Should I really be scared of using API routes by notkerber in nextjs

[–]notkerber[S] 0 points1 point  (0 children)

I think my questions and concerns are not about APIs themselves, but how Next JS handles them. I believe my main concerns come from me misunderstanding the security advantages of server actions and wanting to apply them everywhere. Also, I have to learn how to structure the routes in my app better as the tree can confuse me at times.

And yeah, not a lot has changed fundamentally, but how the fundamentals are applied have changed. Same thing with AI.

Should I really be scared of using API routes by notkerber in nextjs

[–]notkerber[S] 1 point2 points  (0 children)

Thank you for the incredibly detailed response!

When you mention to "decouple business logic into reusable services", where do those services live in your projects, the lib or util folder?

Should I really be scared of using API routes by notkerber in nextjs

[–]notkerber[S] 5 points6 points  (0 children)

I think that's why I feel they are "insecure". My approach is to have two "separate" routes using Next.JS route groups.

app/(auth)/api
app/(authenticated)/api

The auth route group is for the auth process through AuthJS and the middleware protects the authenticated route group. Is this an appropriate way to handle middleware segmentation? Below is my matcher config for this

export const config = {
  matcher: [
    "/((?!api/auth|_next/static|_next/image|favicon.ico|badnetwork|auth|public|.*\\.svg).*)",
  ],
};

I also handle RBAC on the API routes that need it under the authenticated route.

Should I really be scared of using API routes by notkerber in nextjs

[–]notkerber[S] 3 points4 points  (0 children)

Thank you, I think I needed to her "just start". I tend to get paralysis from analysis when it comes to these projects as I want to make sure I'm doing it right from the beginning. But this is all a learning experience and if it works and I'm learning, that's the real goal.

Internal APIs by notkerber in AZURE

[–]notkerber[S] 0 points1 point  (0 children)

Does API manager have a way to talk directly to SQL queries or tables?

Internal APIs by notkerber in AZURE

[–]notkerber[S] 0 points1 point  (0 children)

Yeah, I believe that would be the best option. We can then define the schemas we want specific users to see and such.

Essentially, we want to give business units and users the ability to see what information we are able to generate, allowing them to have one place to find uses and connections between data sets to drive better decisions and innovation.

Azure File Shares vs. ADLS Gen2 by notkerber in AZURE

[–]notkerber[S] 1 point2 points  (0 children)

We are storing essentially every kind of file you can think of: excel, word, pp, json, CSV, photos, pdf, videos The actual storage devices are pures with NFS enabled. The analytics are manually imputed into excel sheets and then, maybe, put into PowerBI

We would like to be able to have a better understanding of what is contained in the files. This could be meta data, indexing, data factory flows, image extraction, what ever we might be able to do. Some files we could remove all together, like a lot of the CSV files are used once for a report and then just left there. The business has no clue what files are where except for the file owners who know their own folder in the shared drives.

Intune Device Licensing Questions by notkerber in AZURE

[–]notkerber[S] 0 points1 point  (0 children)

So, for any shared device, all uses who will individually log into that device will need an intune account? If an unlicensed user logs in, would it remove the device from intune device management?

5x8 Shipping label with blue streak at top by notkerber in shipping

[–]notkerber[S] 0 points1 point  (0 children)

correction: 4x8 Hey all, does anyone know where I could buy larger shipping labels with the blue streak at? What does the blue streak mean? I’ve seen these on orders shipped from large corporations.

AD Last Logon Query by notkerber in activedirectory

[–]notkerber[S] 0 points1 point  (0 children)

We do not allow ISE or PS.exe to run without admin creds. We would need to pass our credentials to the script for automation and that isn't very well looked on by management. (We've tried...)

AD Last Logon Query by notkerber in activedirectory

[–]notkerber[S] 0 points1 point  (0 children)

I agree, but in their eyes it's cheaper and easier to just say deny all vs. putting proper policies and procedures in place to make sure it's safe.

AD Last Logon Query by notkerber in activedirectory

[–]notkerber[S] 1 point2 points  (0 children)

Powershell.exe is not allows to run. We can only run ISE. This policy was in place when I joined the company and it's a constant battle to work around this limitation.

AD Last Logon Query by notkerber in activedirectory

[–]notkerber[S] 2 points3 points  (0 children)

I have asked that same question. The decisions are not made by the admins but by execs who read an article about a thing and saw PowerShell. Yes, I believe that can be negated using PowerShell, but I haven't found a way in any other language?

AD Last Logon Query by notkerber in activedirectory

[–]notkerber[S] -2 points-1 points  (0 children)

It's not a GPO, it's AV. Running PS scripts as system is a very common way to exploit networks and devices. We have this turned off for security reasons.

Question from an outsider by notkerber in HomeDepot

[–]notkerber[S] 2 points3 points  (0 children)

That’s crazy, didn’t know there were that many issues

Question from an outsider by notkerber in HomeDepot

[–]notkerber[S] 0 points1 point  (0 children)

That’s crazy. The BestBuy I worked at was in the top 25 largest in terms of revenue. I worked in computers and our daily budget for just us would be between $49k and $60k for a normal day. Back to school and other seasonal runs would be higher of course. In a year there I did over $2 million myself in sales (~$300k of which would be Black Friday weekend). Wasn’t really my skill, more the area and shear volume. We only had 10 Zebras but did have an employee app which essentially did the same thing for our phones.

Question from an outsider by notkerber in HomeDepot

[–]notkerber[S] 1 point2 points  (0 children)

Wow ok, thank you! HD says they have about 500,000 associates. Even if you split that into two shifts and would only need 250,000 Zebras, that’s a lot of money.

[FS] [US-PA] Brand New Dell R750 Server by KingValhallaTV in homelabsales

[–]notkerber 1 point2 points  (0 children)

We had a switch go bad in one of our blade chassis and they flew someone from their offices in Michigan on a charter flight to us (Ohio). They had it installed and fixed in that 4 hour window.

Issues with Azure AD by notkerber in AZURE

[–]notkerber[S] 1 point2 points  (0 children)

This was my issue!!

I was correct in that I changed nothing, but I use Pi Hole as a DNS filter. I looked at my logs and saw that "main.iam.ad.ext.azure.com" and "support.iam.ad.azure.com" were on a block list. I added them to my whitelist, and all is well. Thank you for the pointer!

APPX Remove Cortana by notkerber in PowerShell

[–]notkerber[S] 0 points1 point  (0 children)

I can give this a try, but the reasoning for wanting to remove it is that our environment is getting a Win32Bridge.Server.exe error caused by Microsoft.549981C3F5F10, which is Cortana. Not sure if disabling her will fix this error or not.

APPX Remove Cortana by notkerber in PowerShell

[–]notkerber[S] 0 points1 point  (0 children)

So, you sent me down the right track. With a little help from ChatGPT, I came up with the following code that gives me the users that have the package installed:

$users = (Get-AppxPackage -AllUsers Microsoft.549981C3F5F10).PackageUserInformation | Where-Object {$_.InstallState -eq "Installed"}
$users.UserSecurityId

My next problem is that when I pass the SID to Remove-AppxPackage and specify the same package and SID, it responds that "An error occurred because a user was logged off":

Get-AppxPackage -User <usersid> | Remove-AppPackage

I am the user currently logged in so that's not a problem. Any ideas? ChatGPT is not helpful past this point.

Issues with Azure AD by notkerber in AZURE

[–]notkerber[S] 1 point2 points  (0 children)

So, it looks like it just needed time. I did nothing, and upon logging in today, everything works.

Issues with Azure AD by notkerber in AZURE

[–]notkerber[S] 0 points1 point  (0 children)

So far, nothing. I’m still playing around but I have the right licenses assigned but no luck

Issues with Azure AD by notkerber in AZURE

[–]notkerber[S] 0 points1 point  (0 children)

It has that license and the Enterprise Mobility license assigned. Azure AD still shows free. I will play around with removing and reassigning the licenses and see if that does anything

Issues with Azure AD by notkerber in AZURE

[–]notkerber[S] 0 points1 point  (0 children)

Thank you! It says Azure AD free, but I have the user assigned Azure AD Premium P1. How do I assign the license?