I have a chicken and egg problem with my node server in which you need to have a user with a certain role that has certain permissions to be able to log in and start creating more users, roles, etc.
I would like to initialize the database such that I create an initial ADMIN role and initial admin user that has that role.
I.E. started with a script and ran into problems:
use mydb
db.roles.insert({
name: "ADMIN_ROLE",
description: "Administrative role",
permissions: ['ALL']
});
db.users.insert({
username: "admin",
password: "password",
role: ??? (get ADMIN_ROLE _id from above)
});
Basically I ran into a couple of problems:
1. not really sure if I can script like this.
2. How to get ADMIN_ROLE id to store in new admin user
Another idea:
Write a quick node app that connects to mongodb and inserts the proper stuff. Anyone done this before.
And yet another:
Does anything like ruby rake exist for node/mongo. I.E. the initial seed may not be the only data I need to 'manually' mess with. I.E. I might need to patch the database at some point in time. Would be nice to create patch #1 as the initial seed, and then be able to write future patches if necessary and be able to. I.E. anything like rake migrate?
Any other ideas on how to seed a mongo database?
Shoot just found this:
https://github.com/visionmedia/node-migrate
and
https://npmjs.org/package/mongo-migrate
Exactly what I was looking for.
Related
I am wondering about the security of apps script libraries. If a user imports a library, is there any way for them to retrieve the code within the library?
I ask because I am writing a library that connects many sheets to a single sheet which acts like a database. Users of the many sheets should not be able to find the database sheet.
I have tested console logging the functions, and they just return [Function] and not the actual function definition. However I still don't know if this is a safe implementation or not. Would love to hear your thoughts.
For other users to use your library, you have to give them access by sharing the script.
Authorized users can view the function code by printing the function or going to the script link
Using print:
Using script link:
https://script.google.com/d/(Script ID Here)/edit
In your post above, you want to hide any data that will lead users to database sheet.
I suggest to create a temporary function in your library script that will set a property containing the Sheet ID. This can be done by using Properties Service. Using this service will allow you to store strings as key-value pairs scoped to one script.
Example:
function setProperty(){
PropertiesService.getScriptProperties().setProperty("Sheet_ID", "123456");
}
Usage:
function myFunction() {
var databaseID = PropertiesService.getScriptProperties().getProperty("Sheet_ID");
SpreadsheetApp.getActiveSpreadsheet().getSheetId(databaseID)
}
Note: Before deploying your library script, run the setProperty() function and delete it in your script editor. This will prevent users from viewing the source code for setProperty() function. Also, make sure that the role of the users you will authorize to access your library is Viewer only to prevent them from editing your script and printing the Property value.
Reference:
Properties Service
I'm currently playing around with gitlab-ce (omnibus, on an Ubuntu VM) in an environment with LDAP authentication.
The LDAP administrator recently reconfigured the OUs from something like
ou=temp, ou=users, ou=baseinfrastructure to
ou=users, ou=baseinfrastructure.
Now when I do something as simple as git pull with a regular user account, that user account will be set to ldap_blocked since gitlab queries for the user with the temp part in the cn string and obviously doesn't find it.
Is there a way to update the users or something else so gitlab no longer queries with the ou=temp, part?
After some search, I've found out the information is stored in the identities table.
In gitlab omnibus, you can start a database console using gitlab-psql.
In my case, the required query for verifying I'm doing the right thing was:
SELECT external_uid, replace(external_uid, 'ou=temp,', '') FROM identities;
and then actually replacing them by executing:
UPDATE identities SET external_uid = replace(external_uid, 'ou=temp,', '');
For a single user you can use gitlab-rails console.
Find your user:
user = User.find_by_email("user#email")
Get user extern_uid:
user.ldap_identity.extern_uid
the above should print result similar to: => "uid=username,ou=people,dc=example,dc=com"
Update values as neccesary:
user.ldap_identity.extern_uid = "uid=newusername,ou=newpeople,dc=example,dc=com"
Verify:
user.ldap_identity.extern_uid
=> "uid=newusername,ou=newpeople,dc=example,dc=com"
And finally save
user.save
I believe this script Gitlab rake task to mass update ldap dn may be useful for updating multiple users at once.
I created a free tier cluster on MongoDB Atlas (it has 3 shards) and I want my Node.js app to connect with a database I created there, using a specific user, that will be restricted from using any other database than the one inteded for this app.
So step by step.
I create a database called, let's say, test.
I create a role here - I go to Security -> MongoDB Roles -> Add New Custom Role and I give it all Collection actions and all Database actions and roles to test
Time for a user, so again Security -> MongoDB Users -> Add New User and I assign a previously created role to it so it has access only to test database. So now I have 2 users - atlasAdmin and my created user.
That's where the problem occurs, when I use admin user in my app to connect, .find() or .create() it works fine all the time. With a user with custom role, it works for like 10mins/1 connection (until I shut down the local server I have my node app on) and the next time I get an error that "user is not allowed to perform action (...)".
I tried everything, tinkering with a string I use to connect, updating mongoose (I use it in my app), creating user and custom role using mongodb shell but nothing seems to work.
HOWEVER:
if I have this custom user, my app connects with it to the database and it works, then on the next connection it stops working AND I go here and just click UPDATE USER without changing anything there (I just click edit next to the user and then update) then wait for the cluster to make changes, it will work again for like +/- one connection.
everything works just fine if my app uses admin account
Anyone had similar problem? Screenshot of the error I was also thinking that it might be because of how many times I try to connect with mongo from the app (I use nodemon so everytime I save a file with changes, server restarts, thus connecting to database again) but I think that's not the case - if it was, why would I be able to make it work with admin user?
The string I use to connect with mongo:
// DATABASE SETUP
var dbURL = 'mongodb://[cluster0:port],[cluster1:port],[cluster2:port]/test?ssl=true&replicaSet=Cluster0-shard-0&authSource=admin&retryWrites=true';
var options = {
useNewUrlParser: true,
dbName: "test"
user: [login],
pass: [pass]
};
mongoose.connect(dbURL, options);
I have also encountered this problem on Atlas Free tier, not just on NodeJS but Java as well
For now, you can try mitigating this problem by using a default role instead of having a custom one
On the MongoDB Users tab, click "Edit" on your user => Add Default Privileges
Picture 1
Then select "readWrite" and type your database name on the first field, then save the user
Picture 2
Or, if you want database administration, add another field with "dbAdmin" role
Picture 3
At least that's how I solved it. I hope this helps.
Side note: You can also use the shorter connection string (MongoDB+SRV) and it would still work.
TutorialsPoint Java Compiler
In tutorialspoint, they have created linux terminal using term.js.
I have integrated same github library in my project, it is working fine but I am trying to understand the flow of tutorialspoint.
My assumption:
In tutroialspoint each time they are creating new user_id under root user(cg) and running terminal(nodejs server) using that user_id so every time when you reload page there will be a different user_id (run whoami in terminal), so another user can't operate other users files.
I am running nodejs server using forever.js under root user, I want to implement same type of functionality. What is correct way to do this? and if there is another way please elaborate.
I think they are creating a new user each time you visit the page and providing you a subshell of that user. It can be easily achieve by using Shell Programming techniques. Creating a new user each time thing is probably nothing more than a security measure.
So I will briefly explain the concept in 5 steps:
1 - Create a new user:
shell_exec('useradd --expiredate 2016-09-10 [username]');
http://www.computerhope.com/unix/useradd.htm
2 - Login to this newly created user account:
shell_exec('su [username]');
3 - Get user input to the PHP script using AJAX(dynamically).
4 - Execute user's command and send the output to user:
<?php
$output = shell_exec("[user's command]");
echo "<pre>$output</pre>";
?>
5 - Repeat from 3.
Hi I've installed Rocket.chat on ubuntu Aws micro instance, It running with Nginx, MongoDB, and node, where MongoDB is running with docker image mongo:3.0
It was running smoothly on the day of installation but after some times It server was getting slow, I examined within the server with top command. It was MongoDB using cpu% around 70. and the next day It flickers with more than 90%.
I've reinstalled everything on the server but it is same again, no luck.
Here is the screenshot for top cmd.
Please let me know if any other stats are needed for this.
How can I examined the main problem here, how can I optimize it to make it work properly.
Thanks
I got to know why this issue arises. I started implementing my custom chat platform with Meteor.
So the cause of the problem was services.resume.loginTokens in the user object.
We were trying implementing rocket chat methods/api on the custom native android application.
Whenever application is calling the login method from the android app, It was adding a new login token without deleting the previous ones (for multi-system logins)
so if you'll delete the previous one with some date check, It won't create overheads to the user object.
Accounts.registerLoginHandler (loginRequest) ->
# ... Do whatever you need to do to authenticate the user
stampedToken = Accounts._generateStampedLoginToken();
Meteor.users.update userId,
$push: {'services.resume.loginTokens': stampedToken}
# Delete old resume tokens so they don't clog up the db
cutoff = +(new Date) - (24*60*60)*1000
Meteor.users.update userId, {
$pull:
'services.resume.loginTokens':
when: {$lt: cutoff}
},
{multi : true}
return {
id: userId,
token: stampedToken.token
}
I got this solution from this so question