---
title: CS Live Test 
description: 
toc: true
layout: post
---

# JWT Signup
- Users sign up by providing credentials
- which are validated and stored securely
- Upon successful login, a JWT is generated and sent to the client
- Subsequent requests include this JWT for authentication
- with the server validating it before granting access to protected resources
- Token expiration and optional refresh mechanisms enhance security
- while logout can be implemented by discarding the JWT or invalidating it server-side.

# POJO
- A POJO means “plain old java object” 
- It is an ordinary object that is not bound by any special restriction 
- A POJO class does not have any naming conventions for properties and methods 
- It is not tied to any java framework and any java program can use it 
- A pojo class contains variables and their getters and setters 

# Characteristics
- Have private fields 
- A public no argument constructor 
- Has getter and setter methods for its fields 
- And may have additional business logic methods 


In [None]:
public class Student {
    private String firstName; 
    private String lastName;     

    public Student(String firstName, String lastName) {
        this.firstName = firstName;
        this.lastName = lastName;
        
    }

    public String getFirstName() {
        return this.firstName;
    }

    public void setFirstName(String firstName) {
         this.firstName = firstName;
    }
}

# Changed POJO 
- Pojo changes are adding, modifying, or removing fields
- We also update methods to reflect the new structure 
- Its important for us to make sure that the changes that we make are backward-compatitble if the pojo is used in  a serialized form 

In [None]:
public class Student {

    public String firstName; 
    public String lastName; 
    public Integer id;    

    public Student(String firstName, String lastName, Integer id) {
        this.firstName = firstName;
        this.lastName = lastName;
        this.id = id;
      }

    public String getFirstName() {
        return this.firstName;
    }

    public void setFirstName(String firstName) {
         this.firstName = firstName;
    }

    public String getLastName() {
        return this.lastName;
    }

    public void setLastName(String lastName) {
         this.lastName= lastName;
    }

    public Integer getId() {
        return this.id;
    }

    public void setId(Integer id) {
         this.id = id;
    }
}


# Security 
- Security configuration rules are important to control access to resources and protect sensitive information 
- Examples 
    - authentication mechanisms (login: username and password)
    - authorization (managing permissions, who has access to what)
    - encryption of sensative information  
    - secure communication protocols (HTTPS)

# Docker
Docker is a platform that allows users to automate the deployment of applications inside lightweight, portable containers 

Process to update the docker application: 

1. Pull the latest version of the docker image from the container registry 
2. Stop running the containers of the old version (we can do this by docker-compose down) 
3. If we need to, we can remove the old containers 
4. Then we run a new container with the updated image (this can be done with docker-compose up-d) 
5. Then we ensure any necessary data or configurations are migrated or applied 


# Route 53
Route 53 is a scalable domain name system (DNS) web service that is provided by AWS 

Process for domain setup (building off of route 53) 
1. Create a hosted zone for your domain 
2. Update the domain’s DNS records with the provided name servers 
3. Configure the necessary DNS records IA, CNAME<K KMX) 
4. Optionally, set up routing policies, health chec ks, and other advanced features based on requirements 


# Example of API access code and error handling in Python
- This code is a  Flask application with a /login endpoint for user authentication and a /protected endpoint that requires a valid JWT for access. 
- If a request to the /protected endpoint receives a 403 error (indicating unauthorized access), the handle_403_error function redirects the user to the login page.

In [None]:
from flask import Flask, request, jsonify, redirect

app = Flask(__name__)

# Dummy user data (in a real application, this would come from a database)
users = {
    "user1": "password1",
    "user2": "password2"
}

# Dummy JWT generation function (in a real application, use a proper JWT library)
def generate_jwt(username):
    return f"dummy_jwt_for_{username}"

@app.route("/login", methods=["POST"])
def login():
    data = request.get_json()
    username = data.get("username")
    password = data.get("password")

    if username in users and users[username] == password:
        jwt = generate_jwt(username)
        return jsonify({"jwt": jwt}), 200
    else:
        return jsonify({"error": "Invalid credentials"}), 401

@app.route("/protected", methods=["GET"])
def protected():
    jwt = request.headers.get("Authorization")

    # Dummy JWT validation (in a real application, use a proper JWT library)
    username = jwt.split("_")[-1]

    if jwt and username in users:
        return jsonify({"message": "Welcome to the protected resource!"}), 200
    else:
        return jsonify({"error": "Unauthorized"}), 403

@app.errorhandler(403)
def handle_403_error(error):
    return redirect("/login")

if __name__ == "__main__":
    app.run(debug=True)

# Managing CORS Through Nginx and Java
CORS: cross-origin resource sharing is a security feature implemented by web browsers to control requests made across different domains 

Managing cors thru nginx: we can manage CORS by configuring the add_header directive to include the appropriate CORS headers in responses 

Example headers:
access-control- allow- origin 
Access-control-allow-methods 

Thru java: In Java we can handle cors at the application level by annotating specific methods or controllers with @CrossOrigin or by implementing a filter to intercept and modify HTTP responses. 


# Reverse proxy of server_name to proxy_pass
1. Nginx can be used as a reverse proxy to forward client requests to backend servers 
2. The server_name directive in nginx specifies the domain name associated with a server block 
3. Proxy_pass is used to define the backend server’s address where requests should be forwarded 

## Example configuration of reverse proxy: 
listen 80;
server_name example.com;
location / {
proxy_pass http://backend-server;
# Additional proxy settings can be configured here
}
}
