JAWS: The Javascript + AWS Stack

JAWS is a stack from Amazon web services(AWS) to ease the development of massive scalable web applications.

It is trying to solve important problems in scalable web application development.

1. No Backend servers: All web and mobile application needs backend server and database server. Since the JAWS back-end is comprised entirely of AWS Lambda Functions, you don't need to write your back end server in Node, Ruby, PHP or python. A back-end comprised of Lambda functions comes with a ton of concurrency and you can easily enable multi-region redundancy. So there is no need for scaling/deploying/maintaing/monitoring servers again.

2. Cheap: Lambda functions run only when they are called, and you only pay for when they are run.

You can build your app using following AWS services

Architecture

Architecture

API

As we know, there is no backend servers. Everything is written as Lambda functions. In normal backend server, we used to write controller to handle the routes. Similarly, each of your API URLs points to one of these Lambda functions and they are completely isolated from each other enabling you to develop/update/configure/deploy/maintain code for specific API urls at any time without affecting other parts.

You can either use the AWS Management Console's API Gateway User Interface to create your API, or define your API in the api_swagger.json file and deploy instantly via AWS's Swagger Import Tool .

Lib

The lib folder/module contains re-useable code you can use across all of your Lambda functions, which can be thought of as your Models. It's an npm module that can be required into your Lambda functions, like any other.

You can can require in only the code that your Lambda function needs.

// This only loads code needed for the User Model
var ModelUser = require('jaws-lib').models.User;

This way, all of the changes in the lib folder will be instantly available in every one of your Lambda functions when you run/test them locally.

CLI

The stack comes with command line tool to test locally and deploy.

# Run A Lambda Function Locally
jaws run

# Deploy A Lambda Function
jaws deploy

# Start A Local Server from site folder
jaws server

The static assets can be uploaded and served from S3 for super fast response times. Definitely JAWS saves lot of development time. You can try and let me know your comments and feedbacks.

View comments

GitHub is blocked in India

GitHub is blocked in India along with pastebin and imgur.

Since 17th December Indian ISPs have started blocking the free Git hosting repository GitHub. No prior information, no explanations, no notice, simple block. The ISPs in India are setting a bad precedent of freedom of speech. Only one ISP, Reliance returned a message that GitHub has been blocked as per the instructions of competent authority.

The Indian government also asked telecom operators and ISPs to block the image sharing site imgur and popular paste hosting website, Pastebin.

It is really a bad news for the fast growing Indian economy. Hope, it will be resolved soon. If you are in India, you can use the following solution.

Add Google DNS Server

This can be solved by adding Google DNS server. If you are a Mac OSX user, following steps will help you

  1. Choose Apple menu > System Preferences, and then click Network.

  2. Select the Network connection service you want to use (such as Wi-Fi or AirPort or Ethernet, unless you named it something else) from the list, and then click Advanced.

  3. Select DNS tab

  4. Click + to replace any listed addresses with, or add, the Google IP addresses at the top of the list:

    • For IPv4: 8.8.8.8 and/or 8.8.4.4.
    • For IPv6: 2001:4860:4860::8888 and/or 2001:4860:4860::8844

When you’re finished, click OK and then Apply. Now you can access the blocked sites.

For Windows user, How to change DNS Servers in Windows 7

View comments

Security HTTP headers

Security becomes an inevitable feature for every web and mobile application. There are many things to consider when securing web applications.

Now let's have a look at the headers and how they can improve the security of your website.

X-FRAME-OPTIONS

This header Provides Clickjacking protection.

X-FRAME-OPTIONS: SAMEORIGIN

Values:

Strict-Transport-Security

The Strict-Transport-Security header will instruct the browser to do two important things:

  1. Load all content from your domain over HTTPS
  2. Refuse to connect in case of certificate errors and warnings
Strict-Transport-Security:max-age=15552000; includeSubDomains

includeSubdomains indicates whether the policy should also be applied to subdomains.

X-Content-Type-Options

To disable the MIME-sniffing, add the header:

X-Content-Type-Options:nosniff

The only defined value, "nosniff", prevents Internet Explorer and Google Chrome from MIME-sniffing a response away from the declared content-type. This also applies to Google Chrome, when downloading extensions.

X-Download-Options

This disables the option to open a file directly on download.

X-Download-Options:noopen

X-XSS-Protection

The XSS protection was introduced in IE 8 as a security measure designed to thwart XSS (Cross Site Scripting) attacks. In short, IE tries to detect whether there has occurred an XSS attack, if so it will modify the page to block the attack and display a warning to the user.

You can set the XSS filter on or off (1 or 0), and there's an optional parameter called mode. If you set mode to block, the page will not be displayed at all. Here are examples of how you can set the header:

X-XSS-Protection: 0
X-XSS-Protection: 1; mode=block

Content-Security-Policy

Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks.

If enabled, CSP has significant impact on the way browser renders pages (e.g., inline JavaScript disabled by default and must be explicitly allowed in policy).

Content-Security-Policy:default-src https:; connect-src https:; font-src https: data:; frame-src https: twitter:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; report-uri https://twitter.com/i/csp_report?a=NVQWGYLXFVZXO2LGOQ%3D%3D%3D%3D%3D%3D&ro=false;

These HTTP headers protect your users from various kinds of attacks.

View comments