Hey archard, me again
ClanverPixelfingers cant play Location: Germany, Kiel Joined: Jan 03 2009 |
Hey archard, me again here~ like i mentioned in the other thread, im a web developer specializing in the backend (PHP, NodeJs) but i do a lot of frontend (JavaScript) things as well of course. I get my masters degree in january, in information technology, and im working part time since almost 4 years for a company as a software engineer, mainly as a Typo3 Extension Developer (Framework used here is extbase). Ive written programs from simple database oriented solutions to full workflow management solutions, delivery tracking solutions . . . and many more~. And ive got my fare share of knowledge of webGIS applications (mapping etc.) But to be honest, i havent used the things u fancy like react etc. Ive used some Js Frameworks, but mostly as student projects . . At work, we use Git and composer for versioning and as a deployment method~ Would be nice if we could setup a development server which we could use to deploy our projects to~. |
Yes, I'd really love to get
archardJoined: Jan 11 2007 |
Yes, I'd really love to get an environment set up where we can all contribute. Right now I'm working on a login app that will handle authentication across the whole site. It gets tricky because the new discourse forum will be a completely separate app running on a different subdomain, but it must reference the login information that will be stored only on the main site (using a single sign-on technique). I suspect we will add on other apps that use SSO in the future (like Disqus comments or something similar). I have just about completed the backend for this app, and soon I will start focusing on the frontend. My focus right now is on getting it deployed so that we can actually start using the new forum. But after that I will work on setting up a collaboration environment for that app. Since it's a fairly small app we can use it as a guinea pig to model collaboration on more complex apps in the future.
----------
DANG |
In everyday work we use
SpiderTemplariusMusic hunger Location: Poland Joined: Oct 22 2008 |
In everyday work we use https://circleci.com (it integrates with Github), it's easy to setup it for node projects, first worker is free, and for such project it seems enough. |
Re: In everyday work we use
archardJoined: Jan 11 2007 |
SpiderTemplarius said
Cool. We use Semaphore at my work. I'll do some research to see what's best.
----------
DANG |
Would any of you be willing
archardJoined: Jan 11 2007 |
Would any of you be willing to do a security audit of my code? I've got some complex stuff going on to get the logins synced between the main site and the Discourse forum and I'd love to get an extra pair of eyes on it since there are big security implications.
----------
DANG |
I did some Javascript, PhP
BigHeadClanJoined: Jan 20 2012 |
I did some Javascript, PhP ,Web design & Security courses back in school but that was 6 years ago so I'm very out of touch, my current skill set is hardware side Data Centre Design & Tier 1-3 desktop support. I could help with a functionally test but an in-depth security audit is outside my current skill set. |
I've been a php developer for
thedstringNate Brooks Location: Utah Joined: Jan 05 2011 |
I've been a php developer for about 6 years, I'm about to graduate with a BS in computer science (one more semester!!!), And at my computer science department I've been employed as their web developer for about 2 years now. I have a lot of javascript experience (with and without jquery) and I have some experience with Microsoft's asp and MVC frameworks. And a little angular and node experience :) Edit: Lots of complex database stuff too
----------
Youtube Channel - https://www.youtube.com/channel/UCDZ6Phrm42vhPfADrJqCwfw |
Re: Would any of you be willing
ClanverPixelfingers cant play Location: Germany, Kiel Joined: Jan 03 2009 |
archard said
Hmm, well, not like im an expert in security but i could try to look for possible exploit weaknesses. |
Re: Would any of you be willing
archardJoined: Jan 11 2007 |
Clanver said
That's all I'd want ! Just some extra eyes to point out any obvious exploits. I will put the code on GitHub and write up a summary of the login process in the readme, as soon as it's ready
----------
DANG |
haha, ok, well you mentioned
ClanverPixelfingers cant play Location: Germany, Kiel Joined: Jan 03 2009 |
haha, ok, well you mentioned an audit, the last time i did an audit i had to write a 30 page report about a company and their security situation ;D (was only for university, my company is more . .laidback?), phew ~ |
I'm more of an Embedded
ZaecheWord-puddle Joined: Jun 02 2015 |
I'm more of an Embedded Software/Mechtronics engineer, though I've been messing around with web development on my own for a bit--so, I've touched Javascript(JQuery), Angular, the like. NodeJS too? But I feel like I haven't exploited its capabilities beyond using it as an environment/package manager ... I just got into ReactJS, and well, it's definitely different, ha. Python's one of the main languages that's pretty much been constant across any tech I've worked on. In fact, most recently I've been tinkering with a simple Pelican/Jinja2 stack (actually planning on chucking ReactJS into this mix, as well as a remote PostGresDB as an exercise/experiment it if I can since I've still somewhat green on this front). Git is good, thank Heavens you aren't using Mercurial (no hate, I just can't seem to make Hg work optimally on my machine). |
I'm going to post a detailed
archardJoined: Jan 11 2007 |
I'm going to post a detailed plain-English description of how the process works first, and I'd like to get comments on that before I post code. I know it's long and I appreciate anyone who takes the time to dissect it! :) So here's the current situation. The "main site" (www.gametabs.net) is a Drupal 6 app that hasn't really been updated since 2008. All information related to the site -- users, tabs, private messages, etc. -- are all stored in the MySQL database associated with it. The current forum is just a feature of Drupal 6. So when a user is logged in anywhere on the main site they're also logged in on the forum because it's all the same application. Now I want to start using a Discourse forum (http://www.discourse.org/), which will be a completely separate app (call it the "new forum"), likely hosted on a different domain (some-subdomain.gametabs.net), which uses its own authentication system. What I want to accomplish: How it works: Discourse has a feature called Single-Sign-On (https://meta.discourse.org/t/official-single-sign-on-for-discourse/13045). The main idea is that discourse will defer to an external application to authenticate the user, instead of using its own built-in authentication system. The process is outlined in the link, but I will reiterate it here:
It’s not important to understand every step of the process in detail. The important takeaways is that ALL user information is stored on the external application. It is the single source of truth as far as Discourse is concerned. As long as the external application gives Discourse a valid nonce, it will blindly trust it. Now, let’s talk about step 6, performing the authentication itself. As I said in the beginning, all user login information is stored on the main site right now. So, in this step some authentication on the Drupal 6 app must occur. I've chosen to create a separate application to handle all login, logout, register, and reset password operations (call it the "auth" app). The reasoning for this is that I want to move away from Drupal all together, and to that end it doesn't make sense to add anything new to it. It will be too hard to do a total replatforming in one go, which Is why I am just focusing on just forums and authentication for now. With that decision in mind, I need a way to interact with the Drupal app through the auth app. My only choice for this (since the main site is so old) is through an XML-RPC API (same as a REST API, basically). Through this API I can perform login, logout, register, and reset password operations on the main site. So, on the auth app, I have an endpont Then, during step 6, a user's login credentials are collected by the frontend app, a I will leave it there since that is a buttload of information. I'd really love to field any questions you all have!
----------
DANG |
I'm a newly graduated
Reuben6Joined: Aug 26 2010 |
I'm a newly graduated developer, most comfortable with java, android and C#, with experience in MySQL, but I'm not overly experienced with web. Though if you'd like an android application that pulls tabs from the site, I wouldn't mind working on something like that for you ^^ |
Re: I'm going to post a detailed
auriplaneJoined: Sep 06 2008 |
archard said
Are you planning on upgrading or phasing out Drupal eventually?
----------
|
"XML-RPC API (same as a REST
thedstringNate Brooks Location: Utah Joined: Jan 05 2011 |
"XML-RPC API (same as a REST API, basically)." In one of my classes we are studing RESTful APIs specifically (and I just finished building a RESTful API using PHP and I'm about to start another one for a mock guitar tabs site as my final), and I can tell you that RPC and REST are not the same thing. Simply put, the architecture of REST and RPC are fundamentally different. RPC allows for something like www.something.com/goodies/v1/updateGoody?id=25 or www.something.com/goodies/v1/getGoody?id=25 but REST would force you to use an HTTP request to define the action (like GET or DELETE) and use: www.something.com/goodies/v1/goody for all actions associated with a "goody". Instead of getGoodie or updateGoodie, you use the PUT/PATCH (to edit) or GET or POST (to make a new one) or any other HTTP request and build in the authentication and other info in the body of the request. It's a seriously interesting (and crazy powerful and maintainable) way of making an API, I'm way glad I'm taking this class =) I just wanted to clarify that for anyone interested in keeping up with this thread and possibly helping out! I'm excited to see where this goes =)
----------
Youtube Channel - https://www.youtube.com/channel/UCDZ6Phrm42vhPfADrJqCwfw |
Holy shit that's one of the
thedstringNate Brooks Location: Utah Joined: Jan 05 2011 |
Holy shit that's one of the nerdiest things I've ever said on this site =D
----------
Youtube Channel - https://www.youtube.com/channel/UCDZ6Phrm42vhPfADrJqCwfw |
Re: I'm going to post a detailed
archardJoined: Jan 11 2007 |
auriplane said
I plan to phase out Drupal eventually. Phase 1 is what we're doing now. Moving the community and authentication system away from Drupal (while continuing to utilize Drupal as the backend). Phase 2 will be moving all frontend away from Drupal and onto a separate app using some fancy cool frontend library/framework, leaving the backend the way it is and just interacting with it through the XML-RPC API. The only frontend part we'll continue using is the administration section. Phase 3 will be moving the backend off of Drupal completely.
----------
DANG |
Re: "XML-RPC API (same as a REST
archardJoined: Jan 11 2007 |
thedstring said
You're right, there are differences between RPC and REST. Namely that RPC only sends POST requests and the payload of the request indicates a method to be run on the server. Actually there is an important detail about my RPC implementation for registrations that I will describe later when I have some more time. Thanks for the input! :)
----------
DANG |
There is a reason that most
ClanverPixelfingers cant play Location: Germany, Kiel Joined: Jan 03 2009 |
There is a reason that most "REST" Webservices i encountered were called "REST"-like Webservices. Most developers dont want to go all the way~ Too many specifications to uphold. Edit: Funny coincidence, at work, im now working on a project using symfony with a REST API and a REACT.js Frontend. The nice thing here is that every communication is done with the REST API, even a normal page request. |
Re: There is a reason that most
thedstringNate Brooks Location: Utah Joined: Jan 05 2011 |
It's a lot of extra work to make a RESTful API, but holy crap is it worth it. Once it's up and running it's so amazing to work with! And it's comparably easier to maintain too
----------
Youtube Channel - https://www.youtube.com/channel/UCDZ6Phrm42vhPfADrJqCwfw |
So here's a place where I'd
archardJoined: Jan 11 2007 |
So here's a place where I'd like to get an opinion. When a new user registers, the process looks like this:
Now, the obvious point of concern here is in step 2, where the XML-RPC client is logged in with admin credentials. The reason this needs to occur is because the I don't believe there is any cause for concern here but I wanted to more eyes on this process just in case. The reason I am not concerned is because the XML-RPC client that is authenticated with admin credentials is contained on a trusted server, and no admin credentials are ever exposed to the end user, nor is any sensitive cookie information. *** I updated this to say that the XML-RPC client will not be authenticated with admin credentials, but rather just with a user who sufficient permissions to create new users ***
----------
DANG |
Don't have much to say except
ZaecheWord-puddle Joined: Jun 02 2015 |
Don't have much to say except most of the auth stuff is over my head, haha (for the time being!). I guess I'll keep a weather eye for anything that makes sense, but I think I'll give it some time and see how it goes. In the meanwhile, I reckon I'll set up a Discourse box via Vagrant and play with it a bit. I've been meaning to for a while and it might be fun? |
It's hard to make a judgement
thedstringNate Brooks Location: Utah Joined: Jan 05 2011 |
It's hard to make a judgement call without seeing the actual code (which I bet is pretty massive with all these steps). What programming language are you using to make all these calls? I'm really not a huge fan of trusting a huge CMS like Drupal, the system is easy enough to write and when you use your own code it's not that complicated. But then again you have to manually write in all of the security yourself (not as bad as it sounds). But because I don't have any experience within the Drupal world I have a hard time giving advice. It seems a little weird that the user.login method is called in step 2 when the user.register method is called in step 3. Why is the user logged in before they're registered? If I could see the code I could give my advice. I'm extremely used to these kind of systems sans CMS because the people I've dealt with so far don't want to use a huge CMS. But I can see why some companies would want to use a CMS like Drupal.
----------
Youtube Channel - https://www.youtube.com/channel/UCDZ6Phrm42vhPfADrJqCwfw |
Re: It's hard to make a judgement
archardJoined: Jan 11 2007 |
thedstring said
Drupal is just what we have now and there's no getting off it for the time being. Just consider it a constraint at the moment. Don't think about it as a CMS, think about it is an XML-RPC server that external applications can interface with. In this case the external application will be an Express (Node.js) server which will create XML-RPC clients that connect to the XML-RPC server. The reason user.login is called before user.register is because the XML-RPC client must be authenticated as a user who has permission to run the method on the server which creates new users. I don't want to expose that method to the public.
----------
DANG |
Well, i assume its just
ClanverPixelfingers cant play Location: Germany, Kiel Joined: Jan 03 2009 |
Well, i assume its just something like a SOAP authentication? Thats done a lot to use external services. The main security concern like always is the data incoming from the user. And the server files containing the rpc credentials should be protected of course . . Not sure if it is the best idea to basically resubmit the data to another server with another step. . Is this used for your SSO solution? Is there really no chance to somehow work with one system? The problem i encounter a lot with separated solutions is that data synchronization does not work well and is the most probable part to fail~ |
Backend code is almost
archardJoined: Jan 11 2007 |
Backend code is almost done! If you want to be added to the GitHub repo to review the code, and get involved in development, post your GitHub username here (or email it to me if you don't want it public - [email protected]). WooooooohoooOO!
----------
DANG |
I wanna see!!! If you're
thedstringNate Brooks Location: Utah Joined: Jan 05 2011 |
I wanna see!!! If you're cool with that =) my username is nateonguitar
----------
Youtube Channel - https://www.youtube.com/channel/UCDZ6Phrm42vhPfADrJqCwfw |
Re: I wanna see!!! If you're
archardJoined: Jan 11 2007 |
thedstring said
You've been invited! Looking forward to discussing things with you. For comments and questions related to the project, feel free to create an issue on GitHub :)
----------
DANG |
Was surprised i had one.
ClanverPixelfingers cant play Location: Germany, Kiel Joined: Jan 03 2009 |
Was surprised i had one. Mine is "Clanver" ! |
Just added you Clanver
archardJoined: Jan 11 2007 |
Just added you Clanver
----------
DANG |
Probably, the profession of a
andrewlans0Joined: Jan 10 2022 |
Probably, the profession of a developer is very popular and widespread now. This is not surprising, because most companies and firms need software, apps and websites, so we all turn to the services of mhealth app developers. This is very convenient, because you can delegate software development to specialists and take care of the affairs of your company. |
thanks for the info
emrataJoined: Jun 07 2022 |
thanks for the info |
I'm pretty sure that
BalanceBlindJoined: Jan 28 2022 |
I'm pretty sure that nowadays, such specialists are in demand because it's actually hard to find anyone reliable. When I was developing my own gambling platform, it was a challenge for me to find a reliable team of developers, and betting provider beter live - beter was the only thing I didn't struggle with at all. |
Web development
Sures1953Location: Alaska Joined: Feb 05 2022 |
In the midst of your own developer role call, you need to provide an environment that will help the team members to collaborate more effectively and efficiently. You need to check this https://rubygarage.org/blog/technology-stack-for-web-development and get more new ways for web development. You also want them to know how you want to work together as a team and what their individual responsibilities are. |
So was your project
truluvJoined: Nov 17 2022 |
So was your project successful after five years? If your answer is affirmative and you still building a team of Python developers, please contact me. I'm among expert developers providing Python project help here, assisting those students for some reason unable to cope with their assignments. But now I'm looking for other opportunities and interesting projects to participate. |
Gamification
billyrobertsJoined: Oct 27 2022 |
Gamification In a gamified environment, social aspects draw on learners' sense of recognition of their value. They also appeal to feelings of acceptance. This results in improved learning effectiveness, according to experts. Whether you're developing an online course or an application, you can use gaming elements to add more dimension to your online training. These link include leaderboards, rewards, and challenges. Gamification can boost employee engagement and retention. However, the strategy should align with your company's culture and needs. The key is to establish clear goals and understand the mechanics of a gaming system. |
archard
Joined: Jan 11 2007
Hey all. I've noticed that many of us here are software devs. I'd love to get some of you directly involved in the development of this site as we continue to make improvements (loads more coming). One thing I'm strongly considering is setting up a continuous integration/deployment strategy on GitHub and opening parts of the site up to pull requests.
So if you're a dev, I'd love to know a bit about what tech you feel comfortable with and get an idea of your experience level.
I've been developing sites as a hobby since I was a kid, and now I do software dev professionally for a startup. I am comfortable as a "full stack" dev but tend to lean toward frontend development at my job as I enjoy it more and find it to be more interesting. We use Ember on the frontend and Rails on the backend. But I'm an all around Javascript specialist with a lot of experience with Node as well. I tend to lean toward a React based frontend and Express based backend in my personal projects.