$hashPrefix</span><span class="mf">.</span><span class="nv">$hashSuffix</span> <span class="o">==</span> <span class="nv">$hash</span> <span class="o">&amp;&amp;</span> <span class="nv">$count</span> <span class="o">&gt;</span> <span class="nv">$threshold</span><span class="p">;</span> <span class="p">});</span> <span class="p">}</span> <span class="cd">/** * Get the hash and its first 5 chars. * * @param string $value * @return array */</span> <span class="k">protected</span> <span class="k">function</span> <span class="n">getHash</span><span class="p">(</span><span class="nv">$value</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$hash</span> <span class="o">=</span> <span class="nb">strtoupper</span><span class="p">(</span><span class="nb">sha1</span><span class="p">((</span><span class="n">string</span><span class="p">)</span> <span class="nv">$value</span><span class="p">));</span> <span class="nv">$hashPrefix</span> <span class="o">=</span> <span class="nb">substr</span><span class="p">(</span><span class="nv">$hash</span><span class="p">,</span> <span class="mi">0</span><span class="p">,</span> <span class="mi">5</span><span class="p">);</span> <span class="k">return</span> <span class="p">[</span><span class="nv">$hash</span><span class="p">,</span> <span class="nv">$hashPrefix</span><span class="p">];</span> <span class="p">}</span> <span class="cd">/** * Search by the given hash prefix and returns all occurrences of leaked passwords. * * @param string $hashPrefix * @return \Illuminate\Support\Collection */</span> <span class="k">protected</span> <span class="k">function</span> <span class="n">search</span><span class="p">(</span><span class="nv">$hashPrefix</span><span class="p">)</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="nv">$response</span> <span class="o">=</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">factory</span><span class="o">-&gt;</span><span class="nf">withHeaders</span><span class="p">([</span> <span class="s1">'Add-Padding'</span> <span class="o">=&gt;</span> <span class="kc">true</span><span class="p">,</span> <span class="p">])</span><span class="o">-&gt;</span><span class="nf">get</span><span class="p">(</span> <span class="s1">'https://api.pwnedpasswords.com/range/'</span><span class="mf">.</span><span class="nv">$hashPrefix</span> <span class="p">);</span> <span class="p">}</span> <span class="k">catch</span> <span class="p">(</span><span class="nc">Exception</span> <span class="nv">$e</span><span class="p">)</span> <span class="p">{</span> <span class="nf">report</span><span class="p">(</span><span class="nv">$e</span><span class="p">);</span> <span class="p">}</span> <span class="nv">$body</span> <span class="o">=</span> <span class="p">(</span><span class="k">isset</span><span class="p">(</span><span class="nv">$response</span><span class="p">)</span> <span class="o">&amp;&amp;</span> <span class="nv">$response</span><span class="o">-&gt;</span><span class="nf">successful</span><span class="p">())</span> <span class="o">?</span> <span class="nv">$response</span><span class="o">-&gt;</span><span class="nf">body</span><span class="p">()</span> <span class="o">:</span> <span class="s1">''</span><span class="p">;</span> <span class="k">return</span> <span class="nc">Str</span><span class="o">::</span><span class="nf">of</span><span class="p">(</span><span class="nv">$body</span><span class="p">)</span><span class="o">-&gt;</span><span class="nb">trim</span><span class="p">()</span><span class="o">-&gt;</span><span class="nb">explode</span><span class="p">(</span><span class="s2">"</span><span class="se">\n</span><span class="s2">"</span><span class="p">)</span><span class="o">-&gt;</span><span class="nf">filter</span><span class="p">(</span><span class="k">function</span> <span class="p">(</span><span class="nv">$line</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nc">Str</span><span class="o">::</span><span class="nf">contains</span><span class="p">(</span><span class="nv">$line</span><span class="p">,</span> <span class="s1">':'</span><span class="p">);</span> <span class="p">});</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h4> Javascript </h4> <p>In JS this can either be implemented on the frontend or on the backend (NodeJS) as per requirement, here is a well-maintained library for this task.<br> <a href="https://github.com/wKovacs64/hibp" rel="noopener noreferrer">https://github.com/wKovacs64/hibp</a></p> webdev laravel javascript security Which language and framework should I use for my next project? Xinecraft Tue, 02 Mar 2021 07:50:03 +0000 https://dev.to/xinecraft/which-language-and-framework-should-i-use-for-my-next-project-2d88 https://dev.to/xinecraft/which-language-and-framework-should-i-use-for-my-next-project-2d88 <p>Everytime I think of starting a new project, first thing come in mind is:<br> What languages and frameworks should I choose.</p> <p>Instead of moving forward with the project I keep on planning about the frameworks to choose. </p> <p>Should I start now or wait for the next release of the framework. <br> Vue3 is coming with lot of cool features lets wait for it's release, then I will start.</p> <p>And to be honest I know that I would barely need the new cool features for my project.</p> <p>This is a kind of procrastination. I don't require those cool new features, I am just afraid of starting. </p> <p>How can I fix this? Well, "Just do it".<br> But is it that easy?</p> <p>What you think about it. Can you relate with it, and what you would do to fix it.</p> discuss project Laravel Tips (Eloquent): withMax, withMin, withAvg & withSum. Xinecraft Wed, 17 Feb 2021 17:32:51 +0000 https://dev.to/xinecraft/eloquent-tips-withmax-withmin-withavg-withsum-4op9 https://dev.to/xinecraft/eloquent-tips-withmax-withmin-withavg-withsum-4op9 <p>TIL: Apart from withCount, eloquent also have other aggregate functions like withMax, withMin, withAvg and withSum. </p> <p>Eg:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="nv">$posts</span> <span class="o">=</span> <span class="nc">Post</span><span class="o">::</span><span class="nf">withSum</span><span class="p">(</span><span class="s1">'comments'</span><span class="p">,</span> <span class="s1">'votes'</span><span class="p">)</span><span class="o">-&gt;</span><span class="nf">get</span><span class="p">();</span> <span class="k">foreach</span> <span class="p">(</span><span class="nv">$posts</span> <span class="k">as</span> <span class="nv">$post</span><span class="p">)</span> <span class="p">{</span> <span class="k">echo</span> <span class="nv">$post</span><span class="o">-&gt;</span><span class="n">comments_sum_votes</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> laravel eloquent mysql todayilearned