How to intercept sent / consumed RabbitMQ messages - erlang

I am developing RabbitMQ token auth plugin, where the token needs to be included in AMQP header so it can be validated upon every sent / consumed message.
I am wondering how can I achieve it? So far I am only familiar with RabbitMQ auth plugins and do not know much about other plugin mechanisms. After quick research I have found rabbit_channel_interceptor behavior which sounds like it could do the job.

I have read rabbitmq's source code about auth. In the source code tree, please pay attention to the files named as "rabbit_auth_machanism.erl", "rabbit_auth_backend", "rabbit_auth_backend_internal". In addition, there is another plugin named "xxx ldap".
After reading carefully and know how to integrate and build the rabbitmq project groups, you can start programming.

Related

spring-authorization-server and OpenId Connect and angular-oauth2-oidc

In my project i have an angular app where i use https://github.com/manfredsteyer/angular-oauth2-oidc and a SpringBoot backend.
In the UI i copied most of the Stuff from here https://github.com/jeroenheijmans/sample-angular-oauth2-oidc-with-auth-guards.
My Code works with https://demo.identityserver.io and with a local Keycloak.
I only have to change the only:
spring.security.oauth2.resourceserver.jwt.jwk-set-uri (in the Backend)
In the frontend "issuer: 'http://localhost:8080/realms/master',"
to fit to the corresponding server
My "Dream" would be to use the spring-authorization-server. In my app i can create User dynamicly, and there for i need to be able to add this user to the authorization-server with a REST call. As fare as i understand, the spring-authorization-server code that should be ease to extend.
I copied over the spring-authorization-server code from https://www.baeldung.com/spring-security-oauth-auth-server with the base spring-authorization-server version: 0.2.0.
The Server starts and my App does the Redirect to the LoginPage. When it comes back from the spring-authorization-server the angular UI OIDC code detect a problem with the "Nonce", sometimes is missing, sometimes it does not match. Unfortunately i was not able to find the reason for that behaviour :-(
As my code works with the other two implementations, i suspect either a misconfiguration or a bug in the spring-authorization-server.
The documentation on spring-authorization-server is pretty slim.
Question: Does somebody know a place where a spring-authorization-server is used with a web client an OpenId Connect?
2.3.2022 Update: I open a Issue at the spring-authorization-server https://github.com/spring-projects/spring-authorization-server/issues/640
I hope this will bring some more info.
Best Regards T
I gave up on angular-oauth2-oidc after days of suffering. With angular-auth-oidc-client it works after 2h :-) They have better documentation and way more examples with different scenarios. I really can recommend it :-)
#Steve Thanks for the hint with the lib angular-auth-oidc-client.
I'm unfamiliar with angular-oauth2-oidc. However, I would recommend angular-auth-oidc-client.
See this branch containing a working sample that uses this client. The sample demonstrates obtaining an access token as a public client as well as authenticating to a backend for frontend application (or BFF, which is the recommended choice) without using any client-side library. We will be presenting a webinar on March 10, 2022 on this topic. You can register here.
You can also check out this sample from SpringOne 2021, which also demonstrates an Angular application utilizing a BFF and retrieving data from a resource server.

Is it possible to develop a Jira plugin with RESTful capabilities for creating issues programatically?

I have developed a Django app which hosts a bunch of forms that collect information about issues and I want to use this data to create Jira issues programmatically.
I have a conceptual idea of how that can be achieved but my problem is that I am a complete software development newbie and also have never used Jira to this date, hence googling stuff is quite hard as I have an almost non-existent vocabulary in these regards and things get quite overwhelming really fast. I want to know if what I have in mind even makes sense before I delve deeper into documentations and figuring out how to implement stuff.
So I'm going to send POST requests from my Django app containing the issue information in JSON format. These POST requests would then be handled by some Java service which in turn uses the JRJC to create issues on Jira. In my head this implies that I have to develop a whole server (or use some kind of framework for that matter) for django to send its requests to and handle them. Would it be possible to write a plugin for JIRA that bypasses the need for such a server so I could just write the service for handling the requests and expose it on some URL based on the domain of my Jira instance?
I apologize if my question appears vague or ill-structured. Any attempts to shine light on my incompetence or pointing fingers in some direction will be greatly appreciated!
I assume that you're talking about Jira Server (hosted by you) rather than Jira Cloud (hosted by Atlassian).
A Jira plugin can expose a REST endpoint, so yes, you can write such a plugin and POST to an endpoint you define, which then uses the Jira Java API to create issues.
See https://developer.atlassian.com/server/framework/atlassian-sdk/rest-plugin-module/ for information on putting REST endpoints in your plugin.

Integrating rasa bot with twilio voice

I am trying to build a telephony voicebot using Rasa,I’m just getting started with Rasa, and wondering whether it is possible to integrate rasa bot with twilio voice ,sms is working fine on Programmable SMS .Can anyone please help me how to do this?
We have used 2 different ways to achieve this. As this is for my company, I do not have the right to publish any source code, but this should help you find the way:
1-via Twilio studio, you can just use a block to call a Twilio function and there use "got" npm module (to be addded in Twilio function management tab) to launch a rest API call to you RASA NLU server (or RASA core if you need more than just NLU) and get back the intent(+other info if you want).
2-if you have the possibility to host a backend server (a "middelman"), then you can follow the tutorial at Twilio and expose 4 routes for call controle. In your backend, you will recuperate the utterance(speech) of the gather() function and you can make an API call to your RASA server with it as argument. The backend should contain the logic to react on the intent detected by RASA.
Example (for both solutions) : detected intent is "talk to a manager", then the Twilio command should be a transfer of the call to number xxx. If the detected intent is "talk to accounting department", then you should transfer to number yyy. (jut an example but you see the point).
Twilio has a good tutorial to start with (and a github repo you can clone) .
You can start by having a look at https://www.twilio.com/docs/voice/tutorials/how-to-respond-to-incoming-phone-calls-node-js (sorry I link everyting to nodeJS without knowing what you use, but some other languages are also available).
For me solution 1 is faster and allowed us to start quickly.
Solution 2 is more professional because :
-it gives you more controle (possibility to integrate with DB server, action server, CRM, ...)
-make security people happy by hosting business data inside your own infra (instead of Twilio studio and/or Twilio function.
For info : Twilio has a SOC compliance report - a banking-level security program / if you really need to (and you are ready to pay for it)
-it makes you free and you can replace Twilio, RASA or both when you want.
Nb : Twilio does not really help you a lot in the tutorials as they have their own fully integrated solution (Twilio Autopilot) to integrate NLU and voice call.

Good way to get streaming Twitter data using Apache Storm?

I'm building a Twitter crawler system. Requirement is to crawl both Twitter Profile and Twitter Streaming. There's a project manager which puts all projects (1 project is a Twitter profile, or a keyword for Twitter Streaming) into Kafka. Then Storm will read from Kafka to get project metadata and start to run. The project manager will check all projects periodically and eventually restart the project (by putting data into Kafka), so every project has the latest data. I have a couple of questions:
Since we need to keep a connection to Twitter Streaming, we cannot let a Bolt run for a very long time for the Twitter streaming project. Can you suggest a good way to do this, like implement a separate process for crawling?
Another question is about tokens. We want each access token to run on one server only in order to improve stability and prevent reaching the rate limit too soon. When a project (tuple) starts to be processed in Storm, it would be assigned an access token of its supervisor IP. Is there any good solution for this? Someone recommends me to use Zookeeper to assign access token but I'm not sure if it's a good way and how to implement?

IMAP Server Facade - how to make one?

I have implemented a custom email server and web client. The server is just a REST API (similar to google's gmail API) that uses a 3rd party (sendgrid) for sending and receiving. The emails are stored in a database. The web client just talks to the REST client for sending and receiving.
The problem with this approach is it doesn't implement IMAP anywhere, which makes it impossible for standard clients (outlook, iphone, etc.) to connect to and use our email API. This limits customers to using only our client for email.
What I need is some sort of IMAP Server "facade" that will manage the connections to clients and make calls to my REST API for actually handling the requests (get email, send email, etc.).
How can an IMAP facade be implemented? Is there maybe a way to take an existing MailServer and gut it and point all it's "events" to making calls to my API?
tl:dr; write your gateway in Perl; use Net::IMAP::Server; override Net::IMAP::Server::Mailbox; and use one of the many Perl REST clients to talk to your server.
Your best bet for doing this quickly, while maintaining a reasonable amount of code security, is with Perl. You'll need two Perl modules. The first is Net::IMAP::Server, and here is the Github repository for that module. This is a standards-compliant RFC 3501 server that was purposely designed to have a configurable mail store. You will override the default Net::IMAP::Server::Mailbox implementation with your own code that talks to your custom email backend.
For your second module, choose your favorite Perl module(s) to use to speak to your REST server. Your choice depends on how much fine grained control you want to have over the construction and delivery of the REST messages.
Fortunately, here you have tons of choices. One possibility is Eixo::REST, which has a Github repository here. Eixo::REST seems to deal well with asynchronous vs. synchronous REST API calls, but it doesn't provide a lot of control over X509 key management. Depending on how googley your API is, there's also the REST::Google module. Interestingly, this family also has a REST::Google::Apps::EmailSettings module, specifically for setting Gmail-specific funkiness like labels and languages. Lastly, the REST::Consumer module seems to encapsulate a lot of https-specific things like timeout and authentication as parameters to Perl object instantiation.
If you use these existing frameworks, then about 90% of the necessary code should already be done for you.
Don't do this by hacking Dovecot or any other mail server written in C or C++. If you hack together a mail server quickly using a compiled language, your server will sooner or later experience all the joy of buffer overflows and stack smashing and everything else that the Internet does to fuck over mail servers. Get it working safely first, then optimize later.
(This is basically my comment again, but elaborated quite a bit more.)
Some IMAP servers, most notably Dovecot, are structured such that the file access is in a separate module with a defined interface. Dovecot isn't the only one, but it's by far the most popular and its backend interface is known to be appropriate, so I'd take that absent specific concerns.
There already exist non-file modules such as imapc, which proves that it can be done. When a client opens a mailbox backed by imapc, Dovecot parses IMAP commands, calls message access functions in imapc, imapc issues new IMAP commands, parses the server responses, returns C structs to Dovecot, Dovecot fashions new IMAP responses and returns them to the client.
I suggest that you take the dovecot source, look at src/lib-storage/inbox/index/imapc and the other backends in that directory, and implement one that speaks your REST API as a client.
Since you're familiar with .NET, I would suggest hacking either of the following implementations of IMAPv4 servers to your liking:
Lumisoft Mail Server - a very old project indeed (let's call it "mature", huh?). Don't be too turned off by the decade-old website and the lack of a github link - the source is provided under "other downloads".
McNNTP - also an older project and with a major focus on NNTP (as the name says) but very close to what you're trying to achieve in terms of the IMAP component. Take a look, you'll probably find this a good starting point.

Resources