0:00:25
welcome back guys to another session of
0:00:27
buildbreaking fix brought to you by
0:00:30
the raw coders and this time you have
0:00:35
how are you feeling flash
0:00:37
hey saying everyone yeah feeling good
0:00:41
yeah i like your background by the way
0:00:46
thanks man um this was the awesome work
0:00:51
um i will actually
0:00:53
send you and tori this background
0:00:56
background as well so we can all start
0:01:14
yeah i think he used to be
0:01:21
yeah but i don't think i know him
0:01:24
anymore to be honest
0:01:31
he wasn't really as in good contribute
0:01:42
i can only help you know
0:01:48
all right guys um so
0:01:51
first thing is first i'll play the um
0:01:55
less in acknowledge the country um
0:01:58
and pay respects to the elders who have
0:02:00
gone apart um before us
0:02:06
i begin today by acknowledging the
0:02:08
traditional custodians of the land on
0:02:11
which we gather today and pay my
0:02:13
respects to the elders past present and
0:02:15
future i extend their respect to
0:02:18
aboriginal and torres strait islander
0:02:28
pick up music type
0:02:30
oh okay um let me see
0:02:48
keep it at there because
0:02:51
there's a new fashion that um
0:02:55
introduce to the stream that
0:03:02
we take turns and just randomly picking
0:03:10
should we turn it up a little oh yeah
0:03:18
awesome all right cool so um
0:03:21
all right yeah both an update here on
0:03:24
the projects is um um by the way i do
0:03:27
apologize we haven't been streaming say
0:03:31
i think on tuesday
0:03:33
we didn't do and on
0:03:40
yeah so of course some as in work
0:03:42
commitment so work has been really
0:03:44
hectic and long hours and um
0:03:48
phoenician tory already has some prior
0:03:52
tori basically wasn't feeling well so um
0:03:56
we told him to just rest up don't worry
0:04:01
which is pretty cool um
0:04:03
so yeah the last part where we um
0:04:09
got off the project was we
0:04:13
we are actually pretty much done to be
0:04:18
with the entire thing they just um
0:04:24
functionality left
0:04:32
users users get the board
0:04:35
as in the boards that they've already
0:04:38
wanna go back to it after a few days
0:04:42
yeah so because um we're not at the
0:04:46
moment i'm going to be implementing any
0:04:52
we just basically came up with an idea
0:04:54
hang on why not just apply a passcode
0:05:04
creates a board a new board they are
0:05:08
and enter afford four digit passcode
0:05:20
when they save the board and the notes
0:05:24
corresponding to that board all right
0:05:33
when for example the user wants to get a
0:05:44
the you if the user
0:05:58
at this stage we won't be able to help
0:06:06
remembers the board name
0:06:10
remember the passcode
0:06:13
then we would we would be able to help
0:06:16
him but provided they contact us
0:06:23
in the other scenario if they remember
0:06:32
everyone's happy yeah
0:06:37
will just populate and
0:06:40
with this notes on the next screen which
0:06:43
would be index.html
0:06:58
the name then um tori actually suggested
0:07:02
this that we can actually save all the
0:07:06
in their devices local storage
0:07:19
it makes sense but
0:07:23
yeah it's like how would we even do that
0:07:26
to be honest tourism wizard as in he
0:07:30
already told me um
0:07:33
i won't as in quote but seems
0:07:37
like it's not that hard
0:07:47
yes i'm not gonna put any any any number
0:07:50
but i'm apparently apparently um
0:07:55
it can be done as in
0:08:02
so that was um the progress as in the
0:08:06
last few functions a lot of
0:08:08
functionality so what i was doing
0:08:13
last night offline is i think i
0:08:21
passcode in the back end
0:08:25
when the front end
0:08:28
passes the passcode to the back end then
0:08:32
saves them in the database table
0:08:36
but at this stage the project
0:08:39
the project isn't building now
0:08:44
um it's something to uh is something to
0:08:54
like the way how tori has as an
0:08:57
organized everything
0:08:59
to be honest and i'll just share it just
0:09:03
to bear with me because it's really
0:09:18
uh if i open up my terminal
0:09:24
i'll just open up this
0:09:44
uh brain work i need you to work
0:10:06
why is he not doing it okay i was
0:10:09
bringing the wrong one
0:10:17
okay so this is how
0:10:22
our wizard of the frontend tory and the
0:10:25
backhand has done it so he has actually
0:10:29
shifted websockets to another kind of a
0:10:34
internal vs code another kind of project
0:10:39
into his folders so everything is really
0:10:42
organized which i love
0:10:47
but the only problem is that the project
0:10:53
was building before you added your
0:11:00
um so my code isn't really really the
0:11:09
package.json in these in these folders
0:11:13
is creating them as a separate project
0:11:17
as in a node project
0:11:43
that's a separate one myself
0:11:51
pacquiao jason is here
0:12:12
right okay now mine
0:12:19
so you actually need to run it from
0:12:28
let's see what this does
0:12:38
so this definitely doesn't work
0:12:43
but tori right on his end like when he
0:12:46
um i haven't asked him but i'm pretty
0:12:49
sure he can because he's
0:12:52
basically committing the code every day
0:13:04
in this one hang on why would the
0:13:10
be included in this
0:13:16
this was kind of the thing that i was
0:13:22
actually you know what i'm gonna do
0:13:26
just got my changes and
0:13:31
so the temp wherever is
0:13:35
template or yeah what it needs to build
0:13:38
yeah so there is in there
0:13:40
oh template gmo isn't in there which is
0:13:48
so where is it there is some scrambled
0:14:15
you know what i'm going to do
0:14:47
is it did you spell it wrong saying like
0:14:51
uh without an integration
0:14:54
oh is it my spelling
0:14:57
i'm spending wrong okay
0:15:00
here my brain is dead
0:15:08
i basically finished work around core
0:15:12
oh wow okay fair enough
0:15:19
okay so the build is totally failing
0:15:29
actually what i might just do at you
0:15:34
if this can do that trick
0:16:00
running this with one package or he
0:16:03
two packing sword as in
0:16:06
individual packages
0:16:11
a method of running it i don't know
0:16:15
or maybe a global one
0:16:30
the story on the show no it's not
0:16:36
resting on with his hot tea bag
0:16:40
in the hot water and drinking
0:16:46
okay that's interesting
0:16:48
um all right cool so i'm gonna i'm gonna
0:16:53
see what happens all right
0:16:57
so if i go in there
0:17:02
change our changes
0:17:16
and there's a change
0:17:24
create the board now get bored by name
0:17:59
okay so this is where we need to add our
0:18:08
actually i'll do let's say so if i get
0:18:12
um i got it right the
0:18:16
like people who are joining the board
0:18:18
don't need this password right
0:18:22
it will only be required
0:18:25
for the admin when they when he
0:18:29
creates a new board
0:18:36
okay cool so password yeah
0:18:43
let's see what did we mess up
0:18:48
actually i can't do that i need to
0:18:52
create another branch
0:18:55
for passcode itself
0:18:58
you don't want to mix all the changes in
0:19:07
i'll probably do that
0:19:39
honestly at the moment i'm just really
0:19:44
and especially brainwork
0:19:52
so this one goes in there
0:20:11
yeah yeah okay cool
0:20:14
so now that we have got that one in
0:20:31
okay i'm not going to speak
0:20:37
we have only done two lines of code
0:20:43
and check them must
0:20:46
be saying okay cool so one hour two like
0:20:49
two lines of code interesting
0:21:01
why did you work so late say
0:21:03
are you coding yet
0:21:06
yes i'm fixing as in high priority bugs
0:21:16
the game is on in this company all the
0:21:20
and it's kind of really enjoyable as
0:21:30
yeah pretty good man
0:21:32
yeah learning a lot
0:21:40
what is the one thing you learned as in
0:21:45
that you would be applying it as in
0:21:52
i think um the main thing is like
0:21:57
like networking knowledge
0:22:00
and i think that's
0:22:01
something that yeah definitely i'll be
0:22:03
applying long term as well
0:22:06
i kind of want to spend my own time to
0:22:09
networking as well because i think
0:22:14
that would really be beneficial
0:22:17
for like the future
0:22:19
for my own knowledge
0:22:24
yeah that makes sense to be honest um if
0:22:28
looking in that one maybe um
0:22:32
try to get one of those
0:22:40
because um yeah that would be a really
0:22:43
good way to learn by doing
0:22:46
sure that's a good idea
0:22:52
gcp security center at the moment
0:22:57
yeah how's that going
0:22:59
yeah pretty good um
0:23:01
i've been doing the
0:23:03
those labs online labs
0:23:05
yeah it's been being helpful and yeah
0:23:09
quite a bit as well
0:23:16
that's exactly what we like to hear
0:23:24
coding new features or just bug fixes
0:23:32
requires a lot of multitasking so when
0:23:37
if i am waiting for kind of a build
0:23:41
which takes probably a few
0:23:48
adding functionality or
0:23:50
changing functionality so at the moment
0:23:53
i'm in the middle of what how many
0:23:57
three to four three to four projects
0:24:05
yeah sounds really intense
0:24:09
to be honest this is one of the reasons
0:24:12
why why i really loved about this job
0:24:25
like no two days are the same or
0:24:30
and that's exactly what i
0:24:37
interview so what would an
0:24:41
working environment be
0:24:43
for you and that's exactly what i said
0:24:46
that i don't want two days to be the
0:24:51
now i'm actually getting that which is
0:24:59
intense at the same time to be honest
0:25:01
yeah it makes sense
0:25:08
um i forgot how how did we
0:25:11
how how do we test it oh by postman
0:25:18
yes yeah we can just
0:25:20
post when you want to get the board
0:25:21
names or what details is it
0:25:24
um i just wanna as in tester endpoint
0:25:30
this function as in if it inserts the
0:25:38
oh can we just check on um
0:25:41
just on the browser like
0:25:43
doing get requests
0:25:47
okay i've i basically forgot to
0:25:50
tell you i think so that i'm
0:25:53
for the get request to work as in the
0:25:56
get functionality we need to have the
0:25:58
functionality when the user creates
0:26:02
a passcode when creating a board
0:26:10
this is what that was
0:26:16
this is basically what i did was you
0:26:19
know how we are putting
0:26:30
i just added the password to it
0:26:39
prior testing postman
0:26:43
we haven't implemented this in front
0:26:48
so the way my as in
0:26:54
mentor told me how to go about building
0:26:58
the functionality as an end to end
0:27:04
back end first and then look
0:27:06
towards the front end
0:27:13
that's been pretty helpful to be honest
0:27:19
poster board okay cool so
0:27:22
board name is there
0:27:35
what's good would be what one two three
0:27:52
wait don't you need to change the
0:28:00
reminding me though it really helps
0:28:08
oh tory the front end
0:28:14
um he says you quit through my code webs
0:28:23
what was that question sorry
0:28:26
you you get through my code webs yet
0:28:35
we were really stuck badly so we gave
0:28:41
i'm just i'm just kidding um
0:28:48
very good code though so yeah
0:28:52
understand it as it on a really brief
0:28:59
but um that's what i was telling uh
0:29:01
finish earlier on that we really love
0:29:04
how you've actually structured the
0:29:16
what do you love as in the most
0:29:24
story done if if you had to choose just
0:29:27
one thing that you absolutely love
0:29:30
although them there are many
0:29:40
i have to say the web sockets
0:29:44
um yeah and how we got that uh
0:29:48
concurrent notes i think that's
0:29:50
definitely very impressive
0:29:56
couldn't agree agree more on that one
0:30:01
basically my favorite part as well
0:30:06
more impressive have a guess what
0:30:20
i don't know you're going to say
0:30:23
you're going to say something out of the
0:30:33
the timing yeah true
0:30:36
as in it's not even a week and
0:30:40
he got all the functionality basically
0:30:43
all done and done industrial
0:30:46
backstoppers i was really amazed
0:30:49
yeah yeah actually pushed this project
0:30:53
quite a bit just just by yourself so
0:30:57
which is really admirable to be honest
0:31:02
um tori says his humor handsome
0:31:07
impressive piece of strength
0:31:13
okay cool so this is going there
0:31:17
where so if we go to
0:31:27
dynamodb let's see if i will
0:31:32
hostile is there as well
0:31:40
yeah well i didn't see i didn't see
0:31:41
postman so i can't actually say
0:31:44
exactly my point so
0:31:46
that's the only reason why i'm
0:31:49
asking that would be that because you
0:31:52
weren't able to see the post
0:31:57
yeah i was just guessing but
0:32:14
yeah i'm guessing it'll be there
0:32:17
i like your optimism
0:32:23
let's make it happen then
0:32:48
the moment of truth
0:33:03
so which one did we enter
0:33:24
name which one i will looking for board
0:33:30
equal to value let's see
0:33:40
nope it's not there
0:33:47
where might we have messed up
0:33:49
what did postman say
0:33:52
um postman just gave me the id
0:34:03
board name is that
0:34:06
and then pause code
0:34:16
js should have shown me the passcode
0:34:32
i basically did was
0:34:34
hang on is this the same as that
0:34:37
passcode plus code
0:34:44
where's the value coming from say the
0:34:49
i mean in in the code like where it's
0:34:59
it's coming from somewhere that's a
0:35:03
flash it's not coming from anywhere
0:35:06
which might be the reason why
0:35:35
i can now mine this
0:35:39
all right let's build it
0:35:43
uh tori said sorry i missed over you how
0:35:46
this pascal thing is working
0:35:50
you're hashing the passwords right
0:35:59
but that's step two
0:36:01
we are on step one at the moment
0:36:05
we can implement the hashing on aws side
0:36:15
there's a library phone node as well for
0:36:20
we should be pretty simple
0:36:28
i just want this passcode
0:36:31
to work first and then we can
0:37:09
feeling about doing all the testing
0:37:12
because that testing phase is about to
0:37:18
yeah pretty good i think like um it'll
0:37:22
what's working what's not
0:37:28
kind of like have a review of what we've
0:37:32
yeah i think it'd be good
0:37:34
yeah true though and um
0:37:38
one basic clear thinking that we might
0:37:41
ask few few people as in
0:37:48
for testing and um
0:37:51
want to jump on testing as well you can
0:37:55
but i'll really as in kind of
0:37:57
prefer as in me you and
0:38:02
um work on kind of bug fixes
0:38:13
was this id as well yeah made it cool
0:38:16
so this let's see if this one works now
0:38:30
oh that looks promising
0:38:48
okay let's go into um
0:39:03
what's the library b crypt
0:39:07
i think there's a library called b crypt
0:39:14
b and then c r y b t
0:39:37
how do we use this
0:39:44
probably let's say
0:39:49
no don't be quick here's some missing
0:39:56
dependencies of nest impairments will be
0:40:00
okay how do we use it
0:40:03
uh require it and assault rounds
0:40:12
to hash a password big green
0:40:22
function my plant muscle salt
0:40:27
salt is a super secret word that's what
0:40:35
oh okay i see so it's hashing
0:40:45
you might just use
0:40:50
instead autogen salt and hash
0:40:55
no we don't want to alter janet
0:41:00
add the salt to the password
0:41:10
low dash from your password do we know
0:41:18
and he uses sync you know we will be
0:41:24
not something on the plain text not
0:41:28
one plain password is this
0:41:33
so what he's basically doing
0:41:42
can't be a super secret right
0:41:54
that's interesting
0:41:58
so it's basically gentle
0:42:09
option the course for processing the
0:42:13
so is the cost of processing the data
0:42:24
what does that mean the cost of
0:42:25
processing the data
0:42:30
send you this link there
0:42:41
okay now mine you can have
0:42:58
if it's 10 then it does 10 hashes per
0:43:08
we will probably just
0:43:11
was the cheapest one
0:43:22
two three days per hash
0:43:28
and a note about the code when you're
0:43:30
hashing your data the module will go for
0:43:33
a series of rounds gives you the hash
0:43:38
skill has the value you submit there is
0:43:42
not just the number of rounds that the
0:43:46
go through to hash your data
0:43:52
to hash your data the module will use
0:43:56
the value you entered and go for two
0:44:04
so i think it means that how many rounds
0:44:06
of hashes does it do
0:44:10
yeah that makes sense
0:44:18
two rounds iteration of processing
0:44:25
this library allows us to decrypt this
0:44:31
this b crit it allows us to
0:44:35
we get when we receive the password back
0:44:39
actually that's a really
0:44:46
to hash a password to check the password
0:44:50
seem to has a password
0:44:55
i don't think it does to be honest
0:45:05
then how will we check it against the
0:45:11
there was another library that i saw
0:45:15
this program authentication with
0:45:17
password actually you know what this
0:45:20
crypto package password passing for node
0:45:28
look at the following code
0:45:30
that's fine i need to know if you can
0:45:33
decrypt it as well
0:45:37
you don't want to decrypt the password
0:45:39
don't worry vgrip handles the password
0:45:47
maybe that's the functionality
0:45:58
when the user wants to get
0:46:05
even though the user would type
0:46:17
match against the hashes
0:46:30
imagine the password there's a compare
0:46:32
thing method for matching the password
0:46:34
against the hashed password
0:46:41
that means that you would
0:46:45
take the string password and
0:46:49
convert that into hash and then compare
0:47:02
oh okay interesting
0:47:14
what do you think finished about this
0:47:17
i think that's a good idea if there's
0:47:18
already that method
0:47:21
built in then we might as well use it
0:47:29
i was thinking we would do the
0:47:33
server side but then i guess that's kind
0:47:42
like you know like when we get the
0:47:44
password in aws then
0:47:47
you know use the function some
0:47:48
functionality of aws to
0:47:54
the password but then i guess this is
0:47:56
probably a better idea anyways because
0:48:00
it's doing it from the client side
0:48:05
of instead of passing the password in
0:48:10
the internet so maybe this is actually
0:48:11
probably a better idea
0:48:19
she brought a really
0:48:20
good point there because um
0:48:25
yeah i'm thinking when we get the
0:48:28
password on this server side then we
0:48:31
should encrypt that
0:48:39
that yeah that was my thought initially
0:48:45
so you're saying maybe you one of the
0:48:49
aws using encryption to encrypt the
0:48:53
yes i mean that's what i was thinking
0:48:58
but like um that means passing the plain
0:49:02
text to aws first and then encrypting it
0:49:06
so i don't you know maybe
0:49:09
i don't know if that's as good of a
0:49:14
i don't know what your thoughts are
0:49:17
because that would involve adding
0:49:19
another service of aws
0:49:25
which i haven't really worked with to be
0:49:28
honest as in properly
0:49:31
just basically hadn't had a glance and
0:49:34
it would i think it would require a lot
0:49:40
then this solution which is done by big
0:49:45
okay fair enough well yeah i think
0:49:48
let's stick to this one
0:49:55
when we go further down the road but we
0:49:58
can obviously expand
0:50:09
tori says this is a node module you use
0:50:11
the server side yeah i get what you mean
0:50:13
tory but i just mean like um
0:50:16
like um like a default aws
0:50:20
service he loves aws
0:50:31
let's just go with
0:50:33
this and basically how
0:50:44
no we want the synchronous
0:50:46
basic usage decrypt hash break no no
0:50:56
load hash from your post
0:51:07
hang on this is a different one big
0:51:12
this one was a different one
0:51:16
we were looking at this one isn't it
0:51:25
okay cool so let's install this
0:51:31
just plug my charger
0:52:02
um um what was there in the game
0:52:12
copy paste all the way
0:52:31
so now all we can do is
0:52:36
basically we need to use as well
0:52:40
copy paste all the way
0:52:45
and i should have been doing this to be
0:52:58
let's keep it 10 it's fine
0:53:26
rounds yeah tori says i think with
0:53:29
cookie dough you'll get a
0:53:31
jwt with access and refresh tokens
0:53:35
but probably they have other options too
0:53:37
i'm not super familiar with the options
0:53:39
he's saying that yeah probably we could
0:53:41
use aws cognito but
0:53:44
it's not super familiar with options and
0:53:46
neither am i to be honest
0:53:53
yeah it's an idea yeah yeah
0:53:59
because yeah obviously we will be
0:54:03
taking this down the road
0:54:29
uh no i haven't used good media
0:54:34
yeah actually the reason i brought it up
0:54:38
starting it was doing the gcp set and
0:54:41
they have a service like that so
0:54:43
i assume that aws would have it as well
0:54:47
but i could be wrong
0:55:06
gcp equivalent is um
0:55:12
i don't remember the name exactly
0:55:18
basically what it does is that when what
0:55:20
data that you have on gcp
0:55:25
what you want to encrypt you can encrypt
0:55:26
like a specific field
0:55:31
you know in our case if we have that
0:55:34
passcode field we can encrypt
0:55:36
specifically just that field
0:55:41
i was studying for the gcp security so
0:56:20
all right install hash in your password
0:56:28
sorry isn't i miss with you
0:56:33
i'm just trying to as in
0:56:36
generate the hash and this and story in
0:56:48
actually on autogenic
0:56:52
hash my plain text which is passcode for
0:58:16
give it here for today
0:58:30
okay cool man do you want to do the
0:58:39
um in today's episode we
0:58:43
we firstly try to get um
0:58:48
building and deploying again
0:58:57
reorganized the folder structure
0:58:59
um and once we got that we moved on to
0:59:02
to implementing our passcode
0:59:08
we can write the moment we can save the
0:59:10
passcode on dynamodb but
0:59:13
we are working through
0:59:15
hashing that passcode
0:59:17
so it's more secure
0:59:19
so uh thanks for joining us everyone on
0:59:22
another episode of full breaking fix and
0:59:24
we'll catch you tomorrow same time
0:59:36
and morning and afternoon wherever you
