All right. What up girl. I wanted when I posted last night or the one from Monday goes in his myths raft. Yeah. They realized we're trying to use. So if you poke around in the source code, you can see the Firebase like path structure. And I'd probably almost entirely move to like, you know, I GET requests in Python, just select the Firebase dot JSON or whatever so that you can go fast enough. I got it. I was wondering. Yeah. Yeah. So you can do a get and I set up the rules so that you can't get them all at once. You've gotta go one at a time. Um, which is fun. Word. Hi. All right. Can you hear me all right, zoom, zoom, poke. Right. Okay. Sharing and maybe meeting fence. But you listen to me. I don't listen to you. Okay. Great. Yeah. I'm not I'm not I'm not trying to be hybrid. You somebody's like I'm stuck in a bus or whatever like that. It's just helping them out in some way. I do want to hide this joint. Two more. All right. Cool. All right. And I don't need to really look at myself either, I guess, although Okay. Okay. That's that. So with this morning and last night, I really need to go to bed and I stayed up making more flags on it also. So on the flag Bragg channel, I have a probably the three of you go to the flags every time. I think you feel like you're in a race. And so once the first person gets it, you're like, I didn't make it like that's pretty hardcore to go first blood on flags like like, you know, everybody get the flag. Like I gotta do it like this. Let's find something else. Gets it, you got validation like Cool. Okay. I know it's possible. Like, you know. So because I don't know, it's a lot of love goes into those. So enjoy them. The one that I released this morning or last night or whatever, in order to augment this lecture going a second time. It is the most dangerous flags so far. So I didn't put it on my own servers because you guys could do some real harm once you're in there. So so just be aware that that and, and since it's a little bit, it'll be root. What's your name by the way? One guy, He's like, Yeah, I want to learn some notes or just and right, so I appreciate it. So this is a adjusting lecture. These things sometimes have to wake up. Oh good, good. All right. Here's, here's your setup. Anyway, super dangerous this one. And here's the source code for you to look at the source code. That's cool. Enjoy. All right, so okay. Now, a couple of bookkeeping thoughts before I dive straight back in. The homework I gave you over the weekend, was to have two authenticated users in your app. Have one of them be an admin in some way and be able to add admin to the other one, right? So it means you probably feel like display a list of your users and, and know who you are and click it. That's a pretty complex thing. Like there's, there's four or five steps and none of those steps are very visible. Like one of the things that sucks about web dev is that the part your client writes the check for. You can do in 10 seconds, right? And the part that takes you 10 hours, they never see or appreciate. Right? So, so, you know, I, I can go to HTML up or whatever and just grab one of these things and just hydrate some crap into it. I can be done in 10 seconds. You're like, wow, this is amazing and it's responsive to look at stuff or whatever. And looking at it. I know I'm so good. But the part that actually mattered, like way down the road or whatever in the wiring up the data and stuff like that. They'll, you know, that will feel clunky. And the end, it'll never get fully appreciated, right? And so, so there's this inverse proportion in that leads to a lot of snake oil out in Silicon Valley like that leads to a lot of stuff that seems rather than is, don't live your life that way. Like it's tempting. It, It's a feisty and deal. It's like literally saying, I will live a low integrity, dead wife for cash, right? It's like the prostitution of web dev. So don't do that. Just do the right thing, you know. So you can make a pretty, that's fine. But, but like love yourself at the end of the day, they'll sell your soul. All right? And that's not necessarily an anti-capitalist thing or anything like that. It's just like goes the pressures, the system works when you just concentrate on being good to other people. And then all of a sudden we've got all this opportunity to create businesses and things, whatever, blah, blah, blah. When you're like, I just want the cash than the whole world falls apart, right? So that's the distinction. It's just don't. Service. Cache follows service. That's the correct order, not the other way around. Alright. So that in mind, not that much. Where we're at. Yes, some saying making those users where one is the admin and can grant the other one. Somebody asked me like, How do I submit this to you? Like how do I show you that I made progress on that? Like maybe screenshots of your rules or something or whatever, because it's such a subtle thing that what you see on the interface, this is going to be like Alex, Andy, admin, click admin or whatever. I'd have to log in three different accounts to see that this one can't do that and this one can or whatever, right? So so to some extent you're doing that is kind of a statement. I wanted to I didn't do that on Monday. I didn't say like, How did that go for you? Should we do like a working thing or whatever in today feels to me like it's a half lecture because I wanted to finish the crazy long story for Monday. Which did you get anything out of the story from Monday? Like the templating is, it saves a ton of work went into that. But it's not sexy work. It's not, you know, it's like okay, here's some really dumb kind of technical stuff that actually is under the hood of how Angular's built-in under the hood of how React is built into the look of how Vue JS is built. You have, you know, you can know that you can use it, you can do it vanilla, or you can pull this off the shelves, but you can't pull them off the shelf in my class until you think you could build it yourself in six months. That's the rule. You can use library, but only if you think you can build it yourself. All right? So this is roughly where we are at the end. And again, the story is this. I need to be able to have an arbitrary server name. I need arbitrary URLs. I'm going to go to that arbitrary URL. I need to be able to like make up a new subreddit, go to the subreddit, make a new post, go to the ID for that post all in your URL and see the correct thing from your database, right? So that kind of variable iss URL routing, doesn't lend itself to the static files that we did and we did a GitHub page, right, like that GitHub page, like here's the file, the name of that file, and you got that file. But now I want an imaginary file. I'm going to create that imaginary file. All right, So where I can start the service just in a little bit better. Is this. When if I'm going to do it the way that I most want to do it, which is this. These are just completely unexpected URLs and an end, a challenge for today. Sorry, lose that link. We're going to pretend. This is my flag. It's very suddenly hidden in there, whatever. But here I can put whatever I want here. And, and it does something, It's a weird thing that it's doing there. And it's doing a weird thing on purpose and it's so very sensible app. This is sort of your hint that there's a problem, a deeper problem. Okay? So that's an arbitrary URL in, in the URL itself slash slash slash slash slash. You cannot do that without server assistance. I need the server to do something. Now, I've done that in two ways so far with you. And I and I played this morning for about 10 minutes before deciding I'm not going to do the old fashioned way yet. Like I said, there's versions of this class in the past where we start with PHP. And I didn't do that this time. Um, because, well, I've got a cartoon for you for that. You can go to old notes, by the way. Let's see. Here we go. This is my PHP cartoon. Sick. Even Superman doesn't like PHP users. But it is like 90 percent of internet or whatever. And, and, and, and I say this because the world that you inherited. Well, okay. I'll give you an example. I you have to refresh this. If you have these notes up from Monday, you'll have to refresh them. Why? Because when I went to go make this glitch.com already changed. I've seen that site crash like a 100 times because it always does the newest thing it is like super fatty. That's okay, that's fine. But already from the last time I did these notes to now, they replace express with pacify. The hello, specify some crap that they want to push now, okay, cool. Is it better than express? Not really. You know, like maybe it more feature I can, I can get more details and stuff or whatever. So I'd go learn pacify real quick in order to update that thing to match the thing that you get out of the box, that one clicker. Okay, cool. So fast. If I is not part of the mean stack, the E and the mean stack is expressed specifies a stand and replace for Express. We haven't talked Node and Express yet, but here's the thing that you need. So this is the one I have not. I'm not going to do yet. I will do this at some point and give you HT access. Hg axis is the 999 aversion of fast defy the 2021 thing. So rigid that 2021 things. So go to glitch.com, you can log in with your GitHub account or whatever. And you got new project. Hello, node. I've always felt the glitch. It, It's made by people who are much younger than me, I think. And and I tend to think that we break it. So if you're breaking it, like I think we've tried this once before, we get 30 of us make a new sites at the same time it starts to not handle that well. Okay. So here's their out of the box website. And I can say red and hit Submit and they'll change that to read, okay, or I can change that to a random color. Okay? So this is no big deal. And, and in their sort of latest and greatest kinda stuff or whatever else. But here's what I want to do for this first little instance of node. Again, as part of the story of I want arbitrary URLs. How do I get arbitrary URLs? So we're gonna to changes to this to make it handle an arbitrary URL one. I want to go to this require fast if I static public put a comma. Right? My wife was trying to talk to me this morning and I totally ignored her so that I could figure out what to do in falsify to make that work, which is wildcard false, that cost me 25 minutes of precious bonding time. Yesterday was probably 16 hour workday for me. I started my day at 330 AM and went until, I mean, honestly, 830 PM or whatever, handling clients all day or whatever. Just a long, brutal day, didn't see my wife and kids. And this cost me another 20 minutes of that precious precious time. And yeah, that's that's that line. That's why I got all salty. Sorry. I shouldn't be. Now must a, we're cool. We're cool. That line sucked. Alright, and here's why. Because if you do this without that line, it breaks. All right. I now know why. But it's stupid. Doesn't work the other way. Find time. And that's not MLA document. But now, here's the beauty that those two changes are enough for you to have what I promised in my notes. It didn't get to on Monday, some glad. Which is this? Okay. All URLs are not handled by that one thing. Okay? This is a node version of hand passing all the web traffic. That is a GET request to this thing. So there's, there's a lot to unpack. It's definitely bloated here. And but all that I really care about at this moment, and it's pretty easy to kinda get as soon as you've got it working. Are sort of these two parts up here at line 22, ish, down here like 45 ish. And, and here's the idea. This back by, which is a standard replacement for nodes express. Both, you know, from the last 67 years or so of web dev. This is a way to say, I want to have a server. I tell, well my server to be PHP, Superman wouldn't save me. So I'm going to have it be NodeJS running and Node.js is going to run and it's going to handle web traffic. And the web traffic is going to get parsed. And, and so the path of consciousness in all of this starts way down at the bottom. All right. This is, this is a 24 7 listener. Alright, so we haven't talked web servers before, but we can't get what we wanted this lecture unless we have some server assistance. The only server we mess with this GitHub Pages. Github Pages is remarkably complex too, but it feels pretty simple because it has stigma files out there. Go to my URL and a CMA files. All right, That's, that's fine. That's easy for me to wrap my little caveman brain room. This is a different type of thing. And it, and it goes like this. Video games are infinite loops. A video game, It's just a while loop running wild, true? A web browser, it's just an infinite loop. While true. A server, it's just an infinite loop while true. Alright, this is the infinite loop here. That is to say, I just want to be awake 24 hours a day, waiting to serve as somebody. That's pretty hardcore. Write like this. This is pretty cool. I've never had an employee that services me as well as those lines of code no fence pad. Just to say a hill. Five. Am I want this request done, boss? Did I get enough milliseconds? Yes. Yes, you did. Oh, like I cannot get that out of a human employee. No benefits, nothing but help. Like amazing, just amazing. So spoiled. So like, like Cleopatra dreamed of this power anyway. So this listener is up 24, 7. And it's way more. Yes, probably have a vague sense of ports. I think I said look at networks Class. A networks Class. That's like a quarter of the room, maybe a third of the room. Sorry. Okay. What gotcha. Senior years, the network's class kind of thing or whatever. I actually doing these notes, wanting to spend some quality time with my daughter because of Mr. yesterday at we actually did a little do it yourself networking this morning. Sorry. This isn't aside. I should not do this aside. Wasting your tuition dollars. There we go. This is this is the Internet from the bottom up. Again, totally wasted dollars. Not, Not really, I think it's actually pretty badass, but here, you can click this button. Go there and click red, blue, yellow, whatever. All right? And as you all start to click at the whole internet is actually physically wired once you pass the little endpoint, right? So I'm talking over wherever radio frequencies. But after that it's all just fiber optics laid beneath the ocean in shock-proof cables. You know, the cost of a $100 million to lay down. And all of this traffic is just this blinking lights on a cable going across the thing. And so all that networks and the ports in the packets and the headers and all the things like that have gotta be encoded into no shades of light, ons and offs, whatever. And with noise and signal processed on the other side or something to turn it into. These are the zeros and ones you meant to send. And, and that means that everybody right now is sharing this. Which means that we immediately run into collisions and everything else like that and so on. So that wired wireless endpoint, I don't know where it is, somewhere in here. That wireless endpoint. I don't see it, but I trust Ainsworth with my life. Oh, no, I don't because he pointed directions. All right. I no longer trusting sorry. Hey, quit sudden term. So that wireless endpoint is doing all of this collision and exponential back off. And like network discovery and all these things like that. And it's all just this and the fundamental level, right? And that this on the fundamental level of just sending your zeros and one things has to capture, has to encapsulate what's going on and pass me back and forth. My computer also has 50 things going on that are all talking to the Internet, as does the endpoint, right? This glitch.com, it's got a bunch of stuff going on for a bunch of people and so on. The port number is if this is an apartment building, It's like the apartment number. And each different network process is one particular thing on this box. And so the port numbers, the particular application on this box that's talking to a particular application on that box. Alright, and set port, the port is in this box. What are all your network enabled things. Each one gets a port number. Okay, fine. That didn't matter. That but whatever this is fun, you can regulate and, and, and what my daughter like little alphabet. So we're send each other messages over the light. You know, she's on my cell phone in the other room. Right. That kind of thing. So whatever. Okay. Cool. So and if you meditate on that, you'll discover everything. But that's like, let's, let's treat medically than anything to discover everything up. So here this listener listen to port and every time a request comes in, it handles. Now, the actual handling is just in that word. Okay? And fast defy here. Now will let me specify what to do with the various listenings. So in this case, every network request is going to come in with a few things. That URL, I'm going to maybe some extra data I'm sending the particular port. I'm going to the protocol I'm using, which is almost always HTTP or HTTPS. And my, my verb. And the verbs that matter are GET, post, PUT, delete. Somebody was asking me about the make yourself admin Firebase flag. I made a while back and they were using posts instead of put and put unlocks the ability to do the stuff and post will create new stuff which won't quite match the security rules. So you have to put instead of post. Okay, That'll help. That's verbs carry a lot of meaning. And the general structure of a URL is address represents some now and on the Internet. And a verb that I want to do to that noun, read, create up or create, read, update, destroy. I'm always gonna do crud to a thing. All right, That's life. Life is crud. Now in a positive way, like going to sit. All businesses are just those four functions. Okay. So all this does is now if I'm going to get anything, it's going to parse my stuff and handle it in the same way. Okay. So I can get rid of all this junk and just say, you know, I guess you just return Hi. Now it just says hi no matter what I type there. Okay. All right. So that's what you need from your server. The rest of it we can do with client side in terms of this lecture. But I'm sorry, I'm being really long-winded today. Forgive me. I'll see you in the feedback on the end of the course. Like just have a structure. Don't just meander around whatever you're interested in talking about. Fine. Fine. There wasn't enough coffee this morning. So here's the meander restructured part. Anything goes here fine. In the history of the Internet, I implied before the.com bubble crashed. Ironic, ironically enough, along with my credit score. Like correlated. It's maybe a darker story for therapists or something. But woot.com bubble crashed, dot-com bubble crashed because everything was done in PHP. Everything was done on the server side. I want to go to a dungeon crawler.com or whatever or pets.com. All that stuff is packed into the URL rendered on PHP. And I get the results of the rendering, which is HTML. After the, the server is decided what HTML to generate for me. We fix that with Gmail in 2004, were saying, Oh, I'm going to load you paid once, load your page once, and I'm gonna let you do all the rendering. And from now on the changes to the page are going to be done asynchronously. So you're not going to reload the page. I'm just going to like get a tiny little bit of network data so that I'm not having to do a lot. And now my same servers that I just could not afford in 1999 can serve as like 10 thousand more capacity like it, like billions of people or whatever in 2004, once I make the switch to Ajax. Okay, cool. That made all the processing move to your clients. But Moore's law keeps on chugging, right? The computers still get faster and faster and faster. And our analytics get better and better. We get the whole new Internet 2008 era with jQuery and things. And now I've said tons of like cool new services start to pop up and stuff. And in that new Internet and all those new jobs. What they learned from the Analytics is that every millisecond counts. I've got, you know, if you're interested in buying my product and my page loads just a little bit slow. And I had to support all your different devices and things or whatever. Then every one of those milliseconds is somebody bouncing. Every extra click between me and the sale is somebody bouncing. All right? Because people don't think on the Internet, they move a million miles an hour. One of the best books on the Internet and like how to design websites is called, Don't make me think. It's just saying, you know, anything that you think they're thinking they're not. It just has to be super obvious like an animal brain what to click Next, Right? Okay, and that's a little weird. I like long form content, but you know, that people navigate the Internet and weird way statistically. Ok, so what did that do to us in this class? It moved it back from client-side rendering to server-side rendering. Why? Because if you're on a clunky device and I've got super high-speed dedicated silicon that just got a lot cheaper than it was 1999. I'm going to do that processing just to shave off those milliseconds. And so all of this stuff to optimize page load times, we'll just back to server-side rendering. That's another way of getting the same solution to the problem I presented to you on Monday, which is whatever you do here, I'm going to render it for you. All right? And I could do that here. I could say part 1, part 2. Instead of high, I could return request dot params dot part 1 plus request dot params dot part 2. Yeah, that's going to give me a URL now because this really requires Part 1 and Part 2. So this isn't a wildcard, so like that slash isn't working. But that's fine. I can now do this and say, hi there. It reacts with high plus there. So now I can have my arbitrary page and I've just rendered on the server side and the client just get some simple HTML. Again, simple HTML, it's super-duper fast, right? Like in the sense that, you know, this is a DOE 0 and 1 open DNS. Going in the sense that this is about as high performance responsive, super-simple like in terms of performance. This is it phenomenal. Everything else slows me down. Right. So so honor this and work your way back, right. Like only slowly do you move away from this, right? So don't start with Google's noodles like you make your React app, right? You're going to do it, you're gonna enjoy it, have fun. But you're also going to have nine megabytes of minify JavaScript packing everything in for that one page load. They're going to cache it the next time is a little bit faster, but it's ridiculous. You know, where's this is just like a few bites. I guess it's like two kilobytes maybe. That's it for the whole page. So, so anyway, okay, so that's, that's, that rambles about the philosophy of what happens in this, but this is server-side routing and that's my flag for that server-side rendering. At now I'm going to take the stuff in and do stuff with it by the way, like, you know, as soon as I'm here I can totally do now, okay. Okay. Fine. But not yet. Not yet. That it actually the router that can got confused by this, like I couldn't figure out what I wanted to route to. So 0 because this slash, ooh, almost homelessness. Okay, so server-side rendering, great. Now, that's your flag for the day. That's fine. This little note, you'll barely even notice it unless I bring it up. This is the PHP version of that, and it's not even PHP. This is Apache. Apache runs the Internet Engine X is it's younger, sexier, sister at it prohibits and I think, I'm sorry. Crashy. And then the next model, you know, whatever. Whatever is useful. If you've got a half, you could put in a directory that is dx and dy z-axis there will now rewrite any URL and you want the file in the directory. And there was rewrite everything that the Rennes to index.php for what you wanted to edit index.php. So now, let's say this is the last one. And don't change that URL. So that will now route what you asked for to one PHP file, which will then handle it however you want. And then you can just write that programmatically there. Okay, fine. How is that different with no, Okay. Maybe you get value out of it. You might have to listen to this a few times to pick up the pieces. What I'm putting out there at. The reason PHP is important for you guys to learn. And I'm, and I'm sorry that I'm not teaching it to you first, but not sorry. Because it sucks. Is that on every single server you ever go to, most of the time, it works out of the box. So if you go and do a thing for somebody on Main Street, they're going to give you some cPanel and you can drop index.php file. And it's going to be running Apache. And you can have your thing just work without having shell access, without being able to run programs on their server, without being able to be a developer on their server, I drop in the text file, the text file works. It's the same reason that SQLite is the world's most popular database. Because it's just a text file. And if it's just a text file and you plug it in, it just works. It takes over, right? Everything else is cooler. But you've gotta be a coder on that server to get it to run. Love making notes stuff, I love making flask stuff. Flask is awesome decoding executive Python. I freaking love Python. But if I want to run it for a client, I now have to do all of the work that Apache an NGINX have been doing for decades. I'm now the one responsible for making sure that as 24, 7 uptime. And I'm now the one responsible that any error doesn't colossally crash my entire server because I'm the one who's handling all of that HTTP traffic. I added more work to my plate as a developer to say, not only am I making the API and a cool app, but I'm also your network admin, right? All of a sudden, I'm also the one responsible for the uptime of that service. Okay, So in our desire to have cool and new, we added more and more work to our plate to have that cool and new. And that's always the way it is in life. There's never silver bullet. So if you want robust, you learn PHP and JavaScript because that'll just always work out of the box. If you want. Cool, you can do flask and node, but you've now added a whole staff to your team who's responsible for the network, Sysadmin stuff. Maybe you don't mind that because you make it so much bank that you can afford another person in your team. But most folks don't even have a single cyber person, let alone an extra one just to do network admin. So it's one of those things that there's tools and it's getting better and better and better every year. That's a more and more stuff can, can switch over to the cool new. But it's a labor of love by the community to say we're sick of PHP, we want node. Okay, that's life, that's life in open source land or whatever. All right. Okay, fine. 55 efficient. This is kind of a crappy PHP API, by the way, like that would go with this. So if all your stuff got routed to this index.php, now I can read your request in and decide, you know, what were you trying to do here and explode your URL and say, this was your method, this is your path. I'm gonna react to it in this way or whatever. Okay, fine, fine, fine. So I will now show you the expressed version of this. All right, I've written for you fantastic little app, a simple survey that asks you a question and uses a rest API. Let's take a look. See. What is your favorite NFL team? Jacksonville Jaguars or any other team? You voted correctly? Good. Or you voted incorrectly? All right. Those are your two options. Not a great app per se ink line. So let's take a look at how this works. So this is this is for Justin. I stripped away all the crap from the default glitch. Say, I want the simplest possible fricking thing I can do. Okay? Now, this is worth the price of admission here. So forgive me for all the rambles. It's worth it for this. If you're going to have Node.js and the same deal with flask because I mean, I've been saying node and flask, I should probably say like node is JavaScript for your server. Flask is Python for your server. Flask will do much like this Python script that starts at 24 7 forever while loop waiting for HTTP requests. And then we'll route There's HTTP request to your Python functions. And whatever the output of your Python function is, it will serve back as if it were a file. Php does the same thing. Php just waits forever for your network request and it gets your network request. It does some processing and gives you back the results of your print statements as if they were a file. Same with node. It waits forever for your network request. Run some code, takes the output of those things and serves them back as if they were a file. The browser has no idea whether or not I've got a file, a PHP output, a node output of Python output, whatever. It just got some data back on a blinking wire, right? And it traded that blinking Y or data as if it were a file and rendered it like anything else. Okay, so you always have this choice now up, are you gonna do your stuff on the client side or on the server side? Alright, That's not an obvious choice. The Gmail 2004 choice is everything's client side. And I'm going to just ask for tiny little stuff for my API. And well, maybe I just give me a little JSON object. And you'll see that that's what I do here. By PI five jaguars, jaguars and the rest account for the rest. Okay, not a very sophisticated API. And this is my database. My database is local variables in the node script. As soon as I reset this node script, the data will reset to 0. All right, so I'm not local storing it or whatever. I could conceivably also dumped that to a file so that if I have to restart this, it could read it from a file. You know, I could use literally a file is my database Ankur. Or I can have a sophisticated process that it connects to. It could connect to SQLite, dumped something to that, which is also just a file, or it could dump it into a MySQL server, which will be another port on that box that it talks to and sends data back and forth. So I have a choice. Here is my database to variables. All right, that's cool. I say that to you because it's an option. It's not industry strength per se. It's just to say, what is my data persistence? It could be this simple. All right. My first database was a file definitely corrupted within the first week of that company using it, say okay, learned a lesson, you know, fine point. But then I tried SQLite, then I did MySQL. Finally, the MySQL one's been run for 13 years now or whatever for that thing. But you've had enough rambles, somewhat random or so. Now, this server, because node and Flask, first you to do more than you came to do. You are coming to just like serve up some JSON. You were coming to receive a request and do some processing and provide a cool random dad joke, right? That'd be great. Knock, Knock tank here. So alright, so that's what you built your API to do, right? You say, you want to, you want a dad joke? Here's a dad joke or whatever. Now that's not fully a dad joke by the by the book, but I'm a dad and I told it, so whatever it is now. But this does one extra thing. This is the line that does what Apache did. So the reason I rambled about PHP is that PHP is everywhere. Wordpress PHP in your Squarespace is PHP. Everything is PHP all the way down Wikipedia's PHP. So many things are just built on PHP. And the reason is that the Internet started as serving files. When the geeks got together and built the arpanet or whatever they said. This directory is my public directory and everything that's in here. Anybody who knows my IP address can get access to those files. And I can just change them then get my latest version. All right. Everything was just file serving. So the internet is based on file server. This is what does file serving inside of node. And it's now a synthetic add on of the original thing. But because I'm taking over the responsibilities of Apache and engine X, I have the duty to service public files like static files to. So here's how, what am I gonna do? We say, hey, whatever this directory name is, I don't have the public as available data things. So if you make a request, I'm going to check and the public folder to see if there's already a file that matches what you want in the public folder, I'm going to hide public. So I'm just going to make that flat prefix on your URL. But when I go to this thing, it wants to know what do I want to do with that URL? It's looking at my pathname is saying what is it you're here to do fill up. And if I give it the slash, it's going to go into this public folder and it's gonna find index.html. So when I go here, if I go to slash index.html, I get this thing. If I also put no slash, it'll default to index.html, which is kind of a setting. If I say Frankfurt, it'll say, I don't find a route for part. Now you as security folks, that's a sniff, right? When you see it didn't find a route. Or if you see file not found, you immediately know whether or not they're running a node server, which most of the Internet is not, or a file server, which most of the internet is. So it says file not found 404, cool, easy route. Then you've gotta node server, right? Or you can even tell whether that's a flask server in terms of your forensics of the site that you're trying to hack, what they're up to or whatever. Okay. So I can add a file to this. He says, Oh, because this is not mine is that I am not the guy. Firefox me is the guy. Firefox me can add a file, okay. Add Files folder. Now I can make a part file and fight for it. We'll say, yo you found me. Stink. Whatever. Like, part's fine. And so now I can go over here and it goes last part, part. If I could spell it right. Decides it wants to download it as a thing. Okay. So just proof positive that it's serving me files. It it didn't even want to render that to me as it says here. I don't know what you want to do with this, but I don't think it's HTML piano, right? So it's like reading the file extension to know whether or not I want to download it or not. I am going to do a flag at some point where you just download the whole database that way. I'm just telling you now, part for dot HTML. Now that behavior will be different. What? Oh, you're right. You're right. I have to specify dot HTML because no longer is that file there. Fair enough. Right now my browser will render it and not just try to download it. Okay? That's a setting that Apache manages and that you can manage your HT access to say, Hey, is it adapt PY file, don't show that downloaded or whatever. Hey, is that this type of file execute it and take the resultant serve that whatever apache then genetics are really good at that. If you take on a node server, you have to become good at that too. Because now your responsibility not theirs. Okay, that's fine. That's fine. You want your new world. You meant like you want utopia. You clean out the septic tanks. Nobody else is doing it. So at Soviets, soviet. All right, kids. So sorry, dad stuff. So this is my index file. Talking to the API is like no big deal. I made a super dumb app here, like just on a button, click, Send vote, jaguar, sun, boat, other. If you send the boat, fine. Here's a post api slash vote and then I just made your choice in here. This was me being lazy again because they wanted to hang out my daughter this morning where I thought, how does pacify received JSON input with a post? And it's like this is going to be more pain than it's worth. Slash jaguars slash other we're done. So it is worth while to go and figure out what your new library like. How do I actually send my JSON data? How do I actually send like stuff that gets parsed by that output in terms of, but what we'll talk about APIs in more depth or whatever. But just to say that in terms of finishing the story, Let's go back and look. Here's the thing. All right, I need arbitrary URLs. I can do that by handling everything with one index and parsing it myself. Okay? But that means no deep-linking. I can do the same thing with the blinking. If I have some Abel, some ability to route all things to this file that I can keep your URL and I can parse it in my front end. And that's what mince rafts does. And it's probably worth sharing. Able to Firebase Hosting info S three minutes ago, it's worthwhile. I can pack into my URL parameters. That's one way I can know what it is you wanted to do. I can use hash change, which is what Angular chooses. I can let the other folks do it, but they're just going to make one of these other five choices. So I'm not actually gaining much other than now when it breaks, I don't know why it breaks. That's why you can't use magic. You have to know why breaks. And I can do server-side rendering. Cool, which opens up the most vulnerable app we've ever built for this class is Flags. Has anybody got that flag? It? All right, have fun, work. But that the first time I did want to problems like that, It's just like really enlightening. I don't know. So okay. Cool. All right. Let me show you one other way to do this. Because I don't like node, like, I like it, it's fine. I use it all the time. We're using it for clients or whatever. But it adds more to my plate, which is already very, very full. Therefore, just be very cautious when you go to adding node and flasks your life. All right? You think it's saving you time because you're good at Python, you don't have to learn anything else, fair? Fair. But is it okay, here is a way to get your answer to number 1 and we're really quick. All right. Good. Firebase. Oh, sorry, Justin. Back to Firebase. App it nobody else will ever can't answer a question again for me. All right. We'll add a project. I'll say single page apps for I just want to I did someone put the number in there. Don't eat Google Analytics. This is a really fantastic thing. It's totally worth learning in one minute, one minute before the recording cutoff. Go, go, go, go, go, go, go, go. Go to hosting. Get started. You do this from the command line. Firebase, login, Firebase in it. I'm going to do that. Make their SBA CD SBA Firebase in it. I go to hosting, turn it on. An existing project. Boy got a lot of projects. Was this called single-page app for cramp. I know. I just yes.

cpeg472-010-20210929-090500.mp4

From Pasquale Zingo September 29, 2021

20 plays 0 comments You unliked the media.

Video Created by UD Capture Classroom Recording in Brown 101 on 2021-09-29 09:05:00.

Tags: 21fcpeg472010

Appears In: Web App Security 2021

Comments

Add a comment