Month: June 2015

Authentication with Middleware using Siesta

We recently added a token-based authentication example to the Siesta repository that provides an excellent starting point for building authenticated APIs using our lightweight HTTP handler library for Go. This example, modeled after our own internal API services, demonstrates features and practices that we’ve developed and found useful after using Siesta in production for many months.

Here’s what you’ll see in this “meaty” example:

Request identification and logging
Token-based authentication
Use of typed URL parameters
Usage of a handler for some state, such as a database
JSON responses
“Pre” and “post” middleware chains
Error handling and bypassing of handlers

Walkthrough

Many APIs use tokens to authenticate requests. These tokens are generally stored on some sort of database, and tokens provided by users are cross-referenced to make sure users are only able to access information they’re assigned. For simplicity, we won’t be using an actual database in this example, but rather a realistic abstraction.

Let’s say we have a table with tokens and their associated users.

Token
User

abcde
alice

12345
bob

Suppose we also have a table with resources each user can access.

User
Resource ID
Value

alice
1
foo

alice
2
bar

bob
3
baz

Our API is going to be quite simple. Users will provide a token to use a single endpoint that fetches a resource:
GET /resources/:resourceID

We’ll have users send tokens as the HTTP basic authentication username. This is similar to Stripe’s API authentication. The cURL commands would look similar to this:
$ curl -u myToken: http://localhost:8080/resources/1

You may think it’s straightforward enough to chain up middleware to handle this, but it’s quite challenging to design robust services when they depend on client input. Many things can potentially go wrong. Suppose a request isn’t authenticated or has an invalid token. Should we just log an error and simply send the client a 401 Unauthorized? We could, but we should really do more. For example, we’d still want to be able to identify it and possibly send a JSON response with an error. However, we don’t want to run anything that depends on a valid token because we can’t provide one.

Depending on the framework, it’s up to you to implement this logic in your program, and it can get quite messy. Siesta, on the other hand, offers middleware chains, which are just enough to make this problem a lot simpler. In short, we use a quit() function to signal that a chain should be stopped, but still allow independent chains to continue executing. Refer to the Siesta documentation to see the details about middleware chain cancellation.

Here’s how the middleware is set up:

// requestIdentifier assigns an ID to every request
// and adds it to the context for that request.
// This is useful for logging.
service.AddPre(requestIdentifier)

// Add access to the state via the context in every handler.
service.AddPre(func(c siesta.Context,
w http.ResponseWriter, r *http.Request) {
c.Set(“db”, state)
})

// We’ll add the authenticator middleware to the “pre” chain.
// It will ensure that every request has a valid token.
service.AddPre(authenticator)

// Route
service.Route(“GET”, “/resources/:resourceID”, “Retrieves a resource”,
getResource)

// Response generation
service.AddPost(responseGenerator)
service.AddPost(responseWriter)

Example requests

$ curl -i localhost:8080
HTTP/1.1 401 Unauthorized
Content-Type: application/json
X-Request-Id: 4d65822107fcfd52
Date: Wed, 10 Jun 2015 13:03:36 GMT
Content-Length: 27

{“error”:”token required”}

$ curl -i localhost:8080/resources/1 -u abcde:
HTTP/1.1 200 OK
Content-Type: application/json
X-Request-Id: 55104dc76695721d
Date: Wed, 10 Jun 2015 13:04:23 GMT
Content-Length: 15

{“data”:”foo”}

You’ll notice that the server supplies a X-Request-Id header. This ID is generated for every request and is also supplied in the log output on the server.

2015/06/10 09:05:07 [Req 380704bb7b4d7c03] GET /resources/3
2015/06/10 09:05:07 [Req 380704bb7b4d7c03] Provided a token for: bob

So, what’s the upshot of having middleware and middleware chains in the first place? Aside from the obvious code deduplication benefit, middleware chains allow us to implement complicated behavior in a simple way. Middleware chaining has allowed us to ensure that each request

has an assigned an ID.
is authenticated.
has a JSON response.

This is just one possible method of handling authentication using Siesta. You’ll notice that much of the API server logic is handled by the main program itself and not Siesta. That’s something we spent a long time figuring out. By keeping the framework lightweight and limiting features to only what’s necessary, we think we made something that’s quite flexible. If you like this example, feel free to use it to build your own API services (it’s MIT licensed too). If there’s something you don’t like, you’re welcome to substitute your own replacement. We’ve made it very easy to do so.

Playing with Percona XtraDB Cluster in Docker

Like any good, thus lazy, engineer I don’t like to start things manually. Creating directories, configuration files, specify paths, ports via command line is too boring. I wrote already how I survive in case when I need to start MySQL server (here). There is also the MySQL Sandbox which can be used for the same purpose.But what to do if you want to start Percona XtraDB Cluster this way? Fortunately we, at Percona, have engineers who created automation solution for starting PXC. This solution uses Docker. To explore it you need:Clone the pxc-docker repository: git clone https://github.com/percona/pxc-dockerInstall Docker Compose as described herecd pxc-docker/docker-bldFollow instructions from the README file:a) ./docker-gen.sh 5.6    (docker-gen.sh takes a PXC branch as argument, 5.6 is default, and it looks for it on github.com/percona/percona-xtradb-cluster)b) Optional: docker-compose build (if you see it is not updating with changes).c) docker-compose scale bootstrap=1 members=2 for a 3 node clusterCheck which ports assigned to containers:$docker port dockerbld_bootstrap_1 3306
0.0.0.0:32768
$docker port dockerbld_members_1 4567
0.0.0.0:32772
$docker port dockerbld_members_2 4568
0.0.0.0:32776 Now you can connect to MySQL clients as usual:$mysql -h 0.0.0.0 -P 32768 -uroot
Welcome to the MySQL monitor.  Commands end with ; or g.
Your MySQL connection id is 10
Server version: 5.6.21-70.1 MySQL Community Server (GPL), wsrep_25.8.rXXXX
Copyright (c) 2009-2015 Percona LLC and/or its affiliates
Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type ‘help;’ or ‘h’ for help. Type ‘c’ to clear the current input statement.
mysql>To change MySQL options either pass it as a mount at runtime with something like volume: /tmp/my.cnf:/etc/my.cnf in docker-compose.yml or connect to container’s bash (docker exec -i -t container_name /bin/bash), then change my.cnf and run docker restart container_nameNotes.If you don’t want to build use ready-to-use imagesIf you don’t want to run Docker Compose as root user add yourself to docker groupThe post Playing with Percona XtraDB Cluster in Docker appeared first on MySQL Performance Blog.

MariaDB 5.5.44 Overview and Highlights

MariaDB 5.5.44 was recently released (it is the latest MariaDB 5.5), and is available for download here:
https://downloads.mariadb.org/mariadb/5.5.44/
This is a maintenance release, and no major changes, so there are only several noteworthy items (but one of those being a security fix and five potential crashing bug):

Security Fix: Client command line option –ssl-verify-server-cert (and MYSQL_OPT_SSL_VERIFY_SERVER_CERT option of the client API) when used together with –ssl will ensure that the established connection is SSL-encrypted and the MariaDB server has a valid certificate. This fixes CVE-2015-3152.
Crashing Bug: mysql_upgrade crashes the server with REPAIR VIEW (MDEV-8115).
Crashing Bug: Server crashes in intern_plugin_lock on concurrent installing semisync plugin and setting rpl_semi_sync_master_enabled (MDEV-363).
Crashing Bug: Server crash on updates with joins still on 10.0.18 (MDEV-8114).
Crashing Bug: Too large scale in DECIMAL dynamic column getter crashes mysqld (MDEV-7505).
Crashing Bug: Server crashes in get_server_from_table_to_cache on empty name (MDEV-8224).
XtraDB upgraded to 5.5.42-37.2
TokuDB upgraded to 7.5.7

Given the security fix, you may want to review the CVE to see if this is something you need to address. Also, please review the crashing bugs to see if they might affect you, and upgrade if so. Also, if running TokuDB or XtraDB, you may also want to benefit from those fixes, as well as the new MariaDB fixes (59 in all).
If interested, the official MariaDB 5.5.44 release notes are here:
https://mariadb.com/kb/en/mariadb/development/release-notes/mariadb-5544-release-notes/
And the full list of fixed bugs and changes in MariaDB 5.5.44 can be found here:
https://mariadb.com/kb/en/mariadb/development/changelogs/mariadb-5544-changelog/
Hope this helps.

CSC Luxembourg Hosts Managed Services and DBaaS on Oracle SuperCluster

CSC in
Luxembourg is implementing Oracle’s SuperCluster,
a solution combining
hardware and software to achieve unparalleled processing performance.
The Luxembourg project is a value proof point for CSC, which
plans to make its Luxembourg data centers a European IT pooling center
for the South & West Europe region.

Professional of the Financial Sector certified, CSC is the
first Luxembourg Oracle partner to offer managed services as well as
database-as-a-service based on Oracle Engineered Systems. Oracle SuperCluster also offers advantages in terms of data security
and confidentiality as the shared infrastructure allows consolidating
the data management of several customers in a secure and
compartmentalized way.

Oracle runs best on Oracle,” declares Philippe Cammaert, Senior Sales Manager, at Oracle Luxembourg. “We
are thrilled to see our partners consolidating their IT infrastructure
on our Engineered Systems. They choose these integrated solutions not
only because of their technological performance but also for the
business opportunities they offer as part of their managed services.”

CSC Luxembourg Hosts Managed Services and DBaaS on Oracle SuperCluster

CSC in
Luxembourg is implementing Oracle’s SuperCluster,
a solution combining
hardware and software to achieve unparalleled processing performance.
The Luxembourg project is a value proof point for CSC, which
plans to make its Luxembourg data centers a European IT pooling center
for the South & West Europe region.

Professional of the Financial Sector certified, CSC is the
first Luxembourg Oracle partner to offer managed services as well as
database-as-a-service based on Oracle Engineered Systems. Oracle SuperCluster also offers advantages in terms of data security
and confidentiality as the shared infrastructure allows consolidating
the data management of several customers in a secure and
compartmentalized way.

Oracle runs best on Oracle,” declares Philippe Cammaert, Senior Sales Manager, at Oracle Luxembourg. “We
are thrilled to see our partners consolidating their IT infrastructure
on our Engineered Systems. They choose these integrated solutions not
only because of their technological performance but also for the
business opportunities they offer as part of their managed services.”

 

MariaDB 10.1.5 Overview and Highlights

MariaDB 10.1.5 was recently released, and is available for download here:
https://downloads.mariadb.org/mariadb/10.1.5/
This is the 3rd beta, and 6th overall, release of MariaDB 10.1. There were not many major changes in this release, but a few notable items, as well as many overall bugs fixed (I counted 306).
Since it’s beta, I’ll only cover the major changes and additions, and omit covering general bug fixes (feel free to browse them all here).
To me, these are the highlights:

New status variables: New status variables Binlog_group_commit_trigger_count, Binlog_group_commit_trigger_timeout, and Binlog_group_commit_trigger_lock_wait used to examine which triggers caused a group commit to be made.
Encryption: Encryption for temporary files: temporary files created by the server (for binary log caches, for filesort, etc) are now encrypted if the encryption plugin is loaded and –encrypt-tmp-files was specified.
Encryption: Numerous encryption bugfixes.
A new column, INFO_BINARY, has been added to the Information Schema PROCESSLIST Table in order to avoid truncating queries with binary data (MDEV-7807).
Spider updated to 3.2.21.
Mroonga updated to 5.02.
Performance: mysqldump performance increased for large databases (MDEV-6714).

Of course it goes without saying that do not use this for production systems since it is still only beta. However, I definitely recommend installing it on a test server and testing it out. And if you happen to be running a previous version of 10.1, then you should definitely upgrade to this latest release.
You can read more about the 10.1.5 release here:
https://mariadb.com/kb/en/mariadb-1015-release-notes/
And if interested, you can review the full list of changes in 10.1.5 (changelogs) here:
https://mariadb.com/kb/en/mariadb-1015-changelog/
Hope this helps.

Service Provider CKI: Designs Oracle SuperCluster Cloud for U.S. Government

Normal
0

false
false
false

EN-US
X-NONE
X-NONE

MicrosoftInternetExplorer4

Computer
Knowledge Inc. articulates Oracle transformational engineered systems
infrastructure and methodologies consult with the United States government to
reduced costs and increased operational efficiencies.

Oracle SuperCluster Solution

· Unified
backup mechanism using external ZFS storage backup appliance (ZBA)

· Active data
recovery plan consists of Active Data Guard configuration with asynchronous
redo shipping between the Production site location and the disaster recovery
site

· Runs custom
Java applications, IBM WebSphere, 11gR2

· Oracle
customer replaced an existing IBM mainframe circa 1990s with Oracle
SuperCluster

Oracle SuperCluster Performance Results

· Massive
improvements in performance, performed 14 million SQL execution per hour with
.07 second response time

· 9x increase
transactions processed

· 10x
performance improvement over previous environment

· 30x workload
throughput improvement over IBM Mainframe and 10x number of users

· Work done in
1 day by Oracle SuperCluster equals 30 days of work from replaced for IBM
mainframe

· Up to 30x
performance improvement for 18,000 users

· 7.4 million
transactions per hour with a .7ms response time

TEL/電話+86 13764045638
Email service@parnassusdata.com
QQ 47079569