configure ctrl + p to search files if in git repo, then call :GFiles, otherwise call :Files function <SID>CtrlP() let l:j1 = system("git -C " . getcwd() . " rev-parse --is-inside-work-tree") let l:j2 = system("git -C " . getcwd() . " rev-parse --is-bare-repository") if l:j1 !~ "true" && l:j2 !~ "true" :Files else :GFiles endif endfunction nnoremap <silent> <C-p> :call <SID>CtrlP()<CR> nnoremap <silent> <leader>fb :Buffers<CR> nnoremap <silent> <leader>fh :History<CR> nnoremap <silent> <leader>fs :Rg<CR> nnoremap <silent> <leader>fS :Rg <c-r><c-w><CR> ……

阅读全文

Error message 413 request entity too large How to fix Nginx increase client_max_body_size Kubenetes Ingress increase proxy-body-size reference -> https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/……

阅读全文

Axios error Request Body Larger Than MaxBodyLength Limit solution config axios maxContentLength/maxBodyLength to a large number or Infinity const options = { url, //method: 'post', //... maxContentLength: Infinity, maxBodyLength: Infinity, }; ……

阅读全文

概述 工作中经常会遇到各种各样的困难，或者是艰难场景，如果处理不好，会对同事，工作，项目造成影响。 常见的一些类型 目标冲突 一个人给出的目标与另一个人共享的目标相冲突, 比如员工的个人职业规划和安排的工作目标有冲突。 角色冲突 当某人要执行一项不属于他们通常的角色或职责的任务时，或者当他们被……

阅读全文

Issue Cacheable SSL Page Found Risk It is possible to gather sensitive information about the web application such as usernames, passwords, machine name and/or sensitive file locations Cause Sensitive information might have been cached by your browser Fix Prevent caching of SSL pages by adding “Cache-Control: no-store” and “Pragma: no-cache” headers to their responses. Possible solution you can also change the HTTP method from GET to POST if it is NOT a page but a rest API.……

阅读全文

Issue Cookie with Insecure or Improper or Missing SameSite attribute Risk Prevent cookie information leakage by restricting cookies to first-party or same-site context, Attacks can extend to Cross-Site- Request-Forgery (CSRF) attacks if there are no additional protections in place (such as Anti-CSRF tokens). Cause Sensitive Cookie with Improper or Insecure or Missing SameSite Attribute Fix Review possible solutions for configuring SameSite Cookie attribute to recommended values for K8s, you may edit the ingress configuration, set samesite value nginx.ingress.kubernetes.io/session-cookie-samesite: "Strict" ……

阅读全文

Security Risk: It is possible to view, modify or delete database entries and tables Cause: Sanitation of hazardous characters was not performed correctly on user input Fix: Review possible solutions for hazardous character injection Reasoning: The test result seems to indicate a vulnerability because it shows that values can be appended to parameter values, indicating that they were embedded in an SQL query. In this test, three (or sometimes four) requests are sent. The last is logically equal to the original, and the next-to-last is different. Any others are for control purposes. A comparison of the last two responses with the first (the last is similar to it, and the next-to-last is different) indicates that the application is vulnerable. How to fix https://sequelize.org/v5/manual/raw-queries.html make sure to ‘replace’/‘bind’……

阅读全文

Github Oauth2 首先，在github上申请一个Oauth App, 获取client id / secret 需要这些信息，下边的代码是放在环境变量中 AUTH_URL = os.Getenv("AUTH_URL") // github authorization url TOKEN_URL = os.Getenv("TOKEN_URL") // github token url CLIENT_ID = os.Getenv("CLIENT_ID") // client id CLIENT_SECRET = os.Getenv("CLIENT_SECRET") // client secret REDIRECT_URL = os.Getenv("REDIRECT_URL") // the redirect url 在包的初始化代码中，初始化 var ( oauth2Config *oauth2.Config ) init() { oauth2Config = &oauth2.Config{ ClientID: CLIENT_ID, ClientSecret: CLIENT_SECRET, RedirectURL: REDIRECT_URL, // Discovery returns the OAuth2 endpoints. Endpoint: oauth2.Endpoint{ AuthURL: AUTH_URL, TokenURL: TOKEN_URL, AuthStyle: oauth2.AuthStyleInHeader, }, Scopes: []string{"openid", "email", "site_admin", "repo", "admin:org", "user"}, } Login……

阅读全文

channel to terminate 在 main.go中, 创建一个channel接收os.Signal sigChan := make(chan os.Signal, 1) // ctrl+c->SIGINT, kill -9 -> SIGKILL signal.Notify(sigChan, syscall.SIGINT, syscall.SIGKILL) 在main.go快结束的位置，加上 <-sigChan log.Info("exit") 如果用户有发送kill -9 或者ctrl+c， 会接收到这个信号。……

阅读全文

cron in golang 在golang中，有个包github.com/robfig/cron/v3可以实现linux中类似的cron功能，使用也比较简单。 官方文档中比较详细，这里只是简单记录一下。 c := cron.New() schlTime := "0 2 * * ?" // send reminder for org members c.AddFunc(schlTime, func() { log.Info("Send reminder for org member expiration job started") defer func() { log.Info("Send reminder for org member expiration job finished") }() log.Info("started to remind expired org members") err = task.RemindExpiredOrgMember(14) if err !=……

阅读全文