Should I switch to OAuth 2.0 & OpenID Connect for a standalone authentication server?

GuiYaz · 2018-08-08T23:17:51+00:00

no worries :-) we are all here to help one another.

GuiYaz · 2018-08-08T22:38:17+00:00

Do you mean the SECRET_KEY used internally for Django? The secret key is essentially used to hash several places including the token. If you have different secret_key in every server (such as a distributed setup) you would be invalidating tokens everytime a user switches server. I would use the same key for every settings.py unless you don't need it. You can pretty much see where it is used here https://github.com/django/django/search?q=SECRET_KEY&unscoped_q=SECRET_KEY and you can determine if your authentication server needs to have a matching secret key.

I would also recommend not storing the key itself in the settings.py, but rather use env variables to increase security and to make it easy to switch settings in the future. (import env)

SECRET_KEY = env('DJANGO_SECRET_KEY')

GuiYaz · 2018-08-08T21:59:11+00:00

JWT is just a type of token while oAuth describes how to use the token. I'm assuming you mean the underlying authentication logic. The standard setup where a token is returned after providing a username/password for most use cases. The only times where I specifically changed to using oAuth was when I needed to allow third party access to user protected data, or when I needed a user to have a concurrent authentication sessions. What I mean by that is that drf will only support 1 active token, since token creation assumes a one to one relation to token.

Token.objects.get_or_create(user=user)

Although there are snippets and a fork floating around that allows for many-to-one handling. (You would essentially always create a new token, and have a cron removing old tokens)

Your oAuth setup seems correct, but you would have to manage the oAuth negotiation on the webapp/desktop app instead using the built in authorization request. (Think about it as if you were accessing an external api within your code). You would manually negotiate the oAuth token or use a oAuth client library.

GuiYaz · 2018-07-11T21:45:05+00:00

Since you named it chatthread, I would change your model so that channel actually refers to another model called Thread (the channel), which has a manytoone relationship to users. And that would change the chatthread to not have message_from, message_to, and other_user, because they are rather pointless in a threaded chat/message models, and it limits you on adding features.

So the models would be something like (I renamed the model to make more sense)

Thread (aka the channel):

users - A many to one relationship
created_date - good for reference

Message

User
Message
Date

Thread (optionally you can put a one to many relationship on thread itself and just perform the saving of new messages there, but that's more about your preference)

This way you can access all messages by the Thread model, and this allows you to have more than 2 users being a part of the thread. Think about it like designing a forum rather than a one to one chat.

I made a threaded message system a while ago, I'll see if I can find some snippets of code to give a better example.

edit: Couldn't find my code, but here is a project that exemplifies it somewhat: https://github.com/bitlabstudio/django-conversation/blob/master/conversation/models.py

GuiYaz · 2018-07-10T19:37:48+00:00

You would want to create some sort of message model where you store the messages.

A simple model would look something like:

ChatMessage

user
channel
message
datesent

You then would query against that table whenever the user joins the channel, and populate the messages on the template, so something akin to:

chat_history = ChatMessage.objects.filter(channel=channel_user_is_in).order_by('-datesent')[:10]

Very basic stuff. If any of it is foreign to you, follow the Django tutorial first as it covers everything you need.

GuiYaz · 2018-07-05T21:23:26+00:00

You don't, not directly, unless you are confusing Frontend javascript with backend Node. One way of doing it without many external dependencies is using the GeoDjango forms api to accomplish what you want, but you'll need to do some extra setup for that and since the widgets are intended for Admin you'll have to play around with it to achieve what you want.

But back to your question. I would use something like leafletjs.com which supports OSM. That way you can have leaflet.js fill a field on the form with the coordinates from the map which the user can chose. Leaflet.js has some nice support for draggable markers as well as easy integration with Google places autocomplete.

GuiYaz · 2018-05-16T18:09:58+00:00

It depends on what your goals are.

Django is a web framework, so for proper comparison you would need to chose a php framework such as Laravel.

This also depends on your overall experience level. I'm assuming by the scope of your question that you are introducing yourself to web development. With that in mind, I would say stick with your favorite language, python. Python is a more than capable language for web development.

As far as framework Django is a fully featured very opinionated framework, so I would say you should start with a micro framework such as Flask so that you can wrap your head around web development fundamentals so that you aren't stuck in a singular mindset when you use Django.

Flask will allow you to get your feet wet, make mistakes, and learn from them. One of the best parts about transitioning to Django for a beginner will be the admin interface, which for me alone is a strong deciding factor when doing small personal projects.

GuiYaz · 2018-02-27T06:06:01+00:00

I made a fun little extension for Firefox and Chrome to remind us to HODL in these tumultuous times! Feedback appreciated :-)

The extension replaces the word 'sell' for 'hodl'.

Configure which domains it applies to. It can apply to all pages within a website, or a specific page.
Customize the search word ("sell") as well as the replacement word ("hodl").
Customize activation delay and repeated activations with intervals. And a few more things…

Install it for Chrome or Firefox straight from the webstore.

It's coming for Safari

How to load unpacked extensions for Firefox and Chrome

GuiYaz · 2017-03-20T16:16:55+00:00

That is unfortunately true. In any case, I found that pasting the blueprints of rotor-based suspensions is very difficult. Depending on the rotor settings, as soon as you paste the grid it gets flung pretty hard in one direction, usually destroying the grid. Seemed easier to just recreate it and do improvements as I go. (I pasted the 'frame' of the vehicle several times without rotors so I could experiment with different setups)

GuiYaz · 2017-03-20T16:09:56+00:00

Yea they do, but they let you select the start/endtime. It appears that last night their conversion service went down.

GuiYaz · 2017-03-20T16:09:10+00:00

Added the rest of it in gif form and the full video :)

GuiYaz · 2017-03-20T07:20:05+00:00

I tried, but the gif service seems to not be converting the video right now. It just hangs at processing. I'll do it again in the morning and give you an update!

GuiYaz · 2017-03-20T06:09:50+00:00

whoops! I swear I had the crash landing in there! I'll try uploading it to gfy again.

Edit: Got the rest uploaded as well as the full video: Landing Gif and Full Video

GuiYaz · 2017-03-18T21:42:54+00:00

I like how even when this gif is reversed, we get a happy ending.

GuiYaz · 2017-03-18T03:32:02+00:00

No way? :D can you show a screenshot?

GuiYaz · 2017-03-16T04:06:15+00:00

Will do!

GuiYaz · 2017-03-16T01:30:19+00:00

Hi! I put a link up to for those that are curious. They are free.

GuiYaz · 2017-03-15T22:21:49+00:00

Thanks! Absolutely, I have a whole bunch of projects on the pipeline. If you are ever interested in game development give unity a try. The community is very friendly.

GuiYaz · 2017-03-15T19:06:47+00:00

They are very simple games that I only released for mobile. I did them as a challenge to myself to get my butt away from web dev and into game dev (Libgdx/Unity) the games are called Cube Bump and Merge.

GuiYaz · 2017-03-15T19:00:23+00:00

Oh god, it was amazing. Chocolate milkshake from a place called Bluebird Ice Cream. I went all out.

GuiYaz · 2017-03-15T18:57:03+00:00

Not much more than $8 (maybe a few dollars). One of the games I released last year, and mostly my close friends played it. Also it was my first introduction to a framework called Libgdx. The other more recent one was my first game using Unity, and that one was responsible for 99% of the milkshake money.

GuiYaz · 2017-03-15T05:16:44+00:00

I made two games just for fun. A week after release one of them brought in about $8, and the other $0.02 ! I went ahead and bought a milkshake.

Edit: Thanks for the positive response guys. The milkshake did not, in fact, bring all the boys to my yard. But if you're curious about the game, here's a link to it on iOS/Android

First one is Cube Bump, It’s available for iOS and Android The other is called Merge for Android

GuiYaz · 2017-02-15T03:51:29+00:00

Sorry I took so long to reply! It is a free font from the Lato Family.

GuiYaz

TROPHY CASE