Forem: Sanket Kalekar

[Boost]

Sanket Kalekar — Mon, 21 Apr 2025 17:29:33 +0000

Sanket Kalekar

Mar 18 '25

No Hassle: Serverless Social Login Powered by AWS Cognito

#aws #awscognito #automation #awschallenge

Comments 2

8 min read

AI-Built Flight Sim Becomes a Business

Sanket Kalekar — Wed, 26 Mar 2025 07:40:49 +0000

This is a submission for the Future Writing Challenge: How Technology Is Changing Things.

Hey friend,

Look what i just came across something that blew my mind, and I had to share it with you. An indie hacker named Peter, with no prior experience in flight simulators, managed to build a fully functional multiplayer flying game in just a few hours. How? By using AI tools like Cursor and large language models (LLMs) such as Grog to write most of the code for him.

AI-Powered Game Development

Instead of relying on a complex game engine, Peter built everything using HTML, vanilla JavaScript, and Three.js for 3D graphics. On the back-end, Python WebSockets handle real-time multiplayer synchronization, broadcasting player positions 10 times per second. The red planes in the game? They’re real players flying in real time. No Unity. No Unreal Engine. Just AI-assisted coding and lightweight web technologies.
From Experiment to Business

At first, this was just a fun experiment. But Peter took it a step further by adding a buy button—offering an F-16 jet for $29.99. To his surprise, within days, he had sold nine of them and even landed a $1,000 ad deal. What started as an AI-powered project turned into a real business overnight.

The Future of AI in Game Development

This caught even Elon Musk’s attention. AI-assisted game development is shaking up the industry, making it easier for people with ideas—but limited coding experience—to create games in record time. Some critics call these AI-generated games “sloppy,” but they’re missing the bigger picture. As AI improves, we’ll see more sophisticated rendering, physics, and interactivity, transforming simple prototypes into immersive, high-quality experiences.

What This Means for Creators

The barriers to entry are crumbling. Imagine being able to build a game, an app, or any digital experience in hours instead of years. This isn’t just about gaming—it’s about how AI is democratizing creativity in real time. We’re witnessing a shift where anyone with a vision can turn an idea into reality with AI as their co-creator.

Would love to hear your thoughts on this. Do you think AI is changing game development for the better?

Talk soon, Sanket

Additional Prize Categories

This submission qualifies for Ripple Effects / Explain Like I'm Five.

have a look to this

Sanket Kalekar — Tue, 18 Mar 2025 14:59:26 +0000

No Hassle: Serverless Social Login Powered by AWS Cognito

Sanket Kalekar ・ Mar 18

#aws #awscognito #automation #awschallenge

[Boost]

Sanket Kalekar — Tue, 18 Mar 2025 14:58:53 +0000

No Hassle: Serverless Social Login Powered by AWS Cognito

Sanket Kalekar ・ Mar 18

#aws #awscognito #automation #awschallenge

[Boost]

Sanket Kalekar — Tue, 18 Mar 2025 10:05:05 +0000

No Hassle: Serverless Social Login Powered by AWS Cognito

Sanket Kalekar ・ Mar 18

#aws #awscognito #automation #awschallenge

No Hassle: Serverless Social Login Powered by AWS Cognito

Sanket Kalekar — Tue, 18 Mar 2025 09:55:18 +0000

An architectural perspective on choosing between possible solutions

Context

Let's assume that I have an application for which user No Need to Login just need to register with their social identity.

If you're wondering why to think like this and how it can be done.

Registration/signup can be a barrier for users as it involves multiple steps and data sharing.
Most internet users have at least one social identity, while all mobile users have either a Google (Android) or Apple (iOS) identity.
Users can access your app more easily if login is mostly password-free.
You can collect user data from social providers, provided users grant permission.

the most popular social like Facebook, Google, Apple, Amazon, LinkedIn, Github and many others.

Since every IdP is expected to implement the OpenID Connect standard (built on top of OAuth2) and requires some configuration, let's explore the available options.

Option 1: Native integration

Every one has its own SDK and apis to integrate natively, so you can code in your app the integration for IdPs you want to use.

Pros

Granular Control: Manage each IdP integration individually with native support, allowing you to customize the user experience through configuration. You can also handle IdP-specific requests beyond the OAuth standard (more on that later...).
Direct Integration: No intermediaries, ensuring a straightforward architecture. Leverage robust SDKs from providers like Google, Facebook, and Amazon, benefiting from their high availability and resilience.
Cost-Effective: Most IdPs offer a free tier for their APIs, eliminating additional costs from that side.

Cons

challenge to scale: Each IdP come with its own SDK and unique requirement, making standardization difficult. Managing these variation requires extensive code, and even if you centralize authentication in library, every client must update it to apply changes.
Complex Testing & Debugging: More code means more testing. Additionally, each IdP has specific nuances, requiring in-depth knowledge to troubleshoot and maintain integrations effectively.

Option 2: use an OAuth Provider

Since Social IdPs follow a standard, their implementations can be abstracted using interfaces. This allows seamless integration with an OAuth 2 service provider, reducing dependency on specific SDKs.

Pros

Simplified Integration: A single connection between your client and the OAuth identity platform means less code, fewer tests, fewer releases, and faster development.
Scalability: Easily add or remove IdPs without affecting clients (as mentioned earlier).
Centralized Authentication Management: Configure and govern authentication flows in one place, ensuring consistency across all IdPs while enabling monitoring, metrics, and analytics.
Standards-Based Authentication: Build your authentication flow on industry standards for reliability and interoperability.
Identity Platforms as a Service: Solutions like AWS Cognito, Auth0, Google Firebase, and others provide managed authentication services.

Cons

Limited IdP Support: You can only integrate with IdPs that your OAuth provider supports, restricting flexibility.

Increased System Complexity: Adding an OAuth provider introduces extra components, making the architecture more complex.

Potential Single Point of Failure: If the OAuth provider goes down, authentication becomes unavailable for users. Ensuring high availability and scalability of your OAuth provider is crucial.

My choice: Option 2 with AWS Cognito

I understand there are many constraints, and I can't list them all here. Given my context, I chose option 2 and implemented AWS Cognito as my OAuth provider. I also explored Auth0 and a few other services during my evaluation.

I chose to accept Cognito's constraints and costs in exchange for a low-code implementation and easy setup—essentially prioritizing faster delivery—since I wasn't certain if a more complex solution would be worthwhile.

Here is my implementation

All you need is to:

configure your integration on social Provider side.Here a reference for each provider i got form internet
- Google
- Facebook
- Apple
Config Cognito integration. HERE AWS Doc for each Supported Providers
Integrate your application with Amazon Cognito. Cognito provides an hosted ui for the login page, but you can create your own.

Pitfalls: things to be careful about

Here are some challenges I encountered during this integration. While this isn’t a complete list of potential issues with Amazon Cognito and the social login flow, it reflects my personal experience—things I discovered while working on it.

Watch out for Cognito limits

Serverless doesn’t mean unlimited, and Cognito is a prime example of this.

In simple terms, Cognito's scaling policy isn't built for sudden traffic spikes. Its capacity scales based on user pool size, meaning more users allow for higher TPS. However, the first threshold is set at 1 million users—whether you have 1 or 999,999 users, your TPS remains the same.

If logins are steady, this isn't an issue. But if your app experiences traffic surges, such as during specific time periods, you may face throttling errors from Cognito.

These diagram show successful federation logins and throttling errors:

i split into two distinct diagrams for better visualisation, but i want to point out that

around 20:50 i had ~7K throttling errors and ~1.5K of success (total requests: ~8.5K)
around 21:20 i had ~6K throttling errors and ~1.4K success (total requests: ~7.5K)
around 22:30 i had ~1.3K success with ZERO throttling errors

You can find Cognito's TPS calculation rules in a specific section of its documentation, and it's important to review them carefully.

As shown in the successful login metric diagram, handling throttling exceptions in your app can reduce user impact. While users may experience a slight delay, they will still be able to log in successfully.

I decided that it could be acceptable, and i traded it for easy setup and integration with Social Providers.

Since this decision affects the customer experience, I tried to mitigate it as much as possible. For example, I sent push notifications before traffic spikes to encourage users to log in earlier and distribute login requests more evenly.

Standards are not prescriptive

I love standards, everybody should love them in engineering.

Unfortunately, sometimes for good reasons and sometimes not, giants have bias to force standards a little bit.
Apple, i'm pointing my finger at you!

For instance, Apple’s guidelines mandate that if your app includes social login and is distributed on the App Store, it must also support Sign in with Apple. While this may feel restrictive, it’s a reasonable requirement.

Additionally, Apple enforces that the "User Cancellation" option must be easily accessible and clear, which is fair.

And here Apple does not adhere to the OAuth standard: if an Apple user allows Apple to share their data with your app, some kind of association between your app and the user also takes place in the Apple system, and if a user wants to cancel from your app (also known as your user pool), this association should also be removed.

To do that, you have to invoke Apple apis to:

generate a valid access or refresh token.
invalidate the freshly generated token.

Sounds weird, but this is exactly what this doc page prescribes.
And, guess what? Cognito doesn't handle it.

Even if Cognito could handle it because it has all the information it needs, especially the private key you created on the Apple side and provided to Cognito to request the tokens, that's reasonable from a product perspective: Cognito adheres to standards and can't track every specific implementation.

But it does mean that Apple won't include your app in the store if you don't take care of it.

Let's look at how to i implement this.

You can't handle it directly in the app since I used Cognito to separate the app from authentication providers, I wanted to maintain that separation. Plus, storing a private key on the device is not a good idea.

Instead, this needs to be implemented on the backend. My initial approach was to use Cognito events—when a user is deleted in Cognito, an event triggers a Lambda function that calls Apple's API to remove the user from Apple's system.

As far as I know, Cognito today has

Lambda triggers: user deletion not supported
Cloudtrail tracks all management api calls, and user cancellation is a management api. But Cloudtrail event doesn't have any reference to actual user (and it saved my day in an audit session, but this is another story)
Cognito Sync: it seems to handle user deletion. Quoting:

To remove a record, either set the op to remove, or set the value to null.

This is how it looks like:

still there are 2 problem:

first, i have to put your Apple's private key in Cognito and in Secret Manager. Cognito can't retrieve it from Secret Manager. I raised this issue to Cognito team, keep you posted on this.
second, Cognito user cancellation and Apple user cancellation are asynchronous: what if it success on Cognito side and than fails on Apple side? User wont be in our Cognito user pool anymore, so we can't rollback the operation. So I need to handle failures, and to handle it you need to store it. Let's add a DLQ for our deletion lambda

After update this is how it look:

After saving, you must analyse why the deletion failed and try again. How long can this take? It depends on the cause and your process, but until you've done that, users will still see their user associated with your app, and I'm not sure Apple would like it and approve your app submission.

You need to reverse the order of deletion, first on the Apple side and then on the Cognito side. If the Apple deletion fails, you can send an error message to the user and inform he/she that the deletion cannot be performed and they should try again later.

In the case of a Cognito error, you will have to do this later, but at least the user will not see that their user is linked to your app and Apple should be satisfied and approve your request.

Let's see how it looks like

I decided to implement a custom api for Apple user deletion because it can be implemented just in half our code base (not for Android version of the app), the integration is quite simple and Apple would be happy with this solution, but probably not with the alternative solution. Still an error handling mechanism still need to be implemented to catch Cognito deletion errors and to recover them.

Wrap up

I have shown you my solution to real-world problems and how you can make informed decisions by carefully weighing trade-offs between different solutions that best fit your context and constraints.

In other words, the daily work of an architect, simplified.

Architectures need to evolve as the context and constraints change over time. So always design your solutions so that they can easily evolve with them.

I hope it was useful for you!

Bye 👋!

The Hexagonal Code: How Uber Finds You Fast!

Sanket Kalekar — Fri, 13 Sep 2024 10:18:11 +0000

Have you ever wondered how Uber magically finds a driver near you within seconds of booking a ride?🤔

where my night 2AM brain cells are decoding this after some of research i got this:

So suppose this is you🧍and these are the drivers around you

Uber uses a thing called hexagonal index So what it does is it divides the entire map into hexagons So you are in a hexagon So it will search in all the hexagons that are near you to see if it finds a driver or not

Now it is possible that you are covering a lot of area and we have to find more drivers nearby So what it does is it breaks these hexagons into smaller hexagons so that it will be able to find very close drivers,

So simply you can imagine how it will be suppose we first looked at the big hexagons to see how many are there around you this is how it works.

but still in confuse why hexagons why not did we use triangles and squares?

if you look at one hexagon, the adjacent hexagon the distance will be equidistant if you look at it from the center but this doesn't happen in a square or triangle now how are these hexagons stored?

Beyond the Cloud: How On-Device AI Could Rescue Our Privacy!?

Sanket Kalekar — Wed, 28 Aug 2024 18:15:44 +0000

In an era where our digital footprints are expanding exponentially, the question of privacy has never been more critical. As artificial intelligence (AI) continues to evolve and personalize our experiences, we find ourselves at a crossroads: How do we balance the benefits of AI-driven personalization with the fundamental need for privacy?

The Illusion of Privacy in the Cloud

For years, we've been told that our data is safe in the cloud. Yet, time and time again, we've witnessed major data breaches and leaks that have shaken our trust in cloud-based systems. The truth is, anything that goes into the cloud has a non-zero chance of being compromised. This realization has led to a growing concern among users and a demand for more secure alternatives.

Enter On-Device AI: The Game Changer

The emergence of powerful on-device AI processing, made possible by advanced Neural Processing Units (NPUs), is revolutionizing the way we think about privacy and personalization. This technology brings three key benefits to the table:

Immediacy: On-device processing provides instant results, eliminating the lag associated with cloud-based computations.
Privacy: By keeping data on the device, users can enjoy AI-driven features without exposing their information to external servers.
Personalization: Local processing allows AI to learn and adapt to user behavior more intimately, leading to better personalized experiences.

The Power of Local Processing

Modern mobile chipsets, equipped with NPUs capable of handling billions of parameters, are now powerful enough to run complex AI models directly on the device. This means that sensitive data - from your search history to your writing style - never needs to leave your phone.

Breaking the Cloud Dependence

The shift towards on-device AI processing creates what some experts are calling an "air gap" - a physical separation between your personal data and potential external threats. This approach significantly reduces the risk of data breaches and unauthorized access.

The Future of Privacy-First AI

As on-device AI capabilities continue to improve, we can expect to see a paradigm shift in how tech companies approach privacy. The ability to offer advanced AI features without compromising user data could become a key selling point for mobile devices and personal computing platforms.

Conclusion

While the cloud has been the dominant paradigm for AI processing and data storage, on-device AI represents a promising path towards a more privacy-conscious future. As users become increasingly aware of the value and vulnerability of their personal data, solutions that offer both advanced AI capabilities and robust privacy protections will likely lead the way.
The evolution of privacy in the age of AI personalization is not just about technological advancements; it's about putting control back into the hands of users. On-device AI might just be the key to unlocking a future where we can enjoy the benefits of AI without sacrificing our privacy.

What's Really Going on Behind the Scenes of Loading Bars? 🤔💡

Sanket Kalekar — Sun, 14 Apr 2024 17:45:49 +0000

We’ve all been there staring at a loading bar that seems to be stuck in place. But did you know that loading bars are secretly multitasking behind the scenes? Here's what's actually happening when they appear to be stuck.

The Hidden Sub-processes 😲

When the bar is halted, your system is busy managing a vertical subprocess—a side quest your main program has embarked on. It could be fetching data, compressing files, or performing complex calculations, all while you wait. So, when a game or application seems to freeze up, it might be juggling tasks rather than taking a break.

A Twitter user(@ahieiei) delved into this mystery using a 3D analysis tool and discovered that when a loading bar stops moving, it's often handling an intense background task that requires a lot of computational power. This is why the pace can slow down dramatically during the second half of a video game or large application launch.

But, what if we could make this experience a little more engaging? Imagine multi-dimensional loading bars that not only tell you how much progress has been made but also reveal what kind of work is being done behind the scenes. You might see tasks such as data retrieval, file management, and more, all visually represented on screen.

As technology evolves, this kind of feature could become a standard, offering a peek into the secret life of loading bars. So next time you’re waiting, take comfort in knowing your system is busy at work, doing the heavy lifting so your experience can be smooth and enjoyable. Let’s look forward to a future where waiting on a loading bar is not just a pause, but an interactive insight into the process!What are your thoughts on the potential for more informative loading bars? Share your insights in the comments!!!!

Deja-Vu your AI✦ Bookmarking Tool

Sanket Kalekar — Sun, 10 Mar 2024 16:49:05 +0000

An AI powered Chrome Extension which offers a seamless way to find bookmarks. by @sanket-kalekar

Installation

1) Clone the installation repo locally by

git clone https://github.com/ooye-sanket/Deja-Vu-Installation-Files.git

Download the ZIP files

Go to Deja-Vu-Installation-Files
Click on "Code" > "Download ZIP"
Unzip the file using any tool like WinRAR

2) Go to Chrome(or any Chromium-based browsers like Brave, Opera etc.) and click on the Kebab Menu on the top-right and go to "Extensions" > "Manage Extensions".

3) Switch ON the Developer Mode at the top-right corner.

4) Click on Load Unpack at the top-left corner

5) Choose the directory in which you cloned the repo-and click Open

🎉 The extension has been installed.

Running the Project Locally

Clone the repo and enter the project directory:

   git clone https://github.com/ooye-sanket/deja-vu
   cd Deja-Vu

Install the necessary dependencies:

   npm install

Build the project:

   npm run build

Add the extension to your browser. To do this, go to chrome://extensions/, enable developer mode (top right), and click "Load unpacked". Select the build directory from the dialog which appears and click "Select Folder".
That's it! You should now be able to open the extenion's popup and use the model in your browser!

Development

We recommend running npm run dev while editing the project as it will rebuild the project when changes are made.

All source code can be found in the ./src/ directory but the options (The page where you see all your bookmarks) will be found in .public/options.*:

background.js (service worker) - handles all the requests from the UI, does processing in the background, then returns the result. You will need to reload the extension (by visiting chrome://extensions/ and clicking the refresh button) after editing this file for changes to be visible in the extension.
popup.html, popup.css, popup.js (toolbar action) - contains the code for the popup which is visible to the user when they click the extension's icon from the extensions bar. For development, we recommend opening the popup.html file in its own tab by visiting chrome-extension://<ext_id>/popup.html (remember to replace <ext_id> with the extension's ID). You will need to refresh the page while you develop to see the changes you make.

Resources

Made possible by Xenova and Supabase / gte-small
This REAME.md file is very similary to Xenova Chrome Extension Template README.md file, since it was there Chrome extension template on which this project was built.

Mastering Node.js: From Fundamentals to Production-Ready Apps

Sanket Kalekar — Fri, 05 Jan 2024 18:17:15 +0000

A Comprehensive Guide to Building, Deploying, and Securing Node.js Applications

Introduction

Node.js has emerged as a powerful and versatile runtime environment for building server-side applications. Whether you're a beginner looking to learn the basics or an experienced developer aiming to deepen your Node.js expertise, this comprehensive guide is tailored to help you master Node.js. We'll cover everything from the fundamentals to advanced topics, complete with practical code examples.

1. What is Node.js?

Node.js is a JavaScript runtime built on Chrome's V8 JavaScript engine. It allows developers to run JavaScript on the server-side, opening up the possibility of building high-performance, scalable, and non-blocking applications. To get started, download and install Node.js from the official website.

2. Setting Up Your Development Environment

Before diving into code, set up your development environment. Use a code editor of your choice, such as Visual Studio Code, and initialize a new Node.js project using npm init. This will create a package.json file to manage your project's dependencies.

npm init

3. Basic Node.js Concepts

Understand the core concepts of Node.js, including the Event Loop, Non-blocking I/O, and the CommonJS module system. Explore the global objects like process and console and learn how to use them effectively.

4. Asynchronous JavaScript and Callbacks

Node.js shines when dealing with asynchronous operations. Master the art of using callbacks to handle asynchronous tasks efficiently.

const fs = require('fs');

fs.readFile('file.txt', 'utf8', (err, data) => {
  if (err) {
    console.error(err);
    return;
  }
  console.log(data);
});

5. Promises and Async/Await

Upgrade your asynchronous code with Promises and the modern Async/Await syntax for better readability and maintainability.

function readFileAsync(filename) {
  return new Promise((resolve, reject) => {
    fs.readFile(filename, 'utf8', (err, data) => {
      if (err) reject(err);
      else resolve(data);
    });
  });
}

async function main() {
  try {
    const data = await readFileAsync('file.txt');
    console.log(data);
  } catch (err) {
    console.error(err);
  }
}

main();

6. Modules and Dependency Management

Node.js uses the CommonJS module system, which allows you to create reusable code modules and manage dependencies. Let's explore how to create and use modules:

Creating a Module (math.js)

// math.js
module.exports = {
  add: (a, b) => a + b,
  subtract: (a, b) => a - b,
};

Using a Module (app.js)

const math = require('./math.js');

console.log(math.add(5, 3));      // Output: 8
console.log(math.subtract(10, 2)); // Output: 8

Additionally, Node.js provides the npm (Node Package Manager) to manage external packages and libraries. You can initialize a project with npm init and install packages like this:

npm install package-name

7. File System Operations

Node.js makes it easy to perform file system operations like reading, writing, and managing files and directories. Here's an example of reading and writing files:

Reading a File

const fs = require('fs');

fs.readFile('file.txt', 'utf8', (err, data) => {
  if (err) {
    console.error(err);
    return;
  }
  console.log(data);
});

Writing to a File

const fs = require('fs');

const content = 'Hello, Node.js!';
fs.writeFile('output.txt', content, (err) => {
  if (err) {
    console.error(err);
    return;
  }
  console.log('File written successfully.');
});

In the next part, we'll dive into building a RESTful API with Express.js.

8. Building a RESTful API with Express.js

Express.js is a popular Node.js web application framework that simplifies the process of building APIs and web applications. Here's a basic example of creating an API endpoint that returns JSON data:

Install Express

npm install express

Create an Express App (app.js)

const express = require('express');
const app = express();
const port = 3000;

app.get('/api/hello', (req, res) => {
  res.json({ message: 'Hello, Express!' });
});

app.listen(port, () => {
  console.log(`Server is running on port ${port}`);
});

Start your Express app with:

node app.js

Visithttp://localhost:3000/api/hello in your browser to see the JSON response.

9. Working with Databases (MongoDB)

Databases are a critical component of most applications, and Node.js makes it easy to interact with them. In this section, we'll focus on working with MongoDB, a popular NoSQL database.

Installing MongoDB

First, make sure you have MongoDB installed on your machine. You can download it from the official website or use a cloud-hosted MongoDB service.

Connecting to MongoDB

To connect your Node.js application to MongoDB, you'll need to use a MongoDB driver. The most commonly used driver is mongoose. Install it using npm:

npm install mongoose

Here's an example of how to connect to a MongoDB database using mongoose:

const mongoose = require('mongoose');

mongoose.connect('mongodb://localhost/mydb', { useNewUrlParser: true, useUnifiedTopology: true });

const db = mongoose.connection;

db.on('error', (error) => {
  console.error('Connection error:', error);
});

db.once('open', () => {
  console.log('Connected to MongoDB');
});

Creating a Schema and Model

In MongoDB, data is stored in collections. To interact with a collection, you'll need to define a schema and create a model. For example, let's create a model for a "User" collection:

const mongoose = require('mongoose');

const userSchema = new mongoose.Schema({
  name: String,
  email: String,
});

const User = mongoose.model('User', userSchema);

// Example of creating a new user
const newUser = new User({
  name: 'John Doe',
  email: 'john@example.com',
});

newUser.save((err) => {
  if (err) {
    console.error(err);
  } else {
    console.log('User saved successfully');
  }
});

Querying and Updating Data

You can perform various operations on your MongoDB data, such as querying for specific documents or updating existing ones:

// Querying for users with a specific name
User.find({ name: 'John Doe' }, (err, users) => {
  if (err) {
    console.error(err);
  } else {
    console.log('Users with the name "John Doe":', users);
  }
});

// Updating a user's email
User.updateOne({ name: 'John Doe' }, { email: 'new.email@example.com' }, (err) => {
  if (err) {
    console.error(err);
  } else {
    console.log('User email updated successfully');
  }
});

This concludes our exploration of working with MongoDB in Node.js.

10. Authentication and Authorization

Securing your Node.js applications is crucial, especially when dealing with user data and sensitive information. In this section, we'll explore authentication and authorization techniques using popular libraries like passport and jsonwebtoken.

Installing Passport and JSON Web Tokens

First, install the necessary packages for authentication and authorization:

npm install passport passport-local passport-jwt jsonwebtoken

Setting Up Passport

Passport is a popular authentication middleware for Node.js. Let's set up Passport with a local strategy:

const passport = require('passport');
const LocalStrategy = require('passport-local').Strategy;

passport.use(new LocalStrategy(
  (username, password, done) => {
    // Verify username and password here (e.g., check a database)
    if (username === 'user' && password === 'password') {
      return done(null, { username });
    } else {
      return done(null, false);
    }
  }
));

Using Passport for Authentication

Now, you can use Passport to protect your routes by requiring authentication:

app.post('/login', passport.authenticate('local', { session: false }), (req, res) => {
  // If authentication succeeds, this function will be called
  const token = generateToken(req.user);
  res.json({ token });
});

// Example of a protected route
app.get('/profile', passport.authenticate('local', { session: false }), (req, res) => {
  res.json({ message: 'This is a protected route', user: req.user });
});

JSON Web Tokens (JWT) for Authorization

JSON Web Tokens are a common method for handling user authorization. You can generate and verify JWTs using the jsonwebtoken library.

const jwt = require('jsonwebtoken');
const secretKey = 'your-secret-key';

function generateToken(user) {
  const payload = { sub: user.username };
  const options = { expiresIn: '1h' };
  return jwt.sign(payload, secretKey, options);
}

// Verifying and decoding a JWT
function verifyToken(token) {
  try {
    const decoded = jwt.verify(token, secretKey);
    return decoded;
  } catch (error) {
    return null; // Token is invalid
  }
}

Using JWT for Authorization
You can use JWTs to protect routes and verify user identity:

app.get('/api/private', (req, res) => {
  const token = req.headers.authorization;

  if (!token) {
    return res.status(401).json({ message: 'Unauthorized' });
  }

  const decoded = verifyToken(token);

  if (!decoded) {
    return res.status(401).json({ message: 'Invalid token' });
  }

  // Token is valid, proceed with the request
  res.json({ message: 'This is a protected route', user: decoded.sub });
});

In this part, we've covered the basics of authentication and authorization using Passport and JWTs. In the next section, we'll explore error handling and logging techniques in Node.js.

11. Error Handling and Logging

Error handling and logging are crucial aspects of Node.js development. Proper error handling ensures that your application gracefully handles unexpected issues, and effective logging helps in debugging and monitoring. In this section, we'll cover these essential topics.

1. Error Handling

Node.js provides several mechanisms for error handling:

Try...Catch: Use try...catch blocks to catch synchronous errors within a function.

try {
  // Code that may throw an error
} catch (error) {
  // Handle the error
  console.error(error);
}

Error Events: For handling asynchronous errors, Node.js emits 'error' events on various objects (e.g., EventEmitter, HTTP server).

const fs = require('fs');

const stream = fs.createReadStream('nonexistent.txt');

stream.on('error', (err) => {
  console.error('Error reading file:', err);
});

Custom Error Handling Middleware: In Express.js, you can create custom error-handling middleware to handle errors that occur during request processing.

app.use((err, req, res, next) => {
  console.error(err.stack);
  res.status(500).send('Something broke!');
});

2. Logging

Logging is essential for monitoring and debugging your Node.js applications. Popular logging libraries include Winston and Morgan.

Install Winston and Morgan

npm install winston morgan

Setting Up Winston for Logging

const winston = require('winston');

const logger = winston.createLogger({
  level: 'info',
  format: winston.format.simple(),
  transports: [
    new winston.transports.Console(),
    new winston.transports.File({ filename: 'error.log', level: 'error' }),
    new winston.transports.File({ filename: 'combined.log' }),
  ],
});

Using Morgan for HTTP Request Logging

Morgan is a middleware for logging HTTP requests in Express.js applications:

const express = require('express');
const morgan = require('morgan');
const app = express();

app.use(morgan('combined')); // Logs all requests

Logging with Winston

Use Winston for custom application logging:

logger.log('info', 'This is an informational message.');
logger.error('This is an error message.');

3. Centralized Error Handling

For better error management, consider centralizing error handling and logging in your application:

function handleError(err, req, res, next) {
  // Log the error
  logger.error(err.stack);

  // Respond to the client
  res.status(500).json({ error: 'Internal Server Error' });
}

// Attach the error handler to your Express app
app.use(handleError);

In this section, we've explored error handling and logging techniques, which are essential for building robust and maintainable Node.js applications. In the next part, we'll dive into real-time applications using Socket.IO.

12. Real-Time Applications with Socket.IO

Building real-time applications, such as chat applications or live updates, is a common use case for Node.js. In this section, we'll explore how to create real-time functionality using Socket.IO.

1. Installing Socket.IO

First, install the Socket.IO library:

npm install socket.io

2. Setting Up Socket.IO

Create a Socket.IO server and attach it to your Express.js application:

const express = require('express');
const http = require('http');
const socketIo = require('socket.io');

const app = express();
const server = http.createServer(app);
const io = socketIo(server);

// Handle socket connections
io.on('connection', (socket) => {
  console.log('A user connected');

  // Handle events from clients
  socket.on('chat message', (message) => {
    console.log('Message received:', message);

    // Broadcast the message to all connected clients
    io.emit('chat message', message);
  });

  // Handle disconnections
  socket.on('disconnect', () => {
    console.log('A user disconnected');
  });
});

// Serve your Express app as usual
app.get('/', (req, res) => {
  res.sendFile(__dirname + '/index.html');
});

server.listen(3000, () => {
  console.log('Server is running on port 3000');
});

3. Creating a Simple Chat Interface (index.html)

<!DOCTYPE html>
<html>
<head>
  <title>Socket.IO Chat</title>
  <script src="/socket.io/socket.io.js"></script>
  <script src="https://code.jquery.com/jquery-3.6.0.min.js"></script>
</head>
<body>
  <ul id="messages"></ul>
  <input id="messageInput" autocomplete="off" /><button id="sendButton">Send</button>
  <script>
    const socket = io();

    $('#sendButton').click(() => {
      const message = $('#messageInput').val();
      socket.emit('chat message', message);
      $('#messageInput').val('');
    });

    socket.on('chat message', (message) => {
      $('#messages').append($('<li>').text(message));
    });
  </script>
</body>
</html>

This code sets up a basic chat application using Socket.IO. Users can enter messages, which are then broadcasted to all connected clients in real-time.

13. Testing Node.js Applications

Testing is an integral part of software development, ensuring that your Node.js applications work as expected and remain reliable over time. In this section, we'll cover testing techniques and libraries commonly used in the Node.js ecosystem.

1. Setting Up Testing Frameworks

To get started with testing Node.js applications, you'll need testing libraries and tools. Popular choices include Mocha for test framework, Chai for assertions, and Supertest for HTTP testing. Install them using npm:

npm install mocha chai supertest --save-dev

2. Writing Tests

Create a test directory in your project and start writing test files. For example, if you're testing an Express.js API, you might create a file named api.test.js. Here's a simple test for an Express route:

const request = require('supertest');
const app = require('../app'); // Your Express app

describe('GET /api/hello', () => {
  it('responds with JSON', (done) => {
    request(app)
      .get('/api/hello')
      .set('Accept', 'application/json')
      .expect('Content-Type', /json/)
      .expect(200)
      .end((err, res) => {
        if (err) return done(err);
        done();
      });
  });
});

3. Running Tests

Use a test runner like Mocha to execute your tests. In your package.json file, configure a test script:

"scripts": {
  "test": "mocha"
}

Now, you can run your tests with:

npm test

Deployment and Scaling Node.js Applications Deployment and scaling are crucial steps in making your Node.js application accessible to users and ensuring it can handle increased load as your user base grows. In this section, we'll cover deployment options and scaling strategies for Node.js applications.

1. Deployment Options

There are various ways to deploy Node.js applications, depending on your project's requirements. Here are some common options:

a. Self-Managed Servers: You can deploy your Node.js application on self-managed virtual private servers (VPS) or dedicated servers. Popular choices include providers like DigitalOcean, AWS EC2, and Linode. This option offers maximum control but requires server management skills.

b. Platform as a Service (PaaS): PaaS providers like Heroku, Google App Engine, and Microsoft Azure App Service abstract server management, allowing you to focus on your application's code. Heroku, in particular, is known for its ease of use with Node.js applications.

c. Containerization: Use containerization platforms like Docker and container orchestration tools like Kubernetes to package your Node.js application into containers. This approach provides portability and scalability.

d. Serverless: Consider serverless platforms like AWS Lambda, Azure Functions, or Google Cloud Functions. Serverless enables you to run code in response to events without managing servers. It's suitable for functions or microservices that require scalability on-demand.

2. Preparing for Deployment

Before deploying your Node.js application, make sure you:

Configure environment variables for sensitive data like API keys and database credentials.

Optimize your application for production by setting appropriate Node.js environment variables (e.g., NODE_ENV=production).

Set up a process manager like PM2 to keep your application running and handle restarts.

3. Database Considerations

If your application uses a database, consider these database scaling strategies:

Vertical Scaling: Increase the resources (CPU, RAM) of your database server to handle increased load.

Horizontal Scaling: Distribute your database across multiple servers using sharding or replication.

Use managed database services like AWS RDS, Google Cloud SQL, or MongoDB Atlas for automatic scaling and maintenance.

4. Load Balancing

For high availability and scalability, use load balancers like Nginx or HAProxy to distribute incoming traffic among multiple instances of your Node.js application.

5. Monitoring and Scaling

Implement monitoring and alerting using tools like New Relic, Datadog, or Prometheus. Monitor key metrics like CPU usage, memory consumption, and request latency. Set up autoscaling policies to automatically adjust the number of application instances based on traffic.

6. Caching

Implement caching mechanisms to reduce the load on your application servers. Tools like Redis or Memcached can cache frequently accessed data and improve response times.

7. Content Delivery

Leverage Content Delivery Networks (CDNs) like Cloudflare or Amazon CloudFront to cache and deliver static assets, reducing the load on your server and improving user experience.

8. Security

Pay special attention to security when deploying in production. Use HTTPS, implement security headers, and regularly update dependencies to patch vulnerabilities.

9. Continuous Integration and Deployment (CI/CD)

Set up a CI/CD pipeline to automate the deployment process. Tools like Jenkins, CircleCI, or GitHub Actions can help automate testing, building, and deploying your Node.js application.

10. Disaster Recovery

Plan for disaster recovery by creating regular backups of your data and having a plan in place to restore services in case of unexpected outages.

In this section, we've covered deployment and scaling strategies for Node.js applications. Successfully deploying and scaling your application ensures it can handle traffic and provides a reliable experience for your users.

15. Best Practices and Security Considerations

As you continue to develop and maintain your Node.js applications, it's essential to follow best practices and pay close attention to security. In this final section, we'll explore key best practices and security considerations for Node.js development.

1. Keep Dependencies Up to Date

Regularly update your project's dependencies to benefit from bug fixes, performance improvements, and security patches. Use tools like npm audit to check for known vulnerabilities in your project's dependencies.

npm audit
npm update

2. Implement Input Validation

Always validate user inputs to prevent security vulnerabilities like SQL injection, XSS attacks, and more. Use libraries like express-validator to sanitize and validate incoming data.

const { body, validationResult } = require('express-validator');

app.post(
  '/login',
  [
    body('username').isEmail(),
    body('password').isLength({ min: 8 }),
  ],
  (req, res) => {
    const errors = validationResult(req);
    if (!errors.isEmpty()) {
      return res.status(422).json({ errors: errors.array() });
    }
    // Proceed with authentication
  }
);

3. Enable CORS Safely

If your application serves content to different domains, configure Cross-Origin Resource Sharing (CORS) to control which domains are allowed to access your resources. Be cautious not to allow overly permissive CORS settings.

4. Set Secure HTTP Headers

Use HTTP security headers like Content Security Policy (CSP), Strict-Transport-Security (HSTS), and X-Content-Type-Options to enhance your application's security posture.

5. Authentication and Authorization

Implement secure authentication mechanisms and proper authorization controls. Store user passwords securely using bcrypt or argon2 and use JSON Web Tokens (JWT) or OAuth for token-based authentication.

6. Protect Against Common Attacks

Be aware of and protect against common web application attacks such as Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), and security misconfigurations.

7. Rate Limiting and DDoS Protection

Implement rate limiting to prevent abuse of your APIs and consider DDoS protection services to mitigate distributed denial-of-service attacks.

8. Logging and Monitoring

Continuously monitor your application for unusual activities and security incidents. Implement robust logging and log analysis to identify and respond to potential threats.

9. Container Security

If you use containerization, ensure your Docker images are built securely, and follow container best practices. Regularly scan container images for vulnerabilities.

10. Security Headers and Middleware

Use security-focused middleware like helmet to automatically set security headers in your Express.js application. Install it using npm:

npm install helmet

const helmet = require('helmet');
app.use(helmet());

11. Keep Secrets Secure

Never store sensitive information like API keys, database credentials, or private keys in your codebase. Use environment variables or secret management tools to securely store and manage secrets.

12. Security Audits

Consider conducting security audits and penetration testing of your application to identify vulnerabilities and weaknesses.

13. Regularly Back Up Data

Create automated backups of your data and ensure that you can restore your application and data in case of data loss or security incidents.

14. Compliance with Regulations

If your application deals with user data, ensure compliance with data protection regulations like GDPR, HIPAA, or CCPA.

15. Education and Training

Keep your development team updated on security best practices and provide security training to help them understand and mitigate risks.

By following these best practices and security considerations, you can significantly improve the security and reliability of your Node.js applications, protecting both your users and your reputation.

Conclusion

In this comprehensive guide to Node.js development, we've embarked on a journey from the fundamentals to advanced topics, exploring every aspect of building, deploying, and securing Node.js applications. Whether you're a beginner taking your first steps in Node.js or an experienced developer looking to refine your skills, we've covered a breadth of knowledge to help you succeed.

We began by understanding what Node.js is and how to set up your development environment. We then delved into essential Node.js concepts, asynchronous programming, and modules. Along the way, we explored file system operations, building RESTful APIs with Express.js, working with databases using MongoDB, and implementing authentication and authorization for your applications.

We continued by discussing error handling, logging, and real-time application development using Socket.IO. Testing Node.js applications became second nature, as we explored various testing techniques and tools, including Mocha, Chai, and Supertest. We also touched upon deployment options, scaling strategies, and best practices to ensure your applications are performant, secure, and highly available.

Lastly, we emphasized the significance of security in your Node.js applications, covering input validation, CORS, secure HTTP headers, authentication and authorization, protection against common attacks, and more. We discussed container security, rate limiting, and logging for monitoring and security incident response.

As you embark on your Node.js development journey, remember that continuous learning and staying up-to-date with the rapidly evolving landscape of web development are key. Node.js offers a versatile platform to build a wide range of applications, from simple scripts to complex, real-time systems.

We hope this guide has been a valuable resource in your Node.js endeavors. Whether you're crafting a personal project, a startup application, or contributing to the development of large-scale applications, Node.js offers the tools and flexibility to bring your ideas to life.

Setting up Amazon Q in VSCode using IAM Identity Centre

Sanket Kalekar — Tue, 12 Dec 2023 12:02:28 +0000

Setting up Amazon Q in VSCode using IAM Identity Centre

At re:Invent, AWS announced a suite of amazing generative AI–powered assistants, including one that compliments Amazon CodeWhisperer and provides a conversational assistant to help you develop, test, document, and many more developer related activities. All good. I am having curiosity to use these kinds of developer productivity tools, so was eager to try this out on my VSCode setup. One of the youtuber Denis put together a quick start video on how you can "get started with Amazon Q in VSCode in three easy steps", using the Builder ID which allows you to try this without the need for having or setting up an AWS Account. A really great and risk free way of checking out how Amazon Q can help you.

Now whilst using your Builder ID is a great way to get started, you will not have access to some of the more advanced capabilities of Amazon Q, specifically Amazon Q feature development (which is invoked using /dev) and the Code Transformation feature (accessed from within Q via /transform). For that you will need to switch to the Amazon CodeWhisperer Professional Tier, and that is what this post is about. It will walk you through how to set this up.

Note! Throughout this post I will talk about enabling and removing access to Amazon Q. This is only in the context of the Amazon CodeWhisperer Professional Tier. Developers can still enjoy free access to the basic features of Amazon Q by using their Builder ID.

Pre-reqs
Before proceeding, I make the following assumptions to what you have and what you will need.

An AWS Account with Administrator priviledges
An AWS Account that is integrated with IAM Identity Centre - in my specific setup, I am using Keycloak as my Identity Provider (Idp)
A version of the AWS Toolkit for VSCode that supports the new Amazon Q features (I am using version v2.0.0)
VSCode (I am runing version 1.84.2 on my windows)

Important!! You should be aware that following the steps in this blog post, for every user that you enable via IAM Identity Centre, you will incur charges to your AWS bill. If you are just testing this out, make sure you remove those users via the Amazon CodeWhisperer console at the end to reduce the cost.

Assuming this is all good, lets get started.

Overview
Before diving into how to set this up, it is worth understanding at a high level what you need to do. The documentation provides a good overview in these steps, covering how to manage access of Amazon Q within your AWS accounts. The first thing to take note of is that you configure Amazon Q using the Amazon CodeWhisperer console, so you will see the two names used interchangerbly in this post.

Amazon CodeWhisperer has the concept of an administrator, who are able to determine who can and cannot access Amazon CodeWhisperer. This can be setup in single or more complex AWS account setups, including where you are using AWS Organisations. In this post I am going to be using a single AWS account that has been setup to use single sign on with IAM Identity Centre, and define a single user that I want to give access to Amazon Q.

The approach is:

Create a new Permissions set in IAM Identity Centre for my Amazon Q / Amazon CodeWhisperer "admins"
Create two new groups - one for Amazon Q users, and another for Amazon Q admins (the folk who can add/remove access to Amazon Q)
Add a user into the Amazon Q users group (from the list of users managed by IAM Identity Centre), and add a user into the Amazon Q Admins group
Configure an AWS account (in this case, my single account) to use these Groups, assigning Permission sets to both (For Amazon Q Users I will add ReadOnly access, for Amazon Q Admins, I will add the new Permissions set created for Amazon Q / CodeWhisperer
From the Amazon CodeWhisperer console, now assign who I want to give access to (in this case, the Amazon Q Users group)
Try and login to Amazon Q from VSCode

Step 1 - Create a new Permissions Set and Group within IAM Identity Centre

The first stage is to set up our Admins and Users groups to simplify how we administer access to Amazon Q. To help us we have the very helpful documentation guide, and the page we are specifically interested in is Setting up CodeWhisperer Professional with IAM Identity Center.

We need to create a new Permissions set that we can delegate Amazon Q administrators, and who will have access to add/remove users from the Amazon CodeWhisperer console. We follow the instructions on that page to create the new Permissions set, which in this guide is called "CodeWhisperer_administrator".

Once you have done that, we will create two groups, Amazon-Q-Admins, and Amazon-Q-Users. Click on Groups on the left hand side and then Create Groups, creating your group and assigning any users at the same time.

Now that we have our Groups setup, we can assign these groups together with Permissions sets to our AWS Account. For the Amazon-Q-Users, we will assign the ReadOnlyAccess permissions set (you can use what ever permissions set you typically set up), and for the Amazon-Q-Admins, we assign the CodeWhisperer_administrator group.

That is it for this step.

Step 2 - Enable Amazon Q within the Console

From our AWS Account, we now need to enable (or remove) access to Amazon Q for our developers (in this case, those in the Amazon-Q-Users group). We head over to the Amazon CodeWhisperer console, and click on the Settings menu option on the left.

To add users it is as simple as clicking on the Add Groups button, and then selecting the group we setup in the previous step (Amazon-Q-Users).

That is it, we now have our user (we only defined a single one in this example) enabled for the use of Amazon Q.

Step 3 - Authenticate and use Amazon Q

We are now ready to try this out and log in from our VSCode.

From the AWS Toolkit icon in VSCode, you will see anumber of twisties/sections. One of these will be called "AMAZON Q (PREVIEW)" so click on that to reveal the "SIGN IN TO GET STARTED" link. This will reveal the "Sign in to Get Started" page, and the first panel will be "Amazon Q + CodeWhisperer" like the following screen.

From here, you want to use the "Sign in with Identity Centre (SSO)" link, and then in the dialog that pops up, enter your SSO Url and the AWS region where you have your AWS SSO configured. In my case, I have configured AWS Identity Centre SSO in eu-west-1, so this is what I configure, and then add my SSO link. You will then need to follow a number of steps as outlined in the following screenshot. Between steps 2 and 3 you will probably be asked to log in to your identity provider (I was, but if you are already logged in then you might not have to do this).

If everything from Steps 1 and 2 was setup correctly, then you should now be logged in, and you can now click on the Amazon Q chat icon in VSCode, hit "/" and see /dev and /transform options available to you.

Overview of the steps
If everything from Steps 1 and 2 was setup correctly, then you should now be logged in, and you can now click on the Amazon Q chat icon in VSCode, hit "/" and see /dev and /transform options available to you.

Conclusion
In this short post I showed you how you can set up users to use the advanced features of Amazon Q, by setting them up on the Amazon CodeWhisperer Professional Tier. If you followed along just to try this out, remember to remove any users to avoid additional charges on your AWS bill.

Troubleshooting
As with all blog posts, what you see is the nice shiny, working stuff. But behind all of that, is typically head scratching errors and problems that come along. So here I want to share some of the things I found that took me a while to figure out.

Configuring Amazon Q access

If you see the following error in the AWS Toolkit logs, then the most likely reason is that you have either not configured the right users/groups within the Amazon CodeWhisperer console settings, or you have not set up the permissions within IAM Identity Centre appropriately.

2023-11-30 12:37:39 [ERROR]: API response (oidc.eu-west-1.amazonaws.com /token): {
  name: 'AccessDeniedException',
  '$fault': 'client',
  '$metadata': {
    httpStatusCode: 400,
    requestId: 'f60ba750-xxxx-4axx-xx30-xxxxb0ecf504',
    extendedRequestId: undefined,
    cfId: undefined
  },
  error: 'access_denied',
  error_description: 'Access denied',
  message: 'UnknownError'
}
2023-11-30 12:37:39 [ERROR]: webviewId="authWebview": Error: Webview error
     -> Error: Webview backend command failed: "startCWIdentityCenterSetup()"
     -> Error: Failed to connect to IAM Identity Center [FailedToConnect]
     -> AccessDeniedException: UnknownError

*InvalidGrantException
*
The main error I came across when putting this post together was that every time I went to authenticate, I would get an error within VSCode that looked like this:

Not particularly helpful, but looking at CloudWatch Trail and setting the AWS Toolkit for VSCode logging to DEBUG, provided me with some clues as to where the problems lied.

The error within VSCode showed

2023-11-30 09:24:10 [ERROR]: API response (oidc.eu-west-1.amazonaws.com /token): {
  name: 'InvalidGrantException',
  '$fault': 'client',
  '$metadata': {
    httpStatusCode: 400,
    requestId: 'xxxxxxxxx',
    extendedRequestId: undefined,
    cfId: undefined
  },
  error: 'invalid_grant',
  error_description: 'Invalid grant provided',
  message: 'UnknownError'
}

And within CloudTrail I could see events failing with the following

..

    "eventVersion": "1.09",
    "userIdentity": {
        "type": "Unknown",
        "principalId": "xxxxx",
        "accountId": "xxxxxx",
        "userName": "Ricardo Sueiras AWS"
    },
    "eventTime": "2023-11-29T18:43:47Z",
    "eventSource": "sso.amazonaws.com",
    "eventName": "CreateToken",
    "awsRegion": "eu-west-1",
    "sourceIPAddress": "xx.67.127.xx",
    "userAgent": "aws-sdk-js/3.345.0 ua/2.0 os/darwin#22.6.0 lang/js md/nodejs#18.15.0 api/sso-oidc#3.345.0",
    "errorCode": "InvalidGrantException",
    "requestParameters": {
        "clientId": "xxxx",
        "clientSecret": "HIDDEN_DUE_TO_SECURITY_REASONS",
        "grantType": "urn:ietf:params:oauth:grant-type:device_code",
        "deviceCode": "xxxxx",
        "platformSessionExpiryRequired": false
   ..
   ..

It turned out that something had got messed up in my local ~/.aws/sso directory, and the fix was pretty simple. I just deleted this directory, and then I was able to resolve the issues. Why did I do this? When exploring the logs output by the toolkit, I saw occasionaly the following lines

2023-11-30 10:19:54 [DEBUG]: SSO token cache: read failed (file not found) key: https://xxxxx-uk.awsapps.com/start

and other related messages. Sometimes you have to play a hunch, and given that these are just cached files that I could regenerated, it seemed like a simple thing to try.