Tag: go

Posted on

How to package your SPA or PWA without a Dockerfile using Go and ko

Writing Dockerfiles is a pain in the ass.
All you want to do is publish your SPA or PWA dist files in a docker container and maybe even push it to a private registry.

Instead of having to write a Dockerfile, pull some base OS, increase the size of the container image, add potential attack surfaces / vulnerabilities coming from those base OS images, you can wrap and embed it in a Go binary.

Install ko

Create a ko-build.sh in the project root

and edit main.go and insert the following

assuming your bundler, e.g. vite, places dist files in your project root’s dist dir (vite default),

If your dist files are in dist/pwa and your index file is at dist/pwa/index.html edit the lines accordingly.

This is effectively what would be in nginx:

Your container exposes port 8080

Build and publish

Since you only need to write this once, you can copy the main.go to every project that requires it and adjust the ko-build.sh script.

Yes, this survives CTRL+F5 reloads. It routes everything through index.html unless it’s a static file that exists on the filesystem.

Posted on

Banned from entgo, why?

I wanted to create an issue, in github.com/ent/ent the size annotation doesn’t have any effect when used on a MySQL database.

I couldn’t create the issue, “unable to create issue”, and no further information.

So I said that I can’t create an issue in their discord.
Then I wrote, “So I’ve been banned. What for? Being to critical of Atlas?”

Without any response I was banned from the discord as well.

?!?

Because I don’t agree with giving them my schema information when I need to use it in a k8s context?

I don’t know because I never received a reason.

Seriously, I’ve had enough of those emotionally and mentally unstable mini dictators, banning people for personal entertainment or satisfying their inferiority complex.

Absolutely unacceptable behavior banning someone from their discord only for asking what’s wrong.

Ariel Mashraki need his head examined.

Update 21. Jan. 2025:
I created an issue with Atlas where I demanded the ban lifted or my contributions, issues, discussions and comments deleted.
That issue was deleted and I was banned from the Atlas repository.
I’m now going to file copyright and intellectural property violations with Github, also find a lawyer to sue them.

Posted on

Kleinanzeigen Kreis Göppingen

Die letzten Tage habe ich an einer Kleinanzeigenplatform für den Kreis Göppingen gearbeitet.

Sie wurde mit ent, gqlgen, mysql im Backend und react mit vite und relay, flowbite UI und tailwindcss im Frontend geschrieben. Als Authentifizierung nutzt sie Zitadel als OIDC IDP.

Man kann sie finden unter:
Kleinanzeigen Kreis Göppingen

Posted on

Beware of ent (entgo.io)

If you’re using Go, you’ve likely heard of ent. Some Ex-Facebook employee maintaining and developing an open source version of the public version of Meta’s entity framework for Go.

Well there’s a catch.
Migrations.

They sweet talk you in their documentation to use Atlas. Ariga’s Atlas, not the MongoDB one.
But Atlas is a proprietary cloud offering.
There might be a free tier, but who cares?
You have to give other parties access to your schema, if you want to containerize your binary or even if you’re not distributing your schema with your binary. Not just your schema, also your database.

To me that is a breach of trust.

That is “open source” software being used as bait for a lock-in cloud offering.

Update 18.01.2025: Apparently this post, criticizng their company got me banned from their github and discord server, from the discord server just for asking why I was banned. So I’d be double as careful when dealing with this arbitrary Dictator Ariel from ent.

Posted on

Golang get openid-connect userinfo

It might not be news to you, but this will explain a little bit about Go, making http requests and parsing the result.

OpenID-Connect (oidc) is an identity protocol, you could call it an Oauth2 dialect. It manages your users per realm, well not the protocol but the server does.
Every oidc idp (identity provider aka server) should support the oidc discovery feature.
What is a good OIDC IDP? Keycloak for instance, because it’s free.
Essentially it’s a well known URI that provides information about this IDP or this IDP’s realm in JSON.
The “.well-known/openid-configuration” is appended to the IDP.
To see a live one you could navigate to https://connect.icod.de/auth/realms/testrealm/.well-known/openid-configuration

It lists all the endpoints this server handles and supported grant types and much much more.

I’ve been working with websockets lately and faced the challenge that websockets don’t support passing HTTP headers,
so I had to log in with the token my frontend received by the IDP. And for security reasons this had to be the raw token, not the parsed subject field, because it’s not cryptographically protected.
This means I had to ask the IDP if the token I had received was valid and extract the subject from it.

The below code is the 1st version of how I did it.
It queries the openid-connect discovery document, since the structure was unknown to me, I decoded the response body from the request into a map[string]interface{}.
However in retrospect, I could’ve defined a struct with only the single requested variable in it:

Then this userinfo endpoint is queried with the Accesstoken passed as a Bearer token in the Authorization header.
The result is decoded into the UserInfo struct instance and returned by the function.

I use spew, which is a very helpful tool to display the content of the returned variable.