I would like to set the ngxs state on application load. What would be the best way to do this?
e.g. resolve the state object in an angular APP_INITIALIZER and then ???
You could make the HTTP call to load data for the state via the ngxsOnInit lifecycle hook see the lifecycle documentation here.
In my usage of NGXS we've typically had our states respond to a particular action e.g. UserLoggedIn to load their initial data from an external service
We needed to wait on this action for two reasons:
the HTTP services we called needed the auth token returned by Login to authenticate.
in many cases the services would return 'default' data that was user specific.
You can either use defaults from the stat decorator (if it's the same one all the time on startup)or just populate the state in APP_INITIALIZER using normal store.dispatch
Related
So, I would like to implement complex session management in my application. Essentially, I would like to store user sessions both in the postgre and Redis.
So, the algorithm should be the following:
A request is sent to the app, the application parses incoming request cookies and extracts a session parameter;
Spring server tries to retrieve respective session object by id from Redis
If the previous step succeeds, then the server verifies the session and lets the request pass through if the session is active and valid. Otherwise - unauthorized path.
If the session object isn't present in the Redis, then the server tries pulling a member session from the postgre. Does the same verifications and caches the response. If the session isn't valid or isn't present in RDBMS - go to the unauthorized path.
Is there any elegant way to implement the following mechanism using existing packages? Or will this require custom logic?
So, I watched this video - https://www.youtube.com/watch?v=TggWLDAXmb4
And I was able to get a gist of how basic security mechanisms work in Spring and implement the workflow described above;
Basically, you will need to have:
Custom security filter that will be preparing specific Authentication;
Custom authentication provider that will be performing authentication (checking session)
I am working on Webhooks Concept. Since Webhooks acts like a trigger, it will be firing an event when Update or Insert takes place.
It's a MVC application and I have two Controllers, Home and Webhook Controller.
I am passing arguments through Query String on Home controller.
I have tried Session, TempData and Cookies for passing variable from home to Webhooks
HttpContext.Session.SetString("UserName", Request.Query["UserName"].ToString());
and getting session value on webhook controller
HttpContext.Session.GetString("UserName");
Also tried the same for TempData
Issue is On webbooks Controller its coming null.
I need to store parameter (User Name ,password) and reuse the same for database related operations.
Kindly guide
As far as I know, if you store the data into the cookie, session or TempData, it will always use the cookie. But you said the Webhook should worked as a trigger.
I guess this trigger is not triggered by the request or not. It was triggered by some application method. Since it doesn't contain the cookie ID which is used to get the session, cookie, TempData value.
I suggest you could use some database to store it, for example Redis, Service Bus.
If your data volume is not very large, I suggest you could consider using the memory cache, by using this , you could store these things into the memory and use it.
Notice: If your data is very large, I suggest you could use redis or service bus instead.
I have an API written in go and I am using the gin-gonic framework to implement my endpoints. I am following clean architecture for my project which means that my entire application is divided into multiple layers namely - Controller, Service, Repository, And Session. The endpoints are secured by auth0 and the validation is carried out in a gin middleware. In the middleware I can extract the Subject from the JWT (Set in the header)
Now, here's my question. I want to use this subject value in my queries. I was wondering if I can store the Subject (sub) in the context and use it in other parts of my code WITHOUT PASSING CONTEXT AROUND. Is this possible? Or do I simply have to update all my functions and add a new parameter "Sub" to all downstream calls?
I am alluding to using a Global Variable of sorts to access Request Specific Data (SUB from the JWT token). I know it's a bad practice- I am just wondering if there is any other way to accomplish this other than passing around request specific data? Any help is appreciated.
It is really the whole point of the context - it exists to hold these kinds of things and to be passed around the chain. It's important because you want to keep it scoped to the request -- if you start using globals you could run into issues where you get contention because multiple requests are messing with the same data. Likewise if the token was invalidated between requests.
If your authentication middleware runs before your query (which it sounds like it does) then it should be simply a matter of having it put the subject in the context in a way you're happy with.
I seem to have a circular dependency where we have a service provider that registers an object with the service container, and boots a config file and some middleware, but the middleware now needs to be passed a param parsed from requests JWT token to the service container prior to it being instantiated, as well as the guard of the user since the service provider needs to be able to get the authenticated user and there are 5 different types (Applicant, Manager, Admin, etc) so the guard is needed to Auth::guard($guard)->getUser() within the constructor since it defaults to the Applicant if null like Auth::guard()->getUser().
How do you work around something like this? If it helps I'm using tymons/JWTAuth (develop) branch to make use of Laravel's guard API.
Should I refactor and just bind to the service container directly within the middleware and not use a service provider at all so I can use the parameter to instantiate the service container object, and the guard. Seems like the only likely solution, but before I refactor all of this I wanted to ask if there was a better way.
Can I use two service providers? One that adds middleware, and a deferred one that will somehow eventually register an object with the service container??? If so how would you pass the parameter in a config? Thinking this isn't possible based on what I know.
Adding a setter to the object isn't an option to prevent anyone accidentally invoking it anywhere else.
Are you using tymon/jwt-auth? If so, your service provider could set up an event listener that fires when the token is decoded. Something like:
event()->listen('tymon.jwt.valid', function($user){
app()->singleton(YourInterface::class, function() use ($user){
//this will only register once your token is decoded
}
});
You could still listen for an event if you aren't using this package, then bind once that fires. This is basically the same as your option 1, but at least it keeps the code organized where you want it.
I am building a Web API service which will accept 2 of 4 possible tokens in the header. These tokens are used for different purposes but will all be able to be resolved (using lookup in a DB and other operations) to a couple of key pieces of user data.
Only a limited number of endpoints in my controllers will need to receive this information and so I need to know if I should be building a message handler (I believe this is executed for all requests) or a custom action filter (attached via attributes to the specific endpoints.)
Which method is most appropriate for retrieving data from the request header, using it to retrieve user information and populating the header/request with the retrieved data for the controller to use?
Token is an over-loaded term but if you are using "token" as in security token meant for authentication, you can create an authentication filter. If your tokens are just identifiers using which you pull more data from a data store, action filter is a good choice. As you said, message handlers run for all requests (per-route or global granularity) and may not be a good candidate. However, message handlers run earlier in the pipeline and action filters run just before the action method. So, in future, if any other component in your Web API pipeline needs this data, action filter could be too late. If you know for sure only controllers will ever need this data, action filter is probably the best place, given the granularity they provide.