{"componentChunkName":"component---src-pages-author-author-yaml-id-js","path":"/author/andy-yeung/","result":{"data":{"allMarkdownRemark":{"edges":[{"node":{"id":"4a994147-d7b5-56c2-ace6-b9d19e677ae3","html":"

Serverless computing has been gaining a lot of popularity in the last couple of years, and for a good reason. It saves developer's time, allowing them to focus on writing code rather than dealing with infrastructure. Deploying powerful and scalable applications has generally become much quicker and easier with serverless. However, there can be drawbacks as well, such as vendor lock-in and lack of control.

\n

This blog will briefly go over some of the most popular serverless computing options from major cloud providers. There are also plenty of great resources online explaining serverless architecture in detail, so definitely go check those out if you haven't already. Now, let's go over some of the popular choices for serverless computing.

\n

Popular Cloud Options

\n

Almost all major cloud providers offer serverless computing such as AWS, Azure, Google Cloud, IBM Cloud, Alibaba Cloud, etc. In this blog, we'll only be going over a few.

\n

1. AWS Lambda

\n

AWS Lambda was released in 2014 and has played a significant role in the rise of serverless computing.

\n\n

Recent notable updates include:

\n\n

2. Azure Functions

\n

Launched in 2016:

\n\n

Recent notable updates include:

\n\n

3. Google Cloud Functions

\n

Launched in 2017:

\n\n

Recent notable updates include:

\n\n

4. CloudFlare Workers

\n

Launched in 2017:

\n\n

Recent notable updates include:

\n\n

Conclusion

\n

There are a lot of great options worth considering when looking for serverless computing from a cloud provider. This was a very brief introduction to some of the most popular choices, so definitely check out each provider's official documentation for more detail!

\n","frontmatter":{"title":"Top 4 Serverless Computing Platforms in 2021","author":{"id":"Andy Yeung","github":null,"avatar":null},"date":"March 04, 2021","updated_date":null,"tags":["Serverless"],"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.5037593984962405,"src":"/static/5c35cac6bac6aa7487ccce9ebb7d8d94/ee604/cover.png","srcSet":"/static/5c35cac6bac6aa7487ccce9ebb7d8d94/69585/cover.png 200w,\n/static/5c35cac6bac6aa7487ccce9ebb7d8d94/497c6/cover.png 400w,\n/static/5c35cac6bac6aa7487ccce9ebb7d8d94/ee604/cover.png 800w,\n/static/5c35cac6bac6aa7487ccce9ebb7d8d94/f3583/cover.png 1200w","sizes":"(max-width: 800px) 100vw, 800px"}}}},"fields":{"authorId":"Andy Yeung","slug":"/engineering/serverless-overview/"}}},{"node":{"id":"7f4aaef1-b2c3-5939-b72b-07b24a928765","html":"

This blog will help you get started on deploying your REST API in Kubernetes. First, we'll set up a local Kubernetes cluster, then create a simple API to deploy.

\n

There are already a lot of free resources available explaining basic Kubernetes concepts, so go check those out first if you haven't already. This blog is intended for beginners but assumes you already have a basic understanding of Kubernetes and Docker concepts.

\n

1. Set Up Local Kubernetes

\n

There's a couple options for running Kubernetes locally, with the most popular ones including minikube, k3s, kind, microk8s. In this guide, any of these will work, but we will be using k3s because of the lightweight installation.

\n

Install k3d, which is a utility for running k3s. k3s will be running in Docker, so make sure you have that installed as well. We used k3d v4.0 in this blog.

\n
curl -s https://raw.githubusercontent.com/rancher/k3d/main/install.sh | bash
\n

Set up a cluster named test:

\n\n
k3d cluster create test -p "80:80@loadbalancer"
\n

Optionally, check that your kubeconfig got updated and the current context is correct:

\n
kubectl config view\nkubectl config current-context
\n

Optionally, confirm that k3s is running in Docker. There should be two containers up, one for k3s and the other for load balancing:

\n
docker ps
\n

Make sure that all the pods are running. If they are stuck in pending status, it may be that there is not enough disk space on your machine. You can get more information by using the describe command:

\n
kubectl get pods -A\nkubectl describe pods -A
\n

There's a lot of kubectl commands you can try, so I recommend checking out the list of resources and being aware of their short names:

\n
kubectl api-resources
\n

2. Create a Simple API

\n

We will create a simple API using Express.js.

\n

Set up the project:

\n
mkdir my-backend-api && cd my-backend-api\ntouch server.js\nnpm init\nnpm i express --save
\n
// server.js\nconst express = require("express");\nconst app = express();\n\napp.get("/user/:id", (req, res) => {\n  const id = req.params.id;\n  res.json({\n    id,\n    name: `John Doe #${id}`\n  });\n});\n\napp.listen(80, () => {\n  console.log("Server running on port 80");\n});
\n

Optionally, you can try running it if you have Node.js installed and test the endpoint /user/{id} with curl:

\n
node server.js\n\n// request:\ncurl http://localhost:80/user/123\n\n// response: {"id":"123","name":"John Doe #123"}
\n

Next, add a Dockerfile and .dockerignore:

\n
// Dockerfile\nFROM node:12\n\nWORKDIR /usr/src/app\nCOPY package*.json ./\nRUN npm i\nCOPY . .\n\nEXPOSE 80\nCMD ["node", "server.js"]
\n
// .dockerignore\nnode_modules
\n

Then, build the image and push it to the Docker Hub registry:

\n\n
docker build -t <YOUR_DOCKER_ID>/my-backend-api .\ndocker push <YOUR_DOCKER_ID>/my-backend-api
\n

3. Deploy

\n

Now, we deploy the image to our local Kubernetes cluster. We use the default namespace.

\n

Create a deployment:

\n
kubectl create deploy my-backend-api --image=andyy5/my-backend-api
\n\n
kubectl create -f deployment.yaml
\n
// deployment.yaml\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n  name: my-backend-api\n  labels:\n    app: my-backend-api\nspec:\n  replicas: 1\n  selector:\n    matchLabels:\n      app: my-backend-api\n  template:\n    metadata:\n      labels:\n        app: my-backend-api\n    spec:\n      containers:\n      - name: my-backend-api\n        image: andyy5/my-backend-api
\n

Create a service:

\n
kubectl expose deploy my-backend-api --type=ClusterIP --port=80
\n\n
kubectl create -f service.yaml
\n
// service.yaml\napiVersion: v1\nkind: Service\nmetadata:\n  name: my-backend-api\n  labels:\n    app: my-backend-api\nspec:\n  type: ClusterIP\n  ports:\n  - port: 80\n    protocol: TCP\n    targetPort: 80\n  selector:\n    app: my-backend-api
\n

Check that everything was created and the pod is running:

\n
kubectl get deploy -A\nkubectl get svc -A\nkubectl get pods -A
\n

Once the pod is running, the API is accessible within the cluster only. One quick way to verify the deployment from our localhost is by doing port forwarding:

\n\n
kubectl port-forward my-backend-api-84bb9d79fc-m9ddn 3000:80
\n\n
curl http://localhost:3000/user/123
\n

To correctly manage external access to the services in a cluster, we need to use ingress. Close the port-forwarding and let's expose our API by creating an ingress resource.

\n\n

Create an Ingress resource with the following YAML file:

\n
kubectl create -f ingress.yaml\nkubectl get ing -A
\n
// ingress.yaml\napiVersion: networking.k8s.io/v1\nkind: Ingress\nmetadata:\n  name: my-backend-api\n  annotations:\n    ingress.kubernetes.io/ssl-redirect: "false"\nspec:\n  rules:\n  - http:\n      paths:\n      - path: /user/\n        pathType: Prefix\n        backend:\n          service:\n            name: my-backend-api\n            port:\n              number: 80
\n\n
curl http://localhost:80/user/123
\n

If you want to learn more on how to deploy using a managed Kubernetes service in the cloud, such as Google Kubernetes Engine, then check out the excellent guides on the official Kubernetes docs.

\n","frontmatter":{"title":"How to Deploy a REST API in Kubernetes","author":{"id":"Andy Yeung","github":null,"avatar":null},"date":"February 03, 2021","updated_date":null,"tags":["Kubernetes"],"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.492537313432836,"src":"/static/efa8ecb370a0a94f380c24981ede2913/ee604/cover.png","srcSet":"/static/efa8ecb370a0a94f380c24981ede2913/69585/cover.png 200w,\n/static/efa8ecb370a0a94f380c24981ede2913/497c6/cover.png 400w,\n/static/efa8ecb370a0a94f380c24981ede2913/ee604/cover.png 800w,\n/static/efa8ecb370a0a94f380c24981ede2913/f3583/cover.png 1200w","sizes":"(max-width: 800px) 100vw, 800px"}}}},"fields":{"authorId":"Andy Yeung","slug":"/engineering/rest-api-kubernetes/"}}},{"node":{"id":"4836456a-d38a-563c-babe-3f0a5b173c32","html":"

Let's walk through how to build and push Docker images programmatically using Go. To do this, we need to talk to the Docker daemon via the Docker Engine API. This is similar to how the Docker CLI works, but instead of entering commands through a CLI, we'll be writing code with Docker's Go SDK.

\n

At the time of writing, the official Docker Go SDK docs provide great examples of running basic Docker commands with Go. However, it's missing examples on building and pushing Docker images, so we'll go over those in this blog.

\n

Before we begin, this blog assumes you have a working knowledge of Docker and Go. We'll go over the following:

\n\n

Environment Setup

\n

First, we need to set up the environment. Create a project and include the app we want to containerize:

\n
mkdir docker-go-tutorial && cd docker-go-tutorial && mkdir node-hello
\n

We'll add a simple Node.js app:

\n
// node-hello/app.js\nconsole.log("Hello From LoginRadius");
\n

with the Dockerfile:

\n
// node-hello/Dockerfile\nFROM node:12\nWORKDIR /src\nCOPY . .\nCMD [ "node", "app.js" ]
\n

Next, install the Go SDK. These are the Docker related imports we will be using:

\n
"github.com/docker/docker/api/types"\n"github.com/docker/docker/client"\n"github.com/docker/docker/pkg/archive"
\n

Build Docker Image

\n

One way to build a Docker image from our local files is to compress those files into a tar archive first.

\n

We use the archive package provided by Docker:

\n
"github.com/docker/docker/pkg/archive"
\n
tar, err := archive.TarWithOptions("node-hello/", &archive.TarOptions{})\nif err != nil {\n    return err\n}
\n

Now, we can call the ImageBuild function using the Go SDK:

\n\n

To print the response, we use a scanner to go through line by line:

\n
scanner := bufio.NewScanner(res.Body)\nfor scanner.Scan() {\n    lastLine = scanner.Text()\n    fmt.Println(scanner.Text())\n}
\n

This prints the following:

\n
{"stream":"Step 1/4 : FROM node:12"}\n{"stream":"\\n"}\n{"stream":" ---\\u003e e4f1e16b3633\\n"}\n{"stream":"Step 2/4 : WORKDIR /src"}\n{"stream":"\\n"}\n{"stream":" ---\\u003e Using cache\\n"}\n{"stream":" ---\\u003e b298b8519669\\n"}\n{"stream":"Step 3/4 : COPY . ."}\n{"stream":"\\n"}\n{"stream":" ---\\u003e Using cache\\n"}\n{"stream":" ---\\u003e 1ff6a87e79d9\\n"}\n{"stream":"Step 4/4 : CMD [ \\"node\\", \\"app.js\\" ]"}\n{"stream":"\\n"}\n{"stream":" ---\\u003e Using cache\\n"}\n{"stream":" ---\\u003e 6ca44f72b68d\\n"}\n{"aux":{"ID":"sha256:238a923459uf28h80103eb089804a2ff2c1f68f8c"}}\n{"stream":"Successfully built 6ca44f72b68d\\n"}\n{"stream":"Successfully tagged lrblake/node-hello:latest\\n"}
\n

The last step would be checking the response for errors, so if something went wrong during the build, we could handle it.

\n
errLine := &ErrorLine{}\njson.Unmarshal([]byte(lastLine), errLine)\nif errLine.Error != "" {\n    return errors.New(errLine.Error)\n}
\n

For example, the following error can occur during build:

\n
{"errorDetail":{"message":"COPY failed: stat /var/lib/docker/tmp/docker-builder887191115/z: no such file or directory"},"error":"COPY failed: stat /var/lib/docker/tmp/docker-builder887191115/z: no such file or directory"}
\n

All together, the file looks like this:

\n
package main\n\nimport (\n\t"bufio"\n\t"context"\n\t"encoding/json"\n\t"errors"\n\t"fmt"\n\t"io"\n\t"time"\n\n\t"github.com/docker/docker/api/types"\n\t"github.com/docker/docker/client"\n\t"github.com/docker/docker/pkg/archive"\n)\n\nvar dockerRegistryUserID = ""\n\ntype ErrorLine struct {\n\tError       string      `json:"error"`\n\tErrorDetail ErrorDetail `json:"errorDetail"`\n}\n\ntype ErrorDetail struct {\n\tMessage string `json:"message"`\n}\n\nfunc main() {\n\tcli, err := client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation())\n\tif err != nil {\n\t\tfmt.Println(err.Error())\n\t\treturn\n\t}\n\n\terr = imageBuild(cli)\n\tif err != nil {\n\t\tfmt.Println(err.Error())\n\t\treturn\n\t}\n}\n\nfunc imageBuild(dockerClient *client.Client) error {\n\tctx, cancel := context.WithTimeout(context.Background(), time.Second*120)\n\tdefer cancel()\n\n\ttar, err := archive.TarWithOptions("node-hello/", &archive.TarOptions{})\n\tif err != nil {\n\t\treturn err\n\t}\n\n\topts := types.ImageBuildOptions{\n\t\tDockerfile: "Dockerfile",\n\t\tTags:       []string{dockerRegistryUserID + "/node-hello"},\n\t\tRemove:     true,\n\t}\n\tres, err := dockerClient.ImageBuild(ctx, tar, opts)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tdefer res.Body.Close()\n\n\terr = print(res.Body)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\treturn nil\n}\n\nfunc print(rd io.Reader) error {\n\tvar lastLine string\n\n\tscanner := bufio.NewScanner(rd)\n\tfor scanner.Scan() {\n\t\tlastLine = scanner.Text()\n\t\tfmt.Println(scanner.Text())\n\t}\n\n\terrLine := &ErrorLine{}\n\tjson.Unmarshal([]byte(lastLine), errLine)\n\tif errLine.Error != "" {\n\t\treturn errors.New(errLine.Error)\n\t}\n\n\tif err := scanner.Err(); err != nil {\n\t\treturn err\n\t}\n\n\treturn nil\n}
\n

The equivalent Docker CLI command would be:

\n
docker build -t <dockerRegistryUserID>/node-hello .
\n

Push Docker Image

\n

We'll push the Docker image we created to Docker Hub. But, we need to authenticate with Docker Hub by providing credentials encoded in base64.

\n\n

Now, call the ImagePush function in the Go SDK, along with your encoded credentials:

\n
opts := types.ImagePushOptions{RegistryAuth: authConfigEncoded}\nrd, err := dockerClient.ImagePush(ctx, dockerRegistryUserID + "/node-hello", opts)
\n

Together, this looks like:

\n
func imagePush(dockerClient *client.Client) error {\n\tctx, cancel := context.WithTimeout(context.Background(), time.Second*120)\n\tdefer cancel()\n\n\tauthConfigBytes, _ := json.Marshal(authConfig)\n\tauthConfigEncoded := base64.URLEncoding.EncodeToString(authConfigBytes)\n\n\ttag := dockerRegistryUserID + "/node-hello"\n\topts := types.ImagePushOptions{RegistryAuth: authConfigEncoded}\n\trd, err := dockerClient.ImagePush(ctx, tag, opts)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tdefer rd.Close()\n\n\terr = print(rd)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\treturn nil\n}
\n

The equivalent Docker CLI command (after docker login) would be:

\n
docker push <dockerRegistryUserID>/node-hello
\n","frontmatter":{"title":"Build and Push Docker Images with Go","author":{"id":"Andy Yeung","github":null,"avatar":null},"date":"December 08, 2020","updated_date":null,"tags":["Docker","Go"],"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.680672268907563,"src":"/static/f7f513d2d6c5460c9f71278fcb98f766/ee604/cover.png","srcSet":"/static/f7f513d2d6c5460c9f71278fcb98f766/69585/cover.png 200w,\n/static/f7f513d2d6c5460c9f71278fcb98f766/497c6/cover.png 400w,\n/static/f7f513d2d6c5460c9f71278fcb98f766/ee604/cover.png 800w,\n/static/f7f513d2d6c5460c9f71278fcb98f766/31987/cover.png 1000w","sizes":"(max-width: 800px) 100vw, 800px"}}}},"fields":{"authorId":"Andy Yeung","slug":"/engineering/build-push-docker-images-golang/"}}},{"node":{"id":"92200a97-74be-5423-a4f1-a30f7eb0bea6","html":"

What is PGP?

\n

PGP (Pretty Good Privacy) is a cryptographic process used to encrypt and decrypt information. It combines concepts from symmetric and asymmetric key encryption, maintaining some of the best security and usability aspects of both.

\n

One way PGP can be used is to protect the confidentiality of information. Once the information is encrypted, nobody will be able to decrypt it unless they have the right key. In practice, PGP is commonly used in sending and receiving emails, sharing information on the Dark Web, and others. This is because both on and off the Internet, there are ways to intercept information being sent, making encryption using PGP or similar critical.

\n

On a high-level the process between a sender and receiver looks like this:

\n
    \n
  1. The recipient generates public and private keys.
    2. \n
  2. The recipient sends its public key to the sender.
    3. \n
  3. The sender encrypts the message using the given public key.
    4. \n
  4. The sender sends the encrypted message to the recipient.
    5. \n
  5. The recipient decrypts the message using its private key.
    6. \n
\n

PGP Examples in Node.js

\n

Now, let's go over some examples in Node.js using the openpgp library.

\n\n

We'll go over some basic examples and show how to encrypt & decrypt large files using Node.js streams.

\n

First, set up your Node.js project and install openpgp.js:

\n
mkdir pgp-tutorial && cd pgp-tutorial && npm init\nnpm i openpgp --save
\n

Note: examples use openpgp v4.10.8

\n

Generating keys

\n

When generating private and public PGP keys with OpenPGP, you can define which curve to use in Elliptic-curve cryptography. In this example, we use Ed25519 for its performance and small key size. For the full list of curves, you can choose from, refer to OpenPGP.js docs.

\n

You also need to define a passphrase used to decrypt files and the private key. In practice, this should be a strong, randomized secret generated for a single-use.

\n
// generate-keys.js\nconst openpgp = require("openpgp");\n\ngenerate();\nasync function generate() {\n  const { privateKeyArmored, publicKeyArmored } = await openpgp.generateKey({\n    userIds: [{ name: "person", email: "person@somebody.com" }],\n    curve: "ed25519",\n    passphrase: "qwerty",\n  });\n  console.log(privateKeyArmored);\n  console.log(publicKeyArmored);\n}
\n

Running the above gives us our private key:

\n
-----BEGIN PGP PRIVATE KEY BLOCK-----\nVersion: OpenPGP.js v4.10.8\nComment: https://openpgpjs.org\n\nxYYEX6iKVxYJKwYBBAHaRw8BAQdANJ6JIXuMMZV3NIlwq0POS7xsF2N7+kAE\n7KQjAtfIuqj+CQMI4CUgW9jPsGPgJvQnnCWFf1s7lO/5+D5ZQ9JK25fUtmQo\nWyHX0Ja1ryOoFnvq7u+7fUC0+RAzt8S1xv3eDzazfgNuLtEmufwMyR6wMi78\nKc0ccGVyc29uIDxwZXJzb25Ac29tZWJvZHkuY29tPsKPBBAWCgAgBQJfqIpX\nBgsJBwgDAgQVCAoCBBYCAQACGQECGwMCHgEAIQkQVrbGpNEnCPUWIQQb8YRJ\nhw7DjekU68lWtsak0ScI9UM7AQDv4YRbIdU2ErPf8MobreeLiXXjYZ6fas8E\nzW0KoTZWEQD+NHDY2YYByMF1mWusPkdPDpyBzqMJrlMeihMzZ+PE8AfHiwRf\nqIpXEgorBgEEAZdVAQUBAQdARY37/Vys4Sj6DvwN6TRjxrIqiMIngxQgvOb6\nwi+tQzEDAQgH/gkDCJ2xNZ1OXxv94E8fTLQ3gYHFQuebn/PSijD8CqlvHNB/\n/Z9sIxSFt7rzorW+9v6Awfe+pQwXW5iEyJkdiGu3BM91GMwMvMmZ+rBNlBvq\niX7CeAQYFggACQUCX6iKVwIbDAAhCRBWtsak0ScI9RYhBBvxhEmHDsON6RTr\nyVa2xqTRJwj17W0BAI5MuCWHrqjSRcdjLTwxa++jYv+Yxq4tODj8oh27T86v\nAQCfb3lij9JGlIMNDQgceeougl+Lw4Gb0kQCnsNQRggTDw==\n=yzT4\n-----END PGP PRIVATE KEY BLOCK-----
\n

And the public key:

\n
-----BEGIN PGP PUBLIC KEY BLOCK-----\nVersion: OpenPGP.js v4.10.8\nComment: https://openpgpjs.org\n\nxjMEX6iKVxYJKwYBBAHaRw8BAQdANJ6JIXuMMZV3NIlwq0POS7xsF2N7+kAE\n7KQjAtfIuqjNHHBlcnNvbiA8cGVyc29uQHNvbWVib2R5LmNvbT7CjwQQFgoA\nIAUCX6iKVwYLCQcIAwIEFQgKAgQWAgEAAhkBAhsDAh4BACEJEFa2xqTRJwj1\nFiEEG/GESYcOw43pFOvJVrbGpNEnCPVDOwEA7+GEWyHVNhKz3/DKG63ni4l1\n42Gen2rPBM1tCqE2VhEA/jRw2NmGAcjBdZlrrD5HTw6cgc6jCa5THooTM2fj\nxPAHzjgEX6iKVxIKKwYBBAGXVQEFAQEHQEWN+/1crOEo+g78Dek0Y8ayKojC\nJ4MUILzm+sIvrUMxAwEIB8J4BBgWCAAJBQJfqIpXAhsMACEJEFa2xqTRJwj1\nFiEEG/GESYcOw43pFOvJVrbGpNEnCPXtbQEAjky4JYeuqNJFx2MtPDFr76Ni\n/5jGri04OPyiHbtPzq8BAJ9veWKP0kaUgw0NCBx56i6CX4vDgZvSRAKew1BG\nCBMP\n=C6S6\n-----END PGP PUBLIC KEY BLOCK-----
\n

File Encryption

\n

Now we can start encrypting information.

\n

Create a text file:

\n
echo 'This file contains secret information' > secrets.txt
\n

Here, we act as the sender who received a public key from the intended recipient. We use their public key to encrypt the confidential information:

\n
// encrypt-file.js\nconst openpgp = require("openpgp");\nconst fs = require("fs");\n\nconst publicKeyArmored = <PUBLIC KEY GIVEN BY RECIPIENT>\n\nencrypt();\nasync function encrypt() {\n  const plainData = fs.readFileSync("secrets.txt");\n  const encrypted = await openpgp.encrypt({\n    message: openpgp.message.fromText(plainData),\n    publicKeys: (await openpgp.key.readArmored(publicKeyArmored)).keys,\n  });\n\n  fs.writeFileSync("encrypted-secrets.txt", encrypted.data);\n}
\n

In the newly created encrypted-secrets.txt file, we have the contents encrypted like so:

\n
-----BEGIN PGP MESSAGE-----\nVersion: OpenPGP.js v4.10.8\nComment: https://openpgpjs.org\n\nwV4DUsPKVnc3UHMSAQdAey4TJiEOrZQIrx6q2zBLgmPkbnhPMt1WR+jCWX5x\nGn8wEim8W4OhDVMwfhtgVIClBCGPhvdeZ1zvVUAJGDdl8+S+DUynKhPNcN8m\nKb9TRGYs0sAlAaXcTChBHSS5kDHV/8Hgjcn0OIs6v2mbCkz/bHs/shwf8WMI\nov711iEkgcXnXIX+ZDGyDFnAKftoygzAf0aZy82g7ejAD9SX13wNmO6TK8Gw\nwr9Xj8F6XBV0yHvdsm2uzRY9W03tTSqAf0anEs+ZWyVR/ha9ddnZJPFKtUbC\nBEF4AMavsIN0CcqpA4q69I3E6GEtkAzgBWfJOOO8mQsNQ1vJWcJocinryBE6\nKbhznoe+R69qmUaJXPpe5scF6tfCYuQtPz4uhOljT+OUP6qss5Nz4zBs4JLq\nnUlyynLLSSgdVr4Hvg==\n=5tyF\n-----END PGP MESSAGE-----
\n

Now, as the sender, we can send the encrypted file to the recipient.

\n

File Decryption

\n

Here, we act as the reciever. To decrypt the encrypted-secrets.txt file, we use our private key and passphrase:

\n
// decrypt-file.js\nconst openpgp = require("openpgp");\nconst fs = require("fs");\n\nconst privateKeyArmored = <PRIVATE KEY>\nconst passphrase = <PASS PHRASE>;\n\ndecrypt();\nasync function decrypt() {\n  const privateKey = (await openpgp.key.readArmored([privateKeyArmored])).keys[0];\n  await privateKey.decrypt(passphrase);\n\n  const encryptedData = fs.readFileSync("encrypted-secrets.txt");\n  const decrypted = await openpgp.decrypt({\n    message: await openpgp.message.readArmored(encryptedData),\n    privateKeys: [privateKey],\n  });\n\n  console.log(decrypted.data);\n}
\n

Which logs the decrypted file contents:

\n
This file contains secret information.
\n

Using Streams for Large Files

\n

If you plan on encrypting or decrypting large files, you won't be able to fit the entire file contents in memory. In this case, you can use Node.js streams.

\n

Here, we encrypt a large file called dataset-1mill.json using streams:

\n
encrypt();\nasync function encrypt() {\n  const encrypted = await openpgp.encrypt({\n    message: openpgp.message.fromText(fs.createReadStream("dataset-1mill.json")),\n    publicKeys: (await openpgp.key.readArmored(publicKeyArmored)).keys,\n  });\n\n  let readStream = encrypted.data;\n  let writeStream = fs.createWriteStream("encrypted-dataset.txt", { flags: "a" });\n  readStream.pipe(writeStream);\n  readStream.on("end", () => console.log("done!"));\n}
\n

And then, we decrypt the newly created encrypted-dataset.txt using streams:

\n\n
openpgp.config.allow_unauthenticated_stream = true;\n\ndecrypt();\nasync function decrypt() {\n  const privateKey = (await openpgp.key.readArmored([privateKeyArmored])).keys[0];\n  await privateKey.decrypt(passphrase);\n\n  const decrypted = await openpgp.decrypt({\n    message: await openpgp.message.readArmored(fs.createReadStream("encrypted-dataset.txt")),\n    privateKeys: [privateKey],\n  });\n\n  let readStream = decrypted.data;\n  let writeStream = fs.createWriteStream("decrypted-dataset.json", { flags: "a" });\n  readStream.pipe(writeStream);\n  readStream.on("end", () => console.log("done!"));\n}
\n

Now, decrypted-dataset.json will have the same contents as our original dataset-1mill.json file.

\n","frontmatter":{"title":"Using PGP Encryption with Nodejs","author":{"id":"Andy Yeung","github":null,"avatar":null},"date":"November 10, 2020","updated_date":null,"tags":["Security","NodeJs","Encryption"],"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.7699115044247788,"src":"/static/a427e4132564cc095bcc9015faa67da4/ee604/cover.png","srcSet":"/static/a427e4132564cc095bcc9015faa67da4/69585/cover.png 200w,\n/static/a427e4132564cc095bcc9015faa67da4/497c6/cover.png 400w,\n/static/a427e4132564cc095bcc9015faa67da4/ee604/cover.png 800w,\n/static/a427e4132564cc095bcc9015faa67da4/05d05/cover.png 1080w","sizes":"(max-width: 800px) 100vw, 800px"}}}},"fields":{"authorId":"Andy Yeung","slug":"/engineering/using-pgp-encryption-with-nodejs/"}}},{"node":{"id":"3ea7051a-0be9-5995-b1f1-a26c9a436e05","html":"

This blog is part 1 of a series on gRPC. Part 1 will go over some important concepts, part 2 will be a walkthrough of a client-server implementation in Go, and part 3 will be about LoginRadius' experience migrating to gRPC!

\n

gRPC

\n

gRPC, simply put, is just another way to send data across networks. It can be used to communicate between services in a microservice architecture, where a single service can interact with multiple others. Similarly, in client-server models, there can be multiple clients communicating with a common backend server.

\n

\n \n \n

\n

The gRPC framework was initially developed at Google and is now open-source. It is a modern implementation of the RPC (Remote Procedure Call) protocol, which has been around since the 80s. You will often see gRPC being compared to other technologies like SOAP, REST, and GraphQL.

\n

Some features:

\n\n

How is it used to send data?

\n

gRPC is based on the idea of calling a remote procedure just like a local one. A procedure is like a function or a method. So, ideally developers can treat remote and local calls similarly. A great thing about gRPC is that developers do not need to know the details of the remote interaction.

\n

Here is a diagram from the official grpc docs showing the flow:

\n

\n \n \n

\n

Why gRPC?

\n

One compelling reason to use gRPC is that it provides high performance

\n\n

How does it differ from REST?

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
gRPCREST
APIContract-based i.e. stubsResource-based and relies on HTTP verbs i.e. GET/PUT/POST/DELETE
Network protocolHTTP/2HTTP/1.1 or HTTP/2
Data serialization formatProtocol buffersJSON
StreamingBuilt-in support for client, server, and bi-directional streamingREST on HTTP/1.1 does not allow streaming
\n

Other Considerations

\n

Here, we briefly go over a few other things to consider with gRPC. These will be covered in more detail in another blog.

\n

Management of proto files
\nIf you plan to have multiple proto files and client services, you need some way to manage them for distribution and version control. One solution is to keep all proto files in a central git repository, and maintain versions using git tags.

\n

Using proto2 vs. proto3
\nProtocol buffers have two syntax versions: proto2 and proto3.

\n\n

Load-Balancing
\nSomething to note about load-balancing gRPC is that HTTP/2 requires L7 (Application Layer) load-balancers. Recall that in HTTP/2, TCP connections are long-lived and requests are multiplexed. This makes L4 (Connection Layer) load-balancers ineffective. This differs from HTTP/1.1 where TCP connections get cycled and can benefit from L4 load-balancers. 

\n

That's it for now! To learn more, check out the official gRPC and protobuf docs.

\n","frontmatter":{"title":"Getting Started with gRPC - Part 1 Concepts","author":{"id":"Andy Yeung","github":null,"avatar":null},"date":"October 30, 2019","updated_date":null,"tags":["Engineering","gRPC"],"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1,"src":"/static/ceff66d5b341e58e4b85f5a6c3a7cbad/f006c/grpc.png","srcSet":"/static/ceff66d5b341e58e4b85f5a6c3a7cbad/69585/grpc.png 200w,\n/static/ceff66d5b341e58e4b85f5a6c3a7cbad/f006c/grpc.png 246w","sizes":"(max-width: 246px) 100vw, 246px"}}}},"fields":{"authorId":"Andy Yeung","slug":"/engineering/getting-started-with-grpc-part-1-concepts/"}}},{"node":{"id":"2644589b-5c0e-5354-a784-84ff04c24fe4","html":"

Introduction

\n

Cross-Site Request Forgery (CSRF) is a common web application attack where a victims’ authenticated session becomes compromised. This attack essentially tricks a victim into performing unintended tasks on a website they are authenticated in. There are variations to this attack, and a popular one we will discuss is utilizing authentication token to imitate api requests.

\n

Context

\n

In order to understand CSRF, it is important to know how cookies and authentication tokens are used for persisting user sessions. Cookies are information stored in the browser, and often used for managing state between HTTP requests. A key feature of cookies is that they are automatically passed as a header in HTTP requests. Authentication tokens are typically stored as cookies, and are a way to keep track of a users’ authenticated session. These tokens are set as cookies after a user successfully authenticates themselves by log in.

\n

How it works

\n

CSRF takes advantage of the storage of auth tokens in the browser, and constructs http requests to a target server on behalf of the user. Imitating http requests from the legitimate site requires research and preparation from the attacker beforehand, such as finding vulnerable websites and api’s suitable for the attack.

\n

\n \n \n

\n

When a request is made by the client, both tokens are sent to the server, and the server will then ensure the tokens are valid pairs before processing the request as normal.

\n

\n \n \n

\n

Now the attacker will be unable to perform CSRF since they will not have access to the token hidden in the pages HTML, and the target server requires a valid token pair before processing the request.

\n

There are also many other mitigation techniques, such as using the Same-Site cookie attribute, and requiring user interaction such as CAPTCHA for requests. Learn more on the OWASP wiki).

\n","frontmatter":{"title":"Introduction to Cross-Site Request Forgery (CSRF)","author":{"id":"Andy Yeung","github":null,"avatar":null},"date":"October 30, 2019","updated_date":null,"tags":["CSRF"],"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.3333333333333333,"src":"/static/4a13eeb54334febf9c8db79b24424eb6/2244e/crosspath.jpg","srcSet":"/static/4a13eeb54334febf9c8db79b24424eb6/f836f/crosspath.jpg 200w,\n/static/4a13eeb54334febf9c8db79b24424eb6/2244e/crosspath.jpg 400w","sizes":"(max-width: 400px) 100vw, 400px"}}}},"fields":{"authorId":"Andy Yeung","slug":"/engineering/introduction-to-cross-site-request-forgery-csrf/"}}},{"node":{"id":"4b688594-9414-574b-9a09-fdb408066b30","html":"

Both encryption and hashing have significant uses in cryptology and other fields. One defining difference between them is that encryption is reversible, while hashing is irreversible. Because of this, encryption is often used for protecting the confidentiality of data. Only authorized people with the key should be able to access the data. On the other hand, hashing works well for verification; knowing the actual data is unnecessary, just whether or not the hashes are the same.

\n

Encryption example: sending confidential documents to a co-worker through email.

\n
    \n
  1. Encrypt confidential documents.
    2. \n
  2. Send encrypted documents & key to co-worker through different sources.
    3. \n
  3. Co-worker receives the documents & decrypts them using the key.
    4. \n
\n

Hashing example: verifying user credentials for login.

\n
    \n
  1. User registers and creates a password.
    2. \n
  2. Server hashes a password and stores it in a database.
    3. \n
  3. User logs in by submitting their password.
    4. \n
  4. Server hashes the submitted password, and compares it with the hashed password in the database.
    5. \n
  5. If hashes are the same, the user is authenticated.
    6. \n
\n

Encryption

\n

Encryption is defined as conversion of electronic data into unreadable format by using encryption algorithms. This process of encoding the original data is called encryption. The data dump after encoding is called ciphertext.

\n

The purpose of encryption is to protect stored data, by guaranteeing that the information cannot be understood by individuals other than the proposed recipient(s).

\n

Encryption transforms information under another format such that just particular individual(s) could decrypt the conversion.

\n

DES

\n

The Data Encryption Standard (DES) is a symmetric key algorithm that was widely used for many years. DES is a block cipher that uses a 64-bit block of plaintext and a 56-bit key in order to output a 64-bit block of ciphertext. The core of the algorithm is composed of a series of repetitive modules that transform the block of plaintext. Each module’s bit manipulation includes transposition, splitting, concatenation, and combination with the key. A security limitation is that the key can be brute forced, especially since in DES the key is a relatively short 56-bits (thus, 256possibilities). Because of the technological advances in computing, DES is now considered insecure.

\n

3DES

\n

Triple Data Encryption Standard (3DES/TDES) is a successor to DES, and runs the DES algorithm three times to each block of data. The standard keying option is to use 3 keys of 56-bits each, resulting in a final key of 3 x 56 = 168-bits. A security limitation is its vulnerability to meet-in-the-middle attacks, where essentially the attacker brute forces the encryption of the plaintext and decryption of the ciphertext at the same time. This allows the 168-bit key to be brute forced in 22 x 56iterations.

\n

AES

\n

The Advanced Encryption Standard (AES) is a symmetric key algorithm trusted worldwide including the U.S government with classified material. AES is a block cipher which uses 128-bit blocks of plaintext, and three key options: 128-bit, 192-bit, and 256-bit. On a high-level, AES shares many fundamental concepts with DES; in particular, transforming a block of plaintext through repetition and bit manipulation. This include substitution, transposition, and bitwise operations. Currently, the only security limitation is its theoretical risk to brute force.

\n

RSA

\n

The Rivest-Shamir-Adleman (RSA) is a asymmetric key algorithm based on the difficulty of prime factorization. The algorithm first generates a private and public key using 2 random, sufficiently large, and distinct prime numbers. Public keys can then be distributed to external parties. Plaintext encrypted using the public key and RSA formula can only be decrypted using the private key. Security limitations include weak key generation due to poor choices in prime numbers, and the possibility of breakthroughs such as quantum computers trivializing prime factorization.

\n

Blowfish

\n

Blowfish is a symmetric key algorithm freely available in the public domain. As a block cipher, Blowfish processes 64-bit blocks of plaintext, and a key ranging from 32 to 448-bits. It is known to be fast compared to existing alternatives, except when changing keys. The algorithm involves multiple cycles of splitting the key into 2 subarrays, substituting bits, and performing a series of bitwise operations with parts of the plaintext block. A security limitation is its relatively small block size of 64-bits makes it vulnerable to birthday attacks, which is based on probability theory.

\n

Twofish

\n

Twofish is a symmetric key algorithm freely available in the public domain. Twofish is a block cipher with 128-bit blocks of plaintext, and up to a 256-bit key. The designer of Blowfish also worked on Twofish. Similar to Blowfish, Twofish is a fast cipher, and shares some of the same concepts and structure in transforming a block of plaintext. Currently, the only security limitation is its theoretical risk to brute force.

\n

Skipjack

\n

Skipjack is a symmetric key algorithm with 64-bit blocks of plaintext and 80-bit key. It was designed by the NSA with the purpose of encrypting voice transmission, and later declassified for public knowledge. The algorithm is based off a technique of repeatedly splitting the plaintext block and performing bitwise operations with subkeys. Currently, the only security limitation is its theoretical risk to brute force, especially due to its relatively short key.

\n

Use Cases

\n

Symmetric key encryption

\n\n

Asymmetric key encryption

\n\n

Hashing

\n

Hashing is a process of taking a big block of data and reducing it to smaller blocks of data in a specific order by using hashing functions. Cryptographic hashes are irreversible.

\n\n

Some properties of hashed data:

\n\n

The output of a hashing algorithm is a hashed value, also known as a message digest. Analogous to a fingerprint.

\n

MD4

\n

The Message Digest 4 (MD4) algorithm takes an input text of arbitrary length, and outputs a 128-bit digest in the form of a 32-digit hexadecimal number. The algorithm works by first padding the text to a certain length, and then appending to it a 64-bit binary representation of the text. Next, the text is processed in blocks of 512-bits, with each block undergoing three rounds of bit manipulation. MD4 is insecure, as a collision attack was found. This is where two input texts produce the same output digest (a hash collision), thus allowing for issues such as forging digital signatures.

\n

MD5

\n

The Message Digest 5 (MD5) algorithm is similar to MD4, except each block is processed in four more complex rounds. MD5 is also considered insecure, as a collision attack was found. However, MD5 is still often used in the industry for cases which do not require collision resistance, such as password hashing. Better solutions exists, but tradition and lack of modern security expertise drives the popularity of MD5.

\n

SHA-1

\n

The Secure Hash Algorithm 1 (SHA-1) takes an input text of arbitrary length, and outputs a 160-bit digest, typically in the form of a 40-digit hexadecimal number. The algorithm performs padding, and 80 rounds of text manipulation such as bitwise shifting and XOR operations. SHA-1 is considered insecure, as a collision attack was found.

\n

SHA-2

\n

The Secure Hash Algorithm 2 (SHA-2) is a family of successors to SHA-1. This includes SHA-224, SHA-256, SHA-384, and SHA-512. Digest sizes range from 224 to 512-bits, increasing its difficulty to brute force. The algorithm consists of padding, and 64 or 80 rounds of bit manipulation. A security limitation is its vulnerability to length extension attacks. When the algorithm is finished, this attack takes advantage of the internal state of the machine in order to keep processing new text. As a result, it is possible to construct a new digest which is an extension of the original digest.

\n

HMAC-SHA1

\n

Hash-based Message Authentication Code SHA-1 (HMAC-SHA1) uses the SHA-1 hashing algorithm and a key in order to generate a HMAC. Due to the usage of a key, there is less chance of a hash collision, but the key is vulnerable to discovery through brute force. Additionally, HMAC is vulnerable to length extension attacks.

\n

HMAC-SHA256

\n

Hash-based Message Authentication Code SHA-256 (HMAC-SHA256) uses the SHA-256 hashing algorithm and a key in order to generate a HMAC. Security concerns include the key being brute forced, and length extension attacks.

\n

PBKDF2

\n

Password-Based Key Derivation Function 2 (PBKDF2) is a hashing algorithm designed to be used for passwords. By design, hashing using PBKDF2 is slow, making it much more difficult to brute force a password. This is because the algorithm takes in a random salt, as well as the desired number of times to hash the password. Other inputs include the desired length of the output, and the hashing function used. Typically, the recommended number of iterations range in the tens of thousands, but depends on the hashing function and capabilities of the application. However, brute force still remains a threat, especially with weakly chosen salts and a small number of iterations.

\n

Argon 2

\n

Argon2 is a cryptographic hashing algorithm, most recommended for password hashing. It hashes a plain text input to a hash as per the parameters mentioned. It is governed by six parameters: password, salt, memory cost, time cost, parallelism factor, the hash length, along with one of the three algorithms included in it.

\n

Argon2 has 3 versions: Argon2d, Argon2i and Argon2id.

\n
    \n
  1. Argon2d is more resistant to GPU attacks as it accesses the memory array in a password dependent order reducing the possibility for TMTO attacks but leaves itself vulnerable to side-channel attacks.
    2. \n
  2. Argon2i, unlike '2d', accesses memory in a password independent order which increases resistance against side-channel attacks.
    3. \n
  3. Argon2id is a hybrid of '2i' and '2d'. It is always recommended one except when there are reasons to prefer one of the other two modes.
    4. \n
\n

It has experienced two attacks on Argon2i. The first attack is applicable only to the old version of Argon2i. The second attack has not been secured yet.

\n

Use Cases

\n

Authentication

\n\n

Message integrity

\n\n

Identification

\n\n

Encoding and Cryptography

\n

Encoding

\n

The process of transforming the data by using an algorithm (that is publicly available) into another format.

\n

The motivation behind encoding is to change information with the goal that it can be appropriately (and securely) fed to a different system. The main objective is not to keep data secret, but instead to guarantee that it is ready to be legitimately used.

\n

Symmetric key cryptography

\n

The process of using the same key for encrypting and decrypting the text is called symmetric key cryptography.

\n

Asymmetric key cryptography

\n

The process of using a public key for encryption and a private key for decryption is called asymmetric key cryptography.

\n

Stream cipher

\n

The process of encrypting or decrypting the text bit by bit using a symmetric key is called stream cipher. The stream cipher process is high speed and requires low hardware complexity.

\n

Block cipher

\n

The process of encrypting or decrypting the text block by block using a symmetric key is called block cipher. Block ciphers are the functions that take an input message and a key in order to create a new, encrypted ciphertext. Block cipher are used with Symmetric key encryption.

\n

Block ciphers are invertible and efficiently computable. E.g. DES, AES, BlowFish etc.

\n

Cryptographic Salt

\n

Salts are an additional piece of data used in hashing algorithms, typically for passwords. They help protect against brute force attacks, by adding complexity to the hashes. As a result, salts increase the time taken to brute force a single hash, and deter against optimizations such as dictionaries and precomputed tables.

\n","frontmatter":{"title":"Encryption and Hashing","author":{"id":"Andy Yeung","github":null,"avatar":null},"date":"December 24, 2018","updated_date":null,"tags":["Encryption","Hashing"],"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":3.278688524590164,"src":"/static/9f60d8a12e2cb9240bfe54b54515b42a/3087f/encryption-and-hashing.png","srcSet":"/static/9f60d8a12e2cb9240bfe54b54515b42a/69585/encryption-and-hashing.png 200w,\n/static/9f60d8a12e2cb9240bfe54b54515b42a/497c6/encryption-and-hashing.png 400w,\n/static/9f60d8a12e2cb9240bfe54b54515b42a/3087f/encryption-and-hashing.png 615w","sizes":"(max-width: 615px) 100vw, 615px"}}}},"fields":{"authorId":"Andy Yeung","slug":"/engineering/encryption-and-hashing/"}}},{"node":{"id":"ced9f3b5-ac7d-5aea-a05f-96f4f5eeff80","html":"

Time Required: 20 minutes.
\nTechnologies: Express, Node.js, JavaScript.
\nPrerequisites:

\n\n

This tutorial will go over how to build a bot that will respond to pings (i.e. @), and send messages to a chat room. On a high level, the bot will run on an express server, and receive pings via an HTTP endpoint. Responses to pings will be sent synchronously through a payload in the HTTP response, while bot-initiated messages will be sent asynchronously using the Google Hangout Chat API.

\n
Outline
\n
    \n
  1. Environment setup.
    2. \n
  2. Get bot to respond to pings.
    3. \n
  3. Send bot-initiated messages.
    4. \n
  4. Deploy.
    5. \n
\n
Environment Setup
\n

Create a new project with the file ‘app.js’.
\nOpen command line/terminal, and navigate to your project directory. Run ‘npm init’, and press enter until package.json is created. Next, install the following dependencies:

\n\n

In ‘app.js’, let’s setup our server:

\n
const express = require('express');\nconst bodyParser = require('body-parser');\nconst { google } = require('googleapis');\n\nconst app = express();\n\napp.use(bodyParser.urlencoded({\n  extended: false\n}));\n\napp.use(bodyParser.json());\n\napp.listen(8100, function() {\n  console.log('App listening on port 8100.');\n});
\n

Running ‘node app.js’ will now create a local server on port 8100.

\n
Responding to Pings
\n

The bot will respond to pings through a HTTP POST endpoint. Create one with express:

\n
app.post('/', function(req, res) {\n  console.log('someone pinged @');\n\n  if (req.body.type === 'MESSAGE') {\n    return res.json({\n      text: 'sleeping...'\n    });\n  }\n});
\n

The bot will respond with the text: ‘sleeping…’.

\n

Synchronously responding to messages simply requires us to return a response to Google. The downside to this is the 30 second time limit before Google no longer accepts responses to the request. For instance, this would be a problem if you were building some kind of reminder app; the bot wouldn't be able to synchronously respond after 30 seconds. This is where async responses come in.

\n
Bot-initiated Messages
\n

To show this, we will have our bot post to a chat room every 1 minute.

\n

Sending async messages to Google API requires a Service Account for authentication. Once authenticated, we can make a POST request to a Google API URL that will create a message.

\n

So first, create a Google Service Account following these steps. Take the downloaded JSON file and put it in the root directory of your project. Here, we renamed it to googlekeys.json:

\n
const gkeys = require('./googlekeys.json');
\n

We will be making POST requests using Unirest:

\n
const unirest = require('unirest');
\n

Now generate a JWT that will be used in our POST request:

\n
function getJWT() {\n  return new Promise(function(resolve, reject) {\n    let jwtClient = new google.auth.JWT(\n      gkeys.client_email,\n      null,\n      gkeys.private_key, ['https://www.googleapis.com/auth/chat.bot']\n    );\n\n    jwtClient.authorize(function(err, tokens) {\n      if (err) {\n        console.log('Error create JWT hangoutchat');\n        reject(err);\n      } else {\n        resolve(tokens.access_token);\n      }\n    });\n  });\n}
\n

Here is our function for posting messages. ROOM-ID can be found in the URL of the hangout chat room page i.e.: https://chat.google.com/u/0/room/{ROOM-ID}

\n
function postMessage(count) {\n  return new Promise(function(resolve, reject) {\n      getJWT().then(function(token) {\n          unirest.post('https://chat.googleapis.com/v1/spaces/' + {ROOM-ID} + '/messages')\n              .headers({\n                  "Content-Type": "application/json",\n                  "Authorization": "Bearer " + token\n              })\n              .send(JSON.stringify({\n                  'text': 'Hello! This is message number ' + count,\n              }))\n              .end(function(res) {\n                  resolve();\n              });\n      }).catch(function(err) {\n          reject(err);\n      });\n  });\n}
\n

Finally, add the code that will repeat our post every minute.

\n
const timer = require('timers');\n\napp.listen(8100, function() {\n  console.log('App listening on port 8100.');\n\n  let count = 0;\n  timer.setInterval(function() {\n      postMessage(count += 1);\n  }, 60000);\n});
\n
Deploy
\n

Expose your local server to public (we used ngrok).

\n

Login to developer console. Create a new project, and enable Hangout Chat API. Under configuration, set:

\n\n

Restart your local server, and that’s it! Make sure you have your bot added to the chat room, and you can ping it by sending @. The bot will also post to the chat room every minute.

\n

There are a lot of different ways to further extend this bot, such as setting reminders/notifications, making to-do lists, displaying server logs, and interacting with API’s.

\n

\n \n \n

\n","frontmatter":{"title":"Creating a Google Hangout Bot with Express and Node.js","author":{"id":"Andy Yeung","github":null,"avatar":null},"date":"June 06, 2018","updated_date":null,"tags":["Express","NodeJs","Hangout"],"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1,"src":"/static/f62c49828f8a2a1d1483abd689ceb93e/aac8d/hangoutchatimgage2.jpg","srcSet":"/static/f62c49828f8a2a1d1483abd689ceb93e/f836f/hangoutchatimgage2.jpg 200w,\n/static/f62c49828f8a2a1d1483abd689ceb93e/2244e/hangoutchatimgage2.jpg 400w,\n/static/f62c49828f8a2a1d1483abd689ceb93e/aac8d/hangoutchatimgage2.jpg 630w","sizes":"(max-width: 630px) 100vw, 630px"}}}},"fields":{"authorId":"Andy Yeung","slug":"/engineering/creating-a-google-hangout-bot-with-express-and-node-js/"}}}]},"authorYaml":{"id":"Andy Yeung","bio":"Software Developer at LoginRadius with an interest in big data and basketball..","github":null,"stackoverflow":null,"linkedin":null,"medium":null,"twitter":null,"avatar":null}},"pageContext":{"id":"Andy Yeung","__params":{"id":"andy-yeung"}}},"staticQueryHashes":["1171199041","1384082988","2100481360","23180105","528864852"]}