Raphael Medaer's blog

Prevent Forwarded header spoofing with HTTP message signature

The Forwarded HTTP header has been introduced in RFC7239 from June 2014. It “defines an HTTP extension header field that allows proxy components to disclose information lost in the proxying process, for example, the originating IP address(…)”. However there is not any mechanism to protect subsequent component against spoofing. Indeed, if your subsequent component, let’s say an API, is exposed on Internet, anyone can forge a HTTP Forwarded header. If your API is always behind your proxy, it has to remove/replace the original Forwarded header. It becomes even more complex if you have multiple proxies.

New music project

I am proud to present a new music project named “Brunch”. This is a brand new single which will be released on May 1st featuring two chill and smooth piano tracks with inspirations from Erik Satie to Michel Petrucciani. More to come soon…

Fun with Node experimental modules and loaders

If you are a front-end or a fullstack developer, you maybe already imported CSS files from a Javascript or a Typescript file. For instance:

import styles from "./styles.css"

A few months ago it would not have been possible out of the shelf. Indeed you would need a bundler (such as WebPack, Rollup,…) to “inline” the CSS file as a string in your Javascript file.

Nowadays it’s possible thanks to the “CSS Modules” (to not confuse with the homonym open-source project).

Yet another successful Git branching model

A decade ago, Vincent Driessen wrote a post named “A successful Git branching model”. In his post he presents a development model using many Git branches (master, develop, …) well known as the Git flow. Even if I’m not doing professional development for ten years, I got the opportunity to experiment Git flows in many development teams. As explained by his “Note of reflection (March 5, 2020)”, you should not treat this flow as a dogma or panacea. While the flow I will describe in the following lines is inspired by Vincent’s Git flow, it differs in many ways to fit the requirements of development team I’m working with right now at ALLOcloud.

Configure your sockets with URIs

Everybody knows Uniform Resource Identifier (URI)¹. As its name suggests, it’s a way to identify a resource (for instance a file or a phone number). It is often confused with Uniform Resource Locator (URL), which is actually a form of URI. A URL is a compact string representation for a resource available via the Internet².

Today I want to share with you the way I define another type of resources: network sockets.

JWT scope claim compression using a bitmap

JSON Web Tokens (JWT) are often used in stateless authentication flows. Thanks to the signature, the server does not need anything else to verify the token validity. The scope claim (RFC8693 section 4.2) contains a space-separated list of scopes associated with the token. The server can use it to check the application permissions. Although this claim can quickly become heavy. The more scopes you have, the bigger your token is! But JWT are meant to be a compact token format…

Today I’m proud to present you an idea to compress scope list into a bitmap where one bit represents one scope.

Manage multiple identities with Git

I work on many different Git repositories. For each of them I have a particular email address and sometimes a GPG key. Even the Git flow might be different; always --no-ff (or not), pull --rebase instead of merge,…

I hate capital letters!

I hate capital letters! At least in directory and file names. By default your home directory has a few directories with first capital letter (Documents, Music, Downloads,…). Ok, it looks nice! But I always make mistake when I type capital letter in my terminal. Fortunately, all of this is configurable…

Cascade routing with AIOHTTP

A common routing use-case is to share a route URL pattern for multiple purposes. For instance GitHub is using github.com/<something> for both users and organizations. Indeed the user and organization pages are different. A way to implement this is using a fallback mechanism called by some of us cascade routing.

Open RXVT terminal in current directory

Two years ago I switched from terminator to URXVT. This is now my day to day terminal emulator. URXVT is the unicode version of RXVT started long time ago by Rob Nation. Today I’ll show you how I fixed one of the very missing useful feature: open a new terminal in current working directory. By “current working directory” I mean “the working directory of the shell in the most recent focused terminal”.

Versioned FSM (Finite-State Machine) with Postgresql

Inspired by Felix Geisendorfer blog post I implemented a database FSM (Finite-State Machine) with Postgresql. I brought some improvements to Felix’s implementation but before reading the following I recommend you to read carefully the original post.

Let's get cracking!

It’s been a while I’m thinking to start a blog. It raised a lot of questions and I was not sure how/why/when to start. In the following lines I answer some of these questions and I explain how I’ll (try to) maintain this blog.