Backend

Backend: Git and Github - 1

  •  Version Control System
    • Track different changes made to files
    • Revert to previous version
  • Distributed Version Control System
    • Multiple instance of system
    • A type of version control where the complete codebase - including its full version history - is mirrored on every developers computer.
  • Git
    • Open Source 
    • Distributed VCS
  • GitHub
    • online tool where repositories are hosted
  • Commands
    • git init
      • create .git directory
      • It has HEAD, description, info, refs, config, hooks, objects directories
      • .archive has historical changes
      • refs have pointers to different stages of system
    • git add
    • git status
    • git commit
    • git log
    • Pointers
      • 2 types 
        • Main -> Pointer to Base and always stays at Base. It is base as well as pointer.
        • Head -> Points to latest change made - Current snapshot
      • HEAD points to latest change in the branch
  • Encode
    • Standard algorithm to Translate from one format to another. 
    • No key
    • publicly reversable
    • eg: base64, UTF-8
  • Encrypt
    • requires key to decrypt
    • publicly reversable
    • AES, RSA, DSA, 
    • (pgp and sha are encryption + hashing. They are signatures)
  • compress
    • reduce size
    • publicly reversable
    • y=f(x) where y<=x
  • hash
    • no Key
    • can't be reversed
    • y=f(x) where y is constant
  •   

https://www.scaler.com/academy/mentee-dashboard/class/57386/session?navref=cl_dd
  • https://github.com/scaleracademy/project-module-requirement-docs/blob/main/blogging-app/API.md
  • https://stackoverflow.com/questions/61303236/how-to-use-dtos-in-the-controller-service-and-repository-pattern
  • Testing Pyramid - https://www.onpathtesting.com/blog/qa-testers-what-is-the-agile-testing-pyramid
    • Unit Testing
    • Component Testing
    • Integration Testing
    • UI & API testing
    • Manual and Exploratory tests
  •  Stateless vs stateful web applications
    • appln server that doesn't save any information about prior requests
  • Authentication over HTTP REST api
    • Unprotected/public
    • private
    • private with response based on user
  • Auth token are contracts between specific user and a website
  •  sign(data) -> signature
  • sign(date) -> encrypt(hash(data))
    • one-way(cannot be reversed)
    • will be exactly same for same data and will be different if data changes
    • encrypt(data, key) -> encrypted
    • decrypt(encrypted, key) -> data
  • JWT token
    • we can check crypto graphically and NO DB call is required
    • https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange
  • How auth tokens work(Cryto tokens)
    • eg: JWT
    • Client sends user/pwd to server
    • Server verifies the user/pwd from db
    • Server generates JWT using user/pwd details and sends to client
    • Client saves the token in cookie/local db
    • client sends the token to server in any future calls
    • Server will check if the token is valid or not
  • Server-side Tokens
    • Client sends user/pwd to server
    • Server verifies the user/pwd from db
    • Server generates a Random number as Token. Save the token in Token table against the user.
    • Sends token to client
    • Client saves the token in cookie/local db
    • client sends the token to server in any future calls
    • Server will check if the token exists in Token DB or not
  • Crypto tokens vs Server-side tokens
    • Crypto 
      • Storage requirements are low
      • CPU usage is high & NO DB access
      • Server-side invalidation not possible
      • Easier for distributed computing
      • details of logged in clients cannot be seen in Crypto
      • limit simultaneous logins cannot be controlled by Crypto
  • Trade off between two options
    • fast -> disk read fast, memory read fast, network transfer fast
    • scalable -> number of requests, speed of request, geographical scale
  • What does production systems use
    • Both are simultaneously used
    • Google
      • serverside token is used for accounts.google.com(main google login)
      • JWT for gmail, youtube(consumer level applications)
  • BCrypt
    • Takes password and give nonce(which is random string which is of fixed lenght and not reused)
    • Generates hash of passwd+nonce   -> this is called salting
    • hash(passwd+nonce)+nonce is saved to db
    • why Salting
      • to avoid Rainbow table attack
  • Login flow
    • consumes user/passwd and returns JWT
  • Auth Flow
    • https://www.toptal.com/spring/spring-security-tutorial
    • https://www.baeldung.com/spring-security-oauth-jwt
    • https://www.javainuse.com/spring/boot-jwt
    • csrf()
    • cors()
    • http.authorizeRequests()
            .antMatchers(HttpMethod.POST, ..anyPattern "/users/**").permitAll
           .anyRequest().authenticate();
  • https://github.com/scaleracademy/Project-Module-Oct-2022/tree/main/05/spring-app-auth/auth-demo
Spring Boot: Testing Strategies

Comments

Post a Comment

Popular posts from this blog

Low Level Designs

Introduction to OOP & LLD High level Design HLD Deals with different infrastructure layers that are going to work together for efficient working of a system. Load balancer, appln servers, DB, Cache Low Level Design(Object oriented design) Deals with details/implementation of software/code that is running A research says that an software engineer only spends 12% of time doing coding. Other 88% goes in other productive things like meetings, reviews, testing, automation. LLD helps make better use of 88% of time LLD includes Readable & understandable Requirement gathering Extensible system -> easy to add new features Maintainable system -> Easy to keep current system(w/o new requirements) working. Bugs/updates/3rd party library changes, Programmatic Paradigm Procedural -> C Set of instructions(Function),  Action is performed on Entities(in real world Entities perform action) Any procedure can play around with entity attributes Object Oriented -> Java, Python, JS, c#...
Read more

System Design

Load balancer Does only routing and no computing. Hence, it can handle higher traffic.  To avoid single point of failure, have a standby routing server. Standby comes into picture only when main server goes down. Assign the same static IP to passive Standby server. Modern systems can route 1M requests per sec Managing large datasets Vertical scaling - Increasing capacity of server Functional Scaling -  Split data logically like users, purchasing..  Microservices share data to other apis Implemented at Application layer Horizontal scaling Also called as Sharding Split and store single logical database over multiple servers called data nodes Can be implemented at Application layer or DB layer Consistent Hashing Distribution scheme that doesn’t directly depend on number of servers, so that, the number of keys to be redistributed is minimised. Consistent Hashing ring Say 2 hash functions Hs & Hc Hs - Marks servers on consistent hashing ring Hc is used to mark partition ke...
Read more

CS Fundamentals

 Operating Systems - 1 Resource Manager API for apps developers(It gives set of methods(system calls) that can be made by applications to get work done from the resources   UniProgramming :  Only one program can run at a time - ATM Embedded systems Multi Programming More than one program at a time Multi-tasking systems is same as multi program systems Unix: MacOS, Linux(programs) Windows: Tasks 2 types of multi program categorization non-preemtive supports mutli-programming but only one program runs at a time you cannot switch to another program until the current one completes Preemptive - where a task can be paused/stopped in the middle of execution CPU vs GPU CPU is one intelligent person with speed in GHz GPU is 100 not so intelligent persons with speed 600 MHz Program - set of instructions to run. It is stored on disk Process - Program that is running. It is stored on RAM and run by CPU Process Control Block (PCB) Info about all the process running id resources used(m...
Read more