Pilla 技術宅

Node.js

• NPM https://www.npmjs.com/
• lodash Doc https://lodash.com/docs
• Express API http://expressjs.com/api.html
• Node.js 官方API https://nodejs.org/api/
• Async Doc https://www.npmjs.com/package/async
• NodeCloud - Node.js resources http://www.nodecloud.org/

Javascript/HTML/CSS

• Javascript Reference https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects
• Font Awesome http://fortawesome.github.io/Font-Awesome/
• JQuery API http://api.jquery.com/
• JQuery Mobile API http://api.jquerymobile.com/I
• w3cscools.com http://www.w3schools.com/default.asp
• SWIG Doc - Html template engine http://paularmstrong.github.io/swig/docs/
• 正規語法測試網站 http://regexr.com/
• 好用的線上轉碼工具 http://www.hokoy.net/Tools/EnDeCoder.aspx
• CSS Reference (元件以及其Properties) http://www.w3schools.com/cssref/default.asp

資料庫相關

• Redis http://redis.io/commands

... 持續更新中 ...

cookies

當server想要儲存使用者的某些狀態時，就可以發送cookie給client，cookie是http header裡面其中一個欄位，cookie裡的資料以key/value的形式儲存，cookies通常儲存在client的瀏覽器中，也因此若當cookie並沒有加密時，在傳送的過程中容易被攔截或盜取，故並不鼓勵以cookie儲存一些敏感的資料，除了加密之外，更要設定時間在不需要cookie的時候將它刪除。 每個cookies的檔案最大只能到4k，在使用者瀏覽網站的時候瀏覽器會將cookie儲存在記憶體中，當瀏覽器關閉時，尚未expire的cookies會被存進文字檔中，並等待下次連線使用。

Session

相對於cookies處存在client端，session則是儲存在server端，session也需要cookie的輔助才能產生運作，因為server會傳送存有session id的cookie給client，並在server端建立起這個session id的檔案，在之後client在瀏覽網頁時都會夾帶此session id，如此一來server即可從此session id來辨認每個使用者所儲存的狀態與data。相對於cookies，session多用來儲存敏感的資料，也常常成為攻擊的目標，如session hijacking。

遇到的問題

在處理Auth Serveer遇到的問題。

以google的Oauth2來說，

直接使用javascript的話, 我們可以這樣寫:

window.location = "url_to_redirect";

這樣的結果類似滑鼠點擊連結, 會在瀏覽器的瀏覽歷史留下原網址的記錄.

也可以這麼寫:

window.location.href = "url_to_redirect";

如此與上例一樣類似滑鼠點擊連結.

另外, 也可以這麼寫:

大部分的人包含我在內，在開發oauth相關工具時，使用Github用的很高興， 寫出了一段code，確定oauth可以運作，就很高興的把code放上github了

如以下範例程式

var GoogleStrategy = require('passport-google-oauth').OAuth2Strategy;
 passport.use(new GoogleStrategy({
    clientID: GOOGLE_CLIENT_ID,
    clientSecret: GOOGLE_CLIENT_SECRET,
    callbackURL: "http://127.0.0.1:3000/auth/google/callback"
  },
  function(accessToken, refreshToken, profile, done) {
    User.findOrCreate({ googleId: profile.id }, function (err, user) {
      return done(err, user);
    });
  }
));

但，clientId以及ClientSecret也一起上去了。 Github是open的空間，很難保證之後是否會有有心人士，把你註冊的clientId/clientSecret資訊拿來用。 如果client有用到的是需要付費的api，就慘了！

在放上github前，先做些保護吧

安裝Linux的Client以及推上Heroku上

1. 安裝client工具

$ wget -qO- https://toolbelt.heroku.com/install-ubuntu.sh | sh

2. heroku login

$ heroku login
Enter your Heroku credentials.
Email: perry.wu0606@gmail.com
Password (typing will be hidden): 
Authentication successful.

3. 到有git的app下建立連結

沒有git的就自己git 出來吧!

要確定該folder有Procfile這個檔案

$ cat Procfile
web: node index.js

$ heroku create
Creating fast-brook-1101... done, stack is cedar-14
https://fast-brook-1101.herokuapp.com/ | https://git.heroku.com/fast-brook-1101.git
Git remote heroku added

$ git remote -v
heroku  https://git.heroku.com/fast-brook-1101.git (fetch)
heroku  https://git.heroku.com/fast-brook-1101.git (push)
origin  https://github.com/heroku/node-js-getting-started.git (fetch)
origin  https://github.com/heroku/node-js-getting-started.git (push)

4. 推到heroku上執行

$ git push heroku master
remote: Compressing source files... done.
remote: Building source:
remote: 
remote: -----> Node.js app detected
remote: 
remote: -----> Reading application state
remote:        package.json...
remote:        build directory...
remote:        cache directory...
remote:        environment variables...
remote: 
remote:        Node engine:         0.12.2
remote:        Npm engine:          unspecified
remote:        Start mechanism:     Procfile
remote:        node_modules source: package.json
remote:        node_modules cached: false
remote: 
remote:        NPM_CONFIG_PRODUCTION=true
remote:        NODE_MODULES_CACHE=true
remote: 
remote: -----> Installing binaries
remote:        Downloading and installing node 0.12.2...
remote:        Using default npm version: 2.7.4
remote: 
remote: -----> Building dependencies
remote:        Installing node modules
remote:        express@4.9.8 node_modules/express
remote:        ￠u￠w￠w utils-merge@1.0.0
remote:        ￠u￠w￠w merge-descriptors@0.0.2
remote:        ￠u￠w￠w fresh@0.2.4
remote:        ￠u￠w￠w cookie@0.1.2
remote:        ￠u￠w￠w escape-html@1.0.1
remote:        ￠u￠w￠w range-parser@1.0.2
remote:        ￠u￠w￠w cookie-signature@1.0.5
remote:        ￠u￠w￠w finalhandler@0.2.0
remote:        ￠u￠w￠w vary@1.0.0
remote:        ￠u￠w￠w media-typer@0.3.0
remote:        ￠u￠w￠w methods@1.1.0
remote:        ￠u￠w￠w parseurl@1.3.0
remote:        ￠u￠w￠w serve-static@1.6.5
remote:        ￠u￠w￠w path-to-regexp@0.1.3
remote:        ￠u￠w￠w depd@0.4.5
remote:        ￠u￠w￠w qs@2.2.4
remote:        ￠u￠w￠w on-finished@2.1.1 (ee-first@1.1.0)
remote:        ￠u￠w￠w debug@2.0.0 (ms@0.6.2)
remote:        ￠u￠w￠w etag@1.4.0 (crc@3.0.0)
remote:        ￠u￠w￠w proxy-addr@1.0.8 (forwarded@0.1.0, ipaddr.js@1.0.1)
remote:        ￠u￠w￠w send@0.9.3 (destroy@1.0.3, ms@0.6.2, mime@1.2.11, on-finished@2.1.0)
remote:        ￠u￠w￠w type-is@1.5.7 (mime-types@2.0.12)
remote:        ￠|￠w￠w accepts@1.1.4 (negotiator@0.4.9, mime-types@2.0.12)
remote: 
remote: -----> Checking startup method
remote:        Found Procfile
remote: 
remote: -----> Finalizing build
remote:        Creating runtime environment
remote:        Exporting binary paths
remote:        Cleaning npm artifacts
remote:        Cleaning previous cache
remote:        Caching results for future builds
remote: 
remote: -----> Build succeeded!
remote: 
remote:        node-js-getting-started@0.1.3 /tmp/build_e36f0548cd7e9ef2a4f9015fd5e300e5
remote:        ￠|￠w￠w express@4.9.8
remote:        
remote: -----> Discovering process types
remote:        Procfile declares types -> web
remote: 
remote: -----> Compressing... done, 9.3MB
remote: -----> Launching... done, v3
remote:        https://fast-brook-1101.herokuapp.com/ deployed to Heroku
remote: 
remote: Verifying deploy... done.
To https://git.heroku.com/fast-brook-1101.git
 * [new branch]      master -> master

5. 連網頁測試

一推上後會看到訊息， 由訊息的連結就可以存取剛剛放上去的應用 https://fast-brook-1101.herokuapp.com/ 也可使用heroku apps:info來查詢連結資訊

要注意的是heroku會需要應用裡面有設定pro

其他指令

* 讓app只在web上佈署一台

$ heroku ps:scale web=1
Scaling dynos... done, now running web at 1:1X.

* To shutdown the app

$ heroku ps:scale web=0

* 看目前現有的app列表

heroku apps
heroku apps:info

1. 建立certificate檔案

$ openssl genrsa -out pillaAuth-key.pem 1024 
$ openssl req -new -key pillaAuth-key.pem -out certrequest.csr
$ openssl x509 -req -in certrequest.csr -signkey pillaAuth-key.pem -out pillaAuth-cert.pem

2. 編輯JS如以下的檔案

var fs = require('fs');
var https = require('https');
var express = require('express');
var app = express();

var hskey = fs.readFileSync('pillaAuth-key.pem', utf8);
var hscert = fs.readFileSync('pillaAuth-cert.pem', utf8);

var credentials = {
    key: hskey,
    cert: hscert
};

https.createServer(credentials, app).listen(3001, function() {
    console.log('Express https server listening on port ' + 3001);
});

目的

測試telegram在rpi CLI的模式下運作機制

安裝步驟

1. 裝該裝的

sudo apt-get install libreadline-dev libconfig-dev libssl-dev lua5.2 liblua5.2-dev libevent-dev make libjansson-dev

2. 下載編譯

git clone --recursive https://github.com/vysheng/tg.git && cd tg
./configure
make

3. 執行

執行會會要求輸入電話號碼，會送SMS訊息給手機，把訊息的CODE碼輸入及完成配對

pi@raspberrypi ~/telegram/tg $ ./bin/telegram-cli -k tg-server.pub -W
Telegram-cli version 1.3.1, Copyright (C) 2013-2015 Vitaly Valtman
Telegram-cli comes with ABSOLUTELY NO WARRANTY; for details type `show_license'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show_license' for details.
Telegram-cli uses libtgl version 2.0.1
I: config dir=[/home/pi/.telegram-cli]
[/home/pi/.telegram-cli] created
[/home/pi/.telegram-cli/downloads] created
phone number: +88609XXXXXXXX
code ('call' for phone call): 26722
User Perry Wu online (was online [2015/05/25 14:02:45])
User Perry Wu offline (was online [2015/05/25 13:58:14])
User Perry Wu online (was online [2015/05/25 14:03:15])
> msg Perry_Wu test from rpi
 *** reply_id=0, disable=0
[13:59]  Perry Wu <<< test from rpi
User Telegram marked read 0 outbox and 1 inbox messages
> msg Perry_Wu dkasdkas;ldk
 *** reply_id=0, disable=0
[13:59]  Perry Wu <<< dkasdkas;ldk
User Perry Wu is typing
User Perry Wu is typing
[14:00]  Perry Wu ??? Hello
User Perry Wu is typing
[14:00]  Perry Wu ??? Oh?

參考

* 在树莓派上用Node.js监视网页变化并通知手机

http://hugozhu.myalert.info/2015/03/07/57-use-node-module-phantom-to-monitor-webpage-updates.html

* Telegram on Raspberry Pi

http://www.instructables.com/id/Telegram-on-Raspberry-Pi/?lang=zh

目的

使存取localhost:5000/app/app1 轉到localhost:3000

使存取localhost:5000/app/app2 轉到localhost:3001

這樣...

var express = require('express');
var app = express();
var http = require('http'),
    httpProxy = require('http-proxy');

app.set('port', process.env.PORT || 5000);

var proxy = httpProxy.createProxyServer();

app.all('/app1/*', function(req, res, next){
    console.log(req.url);
    req.url = req.url.slice(5);
    proxy.web(req, res, {
        target: 'http://127.0.0.1:3000'
    }, function(e) {
        console.log(e);
    }); 
});

app.all('/app2/*', function(req, res, next){
    console.log(req.url);
    req.url = req.url.slice(5);
    proxy.web(req, res, {
        target: 'http://127.0.0.1:3001'
    }, function(e) {
        console.log(e);
    }); 
});

http.createServer(app).listen(app.get('port'), function() {
    console.log('Express server listening on port ' + app.get('port'));
});

使用這段Code，可以將存取

localhost:5000/app1/ 的動作轉到localhost:3000/

* UDP Flooding - Dst

hping3 -I eth1 --udp --rand-source 192.168.1.100

* UDP Flooding - Src

hping3 -I eth1 --udp --rand-dest 192.168.1.100

* TCP SYN Flooding - Dst

hping3 -I eth1 --syn --rand-source 192.168.1.100

* TCP SYN Flooding - Src

hping3 -I eth1 --syn --rand-dest 192.168.1.100

* TCP SYN Flooding - Dst

hping3 -I eth1 --rand-source 192.168.1.100

* TCP SYN Flooding - Src

hping3 -I eth1 --rand-dest 192.168.1.100

1. 創建package.json文件

這一步可以使用範例copy過來修改即可

$> mkdir example
$> cd example
$> npm init
按照提示輸入package名, description, email, version等信息，就自動生成以下文件：
{
“name”: “example”,
“version”: “0.0.1〃,
“description”: “test npm commit”,
“main”: “index.js”,
“scripts”: {
“test”: “echo \”Error: no test specified\” && exit 1〃
},
“repository”: “”,
“author”: “yunjing”,
“license”: “MIT”
}

2. 添加用戶

$>npm adduser
按照提示輸入用戶名，密碼和郵箱

3. 發布

$>npm publish

如果不帶參數，則會在當前目錄下查找package.json文件，按照該文件描述信息發布；

如果指定目錄，就會在指定目錄下查找package.json文件

4. 驗證

訪問http://search.npmjs.org/ 可以查詢剛剛發布的module

5. 下載使用

$>npm install example

6. 版本更新

修改package.json裡的版本號，重新npm publish

7. 取消發布

$>npm unpublish