I'm trying to make a expire key system with nodejs to one app and for check expiration (30 days) I decided use a while loop and checking it, but as I thought, I need another thread to do this, I tried use the worker_thread but gives me "Module did not self-register" at "node_modules\Canvas\lib\bindings.js:3:18". There is a way to do this process or still another way to do the keys expire? I'm new to node and I don't have any other ideia.
Obs:. to check if a key is expired, it store the time in millis that the key was got and store another value with the time in millis 30 days after, and do a simple (expireTime - gotTime <= 0)
Related
I want to create a mechanism for a password reset using Node JS and firebase. The user's profile is stored in firebase auth.
My aim: from the GUI, a user request for a password reset email. A user can request for reset password a maximum of 3 times within 1 hour. If still, he doesn't get reset email then he can request again after 1 hour.
I thought about several options to do this, but not sure which one is better for good performance and security. From my point of view, I need to store two values: request number and request time. I thought about below ways to do this:
Create a document in the firestore to maintain these two values.
Use customClaims of the firebase auth user to maintain these two values.
Use client-side cookies to request numbers and use customClaims to store request time.
I thought using the 1st and 2nd option will lead to several firebase operations. Which end up charging me unnecessarily more cost for read/write operations. And the 3rd option will create a loophole.
Can you suggest a better option or which option should I choose from the above for implementing the reset password mechanism which avoids multiple requests from the same user for a periodic time?
Thank you.
You can try storing the number of password resets in firebase database or even keep a history of that. When user requests to change password, check his last reset and if-else statement will do rest of the job.
For example let's say I'm an user of your app and reset the password now, then you store current time in your database and update number of resets in last 1 hour.
You will have to fetch this information when I am about to change password again.
So when I click password reset button, fetch this information.
Store the time in the form of timestamp. Means timestamp now is around 1588570404. Get the timestamp at the moment when reset button is pressed and use if-else.
if(timeDifference <= 3600) {
//deny resetting as time since last reset is less than an hour
}
else {
//reset password
}
1 hour comprises of 3600 seconds so the difference should be greater than 3600 seconds.
You can add additional conditions to check how many times the user has changed password within last hour as mentioned above the code.
But you will need to reset that count after every hours so good luck with that. Maybe your can reset it when you perform checks for last reset.
How do I make the time expired, suppose I made an article, to be able to make it again, had to wait for 15 hours, I was using nodejs and node-datetime.
I think the current time plus 15 hours, but how?
thanks before
I suppose you have a database with the articles, so, just save the creation date in each article, and when a user requests the access to create a new article, verify if his last article is more than 15 hours old
I am getting error while using Redis cache time=0. Same time using with Redis cache time=1, it is working as expected.
How to set Redis cache time value is 0. Please help
ErrorMessage
"Message":"An error has occurred.","ExceptionMessage":"invalid expire time in SETEX, sPort: 12702, LastCommand: ","ExceptionType":"ServiceStack.Redis.RedisResponseException"
I want set 0 as expire time, why because i am using dynamic page and it has many chunk. The Redis cache time coming from config file. Example: Chunk 1 with redis cache time of 2 minute. In particular time i dont want redis cache, that time i go and change 0 as redis cache time in configuration file.
In particular time i dont want redis cache, that time i go and change 0 as redis cache time in configuration file.
It seems that you don't want to store a key by commanding redis to store a key. Which is very inconvenient.
If you don't want to change your application code than you could save it just for 1 sec, which is minimal. As setex command expect the time is positive means greater than zero.
Otherwise, you can tweak your code by ignoring to store in cache while ttl is zero. Or you can save it for 1 milisecond in redis using psetex insted of setex.
I am generating a simple token in my node app using notp:
var notp = require('notp')
notp.totp.gen("ciao", {}) // => 345678
I want to build a visualization similar to the one that Google Authenticator gives, and I need to know the number of seconds (or datetime) when the generated otp will expire.
How can I do it?
I've found it how to do it, it is actually pretty simple, you just need to know the time of start used by the algorithm.
It turns out that Google Authenticator uses Unix Epoch, so in my case, to display the timer I can do:
setInterval(() => (console.log(30 - Math.round(new Date() / 1000) % 30)), 1000)
This should be very simple,
The code within Google Authenticator App and on the server will then refresh with a new code every 30 seconds starting at the top of the minute.
Proof here: https://github.com/google/google-authenticator/blob/bd50d15c348a978c314d2b30e586fbc562096223/mobile/blackberry/src/com/google/authenticator/blackberry/AuthenticatorScreen.java#L53
So as long as you have your server and Apps synced these 30 second intervals will always be the same as they always start at the start of the minute and at 1 min and 30 seconds.
Another factor to take into account is that Google Authenticator on the server side can be setup to allow codes to be valid for only 30 seconds OR for 4 minutes. So you need to check if your server is setup at 30 seconds OR 4 minutes and then code accordingly.
Example of this when you setup:
By default, tokens are good for 30 seconds and in order to compensate
for possible time-skew between the client and the server, we allow an
extra token before and after the current time. If you experience
problems with poor time synchronization, you can increase the window
from its default size of 1:30min to about 4min. Do you want to do so
(y/n)
I'm building an app where I need to have three scoreboards which I'm implementing with sorted sets and lists. The app is running on node.js using the node_redis (https://github.com/mranney/node_redis) module for the redis client.
The first scoreboard is a 'latest scores' which I'm using a list and LPUSH for. The second is an all time high score which I'm using a sorted list for with the ZADD command.
I'm having trouble implementing a 'high scores this week'. I was thinking that I should use another sorted list using ZADD with an EXPIRE set for one week. That all works fine, but after the list has expired for the first time, it'll continue to add to a new list forever.
Is there a redis command to have an expire to auto renew? (I've been searching for an answer for a couple of hours now but the answer appears to be no). I'm coming to the conclusion that I'll need to do this programmatically. During a function call that uses the set, I could check to see if the TTL is -1 and reset it there and then. Is this best practice? Am I missing a clever trick somewhere? Do I need to be concerned about the extra database requests?
--EDIT--
I've had a reply to this question on twitter https://twitter.com/redsmin/status/302177241167691777
The suggested solution (if I understand correctly) is to use the EXPIREAT command along with each ZADD
expireat myscoreboard {{timestamp of the end of the week}}
zadd myscoreboard 1 "one"
This "feels" right to me but I'm new to redis so would appreciate some discussion on this technique or any other ways of solving the problem.
It depends on how you define "one week". There are several ways to use it, for example:
"The last 7 days"
"Week of the year"
"This week starting on sunday and ending on Saturday"
The simplest to implement are 2 & 3.
You specify a set which includes in it's keyname the date/time to start on, using an expire of one week. You then simply determine on the client side which day you want and grab the data.
For example
zadd scoreboard:weekly:03:March:2013 1 "bob"
Then the following week your keyname would be
zadd scoreboard:weekly:10:March:2013 1 "bob"
When you first create the key you set the expires, and that is all. No need to re-set it every time. Pseudocode follows:
if (ttl scoreboard:weekly:03:March:2013) == 0:
expire scoreboard:weekly:03:March:2013 604800
This way you only set the expiration once, get auto-expiration, and can easily pull the weekly scoreboard.
You could implement a rolling week using the same method but you would need to go to a daily key name and calculate what keys to get, then merge them. You could do this using zunionstore.