These are chat archives for codefellows/sea-b15-javascript

30th
Jun 2014
Kevin Stephens
@kevinmstephens
Jun 30 2014 01:46
for the jwt secret do we actually just put a random string in for the production environment right into server.js?
then set a string as an environmental variable only for production?
or should we set env variable too for dev?
@toastynerd
I mean do we use a string in production env right in server.js
Tyler Morgan
@toastynerd
Jun 30 2014 01:48
it should be a secure geerated random hash
Kevin Stephens
@kevinmstephens
Jun 30 2014 01:48
how long?
Tyler Morgan
@toastynerd
Jun 30 2014 01:48
I would use an env variable, then use @ivanoats secret generator
it should have the length already set
I can’t remember off the top of my head what it should be
Kevin Stephens
@kevinmstephens
Jun 30 2014 01:49
should I just look up how to set env variable in linux?
Tyler Morgan
@toastynerd
Jun 30 2014 01:49
I want to say 40 chars
Kevin Stephens
@kevinmstephens
Jun 30 2014 01:49
ok
Tyler Morgan
@toastynerd
Jun 30 2014 01:49
whare are you deploying on?
Kevin Stephens
@kevinmstephens
Jun 30 2014 01:49
i'm going to use heroku for now
Tyler Morgan
@toastynerd
Jun 30 2014 01:50
if you’re using heroku just set config with heroku config:set MY_ENV_VAR=“this value”
Kevin Stephens
@kevinmstephens
Jun 30 2014 01:51
will that put it into my local env too?
Tyler Morgan
@toastynerd
Jun 30 2014 01:51
nope, to put in local use export MY_ENV_VAR=“value"
Kevin Stephens
@kevinmstephens
Jun 30 2014 01:51
great thanks
Tyler Morgan
@toastynerd
Jun 30 2014 01:51
you can also use a utility like nconf, which set env variables on a per app basis based on a JSON file
Kevin Stephens
@kevinmstephens
Jun 30 2014 01:52
that sounds good
Tyler Morgan
@toastynerd
Jun 30 2014 01:52
the build is currently failing but accordignto @ElliotChong it still works https://github.com/flatiron/nconf
I haven’t actually used it, when I need to set per app env variables for dev I usually read them in from a json file and do a app.set(‘myKey’, process.env.MY_KEY || file.myKey);
Kevin Stephens
@kevinmstephens
Jun 30 2014 01:55
ok I'll do that for now instead of trying to wrap my head around nconf
then I'll just put it into my private folder with all my other prop. info
Tyler Morgan
@toastynerd
Jun 30 2014 01:57
yup
Kevin Stephens
@kevinmstephens
Jun 30 2014 02:04
what do you use for reading the json?
'fs' or something else
Tyler Morgan
@toastynerd
Jun 30 2014 02:05
fs
Kevin Stephens
@kevinmstephens
Jun 30 2014 02:08
JSON.parse(fs.readFileSync('./private/env.json', 'utf8')).jwtTokenSecret);
Tyler Morgan
@toastynerd
Jun 30 2014 02:09
Looks good
Kevin Stephens
@kevinmstephens
Jun 30 2014 02:10
fun working on a real project now with all these dev weapons!
Tyler Morgan
@toastynerd
Jun 30 2014 02:10
for sure
Kevin Stephens
@kevinmstephens
Jun 30 2014 03:33
mongolabs doesn't use SSL to communicate with your heroku app?
weak sauce
Robert Talamantez
@Talamantez
Jun 30 2014 07:27
'We are targeting Summer of 2014 for full SSL support.'
Kevin Stephens
@kevinmstephens
Jun 30 2014 14:38
how important is SSL between the server and mongo DB?
This message was deleted
Tyler Morgan
@toastynerd
Jun 30 2014 15:18
Depends on your architecture, usually, not very but since heroku probably hosts it on a different instance/server it’s probably a good idea. There is the possibility of a man in the middle attack where someone could potentially pretend to be your mongo server but it would be pretty difficult to set up and it’s unlikely that someone would level a targeted attack at this stage. I wouldn’t worry about it, especially considering that they should have ssl support sometime this year.
Kevin Stephens
@kevinmstephens
Jun 30 2014 15:19
ok. at some point I would move to EC2 probably then my server and mongo would be on the same system and not need ssl right?
you at code fellows today?
Tyler Morgan
@toastynerd
Jun 30 2014 15:34
Yeah I’ll be in but not until 11-noon ish
and yeah on an ec2 instance you;ll probably have them on the same server or seperate but ip filtered
Hailey L. Petway
@hlpetway
Jun 30 2014 18:37
https://github.com/dfcreative/Photoshopr
Photoshop script that converts layer effects to CSS string in one click. It supports shadows, glows, gradient & color overlay, stroke, text-shadow & text-color and other.
Robert Talamantez
@Talamantez
Jun 30 2014 19:04
Niiiiiice
Tyler Morgan
@toastynerd
Jun 30 2014 20:17
If anyone is interested in TAing for f2, send me an email or a pm.