Pavel Argentov argent-smith

Про токены, JSON Web Tokens (JWT), аутентификацию и авторизацию. Token-Based Authentication

Last major update: 20.04.2020

	exception Enough

	let n_ints_from_stdin ~n =
	let reader count =
	try
	if count = n then raise Enough else Some(read_int ())
	with
	\| Enough -> None
	\| err -> raise err
	in

	(* in unikernel.ml *)

	module BoincController (Time : Mirage_time.S) (S : Mirage_stack.V4) = struct
	module C = Protocol.Commands(S)
	module St = C.Stack

	let node_ip = Ipaddr.V4.make 192 168 47 51
	and node_port = 31416

	let start _time stack =

	# тут VPN-туннель
	/ppp profile add change-tcp-mss=yes name=streisand-l2tp use-compression=yes use-encryption=yes use-mpls=no
	/interface l2tp-client add allow=chap allow-fast-path=yes connect-to=167.99.211.56 disabled=no ipsec-secret=ribbon.armed.equip.hen.ocean max-mru=1500 max-mtu=1500 name=l2tp-streisand password=couch.monster.nose profile=streisand-l2tp use-ipsec=yes user=streisand

	# сюда "набиваем" нужные префиксы
	/ip firewall address-list add address=149.154.164.0/22 comment="telegram core" list=rkn-chan
	/ip firewall address-list add address=103.246.200.0/22 comment="Blackberry Limited" list=rkn-chan
	/ip firewall address-list add address=109.239.140.0/24 comment="Telegram Messenger LLP" list=rkn-chan

	# тут главная фишка: прероут-руль, который пометит нужные пакеты роут-маркой

	# OPAM configuration

	set -gx PATH /Users/paul/.opam/system/bin $PATH
	set -gx OCAML_TOPLEVEL_PATH /Users/paul/.opam/system/lib/toplevel
	set -gx PERL5LIB /Users/paul/.opam/system/lib/perl5:$PERL5LIB
	set -gx MANPATH $MANPATH /Users/paul/.opam/system/man
	set -gx OPAMUTF8MSGS 1
	set -gx CAML_LD_LIBRARY_PATH /Users/paul/.opam/system/lib/stublibs:/usr/local/lib/ocaml/stublibs

	~/Development/own/mirage/hello · (master)
	⟩ make depend
	opam pin add --no-action --yes mirage-unikernel-hello-macosx .
	Package mirage-unikernel-hello-macosx does not exist, create as a NEW package ? [Y/n] y
	mirage-unikernel-hello-macosx is now path-pinned to /Users/paul/Development/own/mirage/hello

	[mirage-unikernel-hello-macosx] /Users/paul/Development/own/mirage/hello/ synchronized
	[mirage-unikernel-hello-macosx] Installing new package description from /Users/paul/Development/own/mirage/hello

	opam depext --yes mirage-unikernel-hello-macosx

	#!/usr/bin/env puma

	require "pathname"

	_num_workers = {{ ansible_processor_vcpus }}
	_working_dir = Pathname.new("{{ deploy_to }}/current")
	_rails_env = "{{ rails_env }}"

	workers _num_workers
	directory _working_dir.to_s

	Feb 07 09:29:36 boinc audit[3706]: AVC avc: denied { create } for pid=3706 comm="rancher-net" scontext=system_u:system_r:svirt_lxc_net_t:s0:c234,c943 tcontext=system_u:system_r:svirt_lxc_net_t:s0:c234,c943 tclass=netlink_xfrm_socket permissive=1
	Feb 07 09:29:36 boinc audit[3706]: SYSCALL arch=c000003e syscall=41 success=yes exit=7 a0=10 a1=3 a2=6 a3=0 items=0 ppid=3466 pid=3706 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="rancher-net" exe="/usr/bin/rancher-net" subj=system_u:system_r:svirt_lxc_net_t:s0:c234,c943 key=(null)
	Feb 07 09:29:36 boinc kernel: audit: type=1400 audit(1486459776.366:99): avc: denied { create } for pid=3706 comm="rancher-net" scontext=system_u:system_r:svirt_lxc_net_t:s0:c234,c943 tcontext=system_u:system_r:svirt_lxc_net_t:s0:c234,c943 tclass=netlink_xfrm_socket permissive=1
	Feb 07 09:29:36 boinc kernel: audit: type=1300 audit(1486459776.366:99): arch=c000003e syscall=41 success=yes exit=7 a0=10 a1=3 a2=6 a3=0 items=0 ppid

	open Core_kernel

	let setup_logging () =
	let open Lwt_log in
	default := broadcast [channel ~close_mode:`Keep ~channel:Lwt_io.stderr ()];
	add_rule "*" Info

	let threaded_function = fun pause ->
	Lwt_unix.sleep pause
	>> Lwt_log.info_f "Slept for %f" pause