Christian Engvall

Untrack files in local repository but keep at origin with git

23 November 2015

To untrack files in local repository but keep at origin, as our scenario needed; to keep folder or files in git origin repository but untrack any local changes made in this folder, You can use “git update-index –assume-unchanged”. This will enable new developers to get all the files in the repository when cloning. The application can make all the changes it wants in the specified folder, but locally they won’t be committed an pushed to the origin. The only minor problem with this solution is that you have to do this on every new machine that clones the repo. But something positive that comes out of this is that when you need to update files in the untracked folder you can.

1. Preparing the repo

Make sure you add the folder with all the containing files(that you later want to untrack) to the repo. And then commit and push it to your origin. In this example my folder is named Library.

git add -- .
git commit -a -m 'adding library folder'
git push

2. Add this folder to .gitignore

/library/*

And then commit this update. If you need more information about how to use the .gitignore file you can look at git online documentation.

At this stage the folder library and its contents are still tracked by git. Any changes to a file in this folder will therefor be marked as changed still. Lets take care of that next.

3. Untrack files in local repository but keep at origin

Now run the following command to untrack the library folder and its contents:

git update-index --assume-unchanged library/*

Make a change to a file in this folder and git will assume it has not been changed, so you won’t commit anything in this folder.

4. Undo this change

Say you need to update a file in the library folder after a while. Then you need only one command to start track this folder again:

git update-index --no-assume-unchanged library/*

5. Make alias of these commands

If you like you can create aliases for these commands to something simpler:

git config --global alias.assume-unchanged 'update-index --assume-unchanged'
git config --global alias.assume-changed 'update-index --no-assume-unchanged'

This makes you able to run:

git assume-unchanged library/*

and:

git assume-changed library/*

Git

Validating C-sharp made JWT signature with PHP

16 November 2015

When validating C-Sharp made JWT signature with PHP, or the other way around, you may run into some problems. What can happen is that the hash will be different but the data still won’t be tampered with. I noticed this when sending a JWT from a server using C# to a server using PHP. This code example will create the same signature with both PHP and C#.

C#:

public static string CreateToken(string sharedSecret) {
    var encodedHeader = Base64Encode("{\"typ\":\"JWT\",\"alg\":\"HS256\"}");
    var encodedClaims = Base64Encode({"score": "12","name": "Crille"});
    var signingInput = encodedHeader + "." + encodedClaims;
    var token = signingInput + "." + Base64Encode(SHA256Sum(signingInput, sharedSecret));
    return token;
}

This is what the method SHA256Sum looks like:

private static string SHA256Sum(string signingInput, string sharedSecret) {
    var encoding = new System.Text.UTF8Encoding();
    var keyByte = encoding.GetBytes(sharedSecret);
    using (var hmacsha256 = new HMACSHA256(keyByte))
    {
        hmacsha256.ComputeHash(encoding.GetBytes(signingInput));
        return ByteToString(hmacsha256.Hash);
    }
}

Base64 encode method looks like this:

private static string Base64Decode(string encodedString) {
    var textBytes = System.Convert.FromBase64String(encodedString);
    return System.Text.Encoding.UTF8.GetString(textBytes);
}

Base64 decode method:

private static string Base64Encode(string plainText) {
    var plainTextBytes = System.Text.Encoding.UTF8.GetBytes(plainText);
    return System.Convert.ToBase64String(plainTextBytes);
}

And a method to create a byte array to a string

private static string ByteToString(byte[] buff)
{
    string sbinary = "";
    for (int i = 0; i < buff.Length; i++)
        sbinary += buff[i].ToString("X2");
    return sbinary;
}

PHP:

This is a class that will encode, decode and validate a JWT-token and will return the same signature as the C# methods. If the data has not be tampered with that is.

<?php

class JWT {

    private $shared_secret = "thesharedsecret";

    function encode($payload) {
        $encoded_header = base64_encode('{"alg": "HS256","typ": "JWT"}');
        $encoded_payload = base64_encode($payload);
        $header_and_payload_combined = $encoded_header . '.' . $encoded_payload;
        $hash = $this->create_signature($header_and_payload_combined);
        $signature = base64_encode($hash);
        $jwt_token = $header_and_payload_combined . '.' . $signature;
        return $jwt_token;
    }

    function is_valid($token) {
        $is_valid = false;
        $token_parts = explode('.', $token);
        $header_and_payload_combined = $token_parts[0] . '.' . $token_parts[1];
        $recieved_signature = $token_parts[2];
        $new_signature = base64_encode($this->create_signature($header_and_payload_combined));
        if($new_signature == $recieved_signature) {
            $is_valid = true;
        }
        return $is_valid;
    }

    private function create_signature($message) {
        $hash = hash_hmac('sha256', $message, $this->shared_secret);
        $hash = strtoupper($hash);
        return $hash;
    }
}

.NET PHP

JSON web token - JWT

13 November 2015

When sending data from an application to a backend server you can use json web token (JWT) to make sure the data has not been tampered with. The token is compact making it quick to send to the backend.

Here is an example of a token:

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ

A token is separated into three parts; Header, payload and signature. And, as you can see in the example above, these parts are separated by a “.” All three parts are base64 encoded. Let’s go trough what the different parts contains.

Part 1 - Introduction

The header mostly consists of two parts alg, and typ.

{
  "alg": "HS256",
  "typ": "JWT"
}

Alg defines what hashing algoritm has been used to create the signature(which we will look at soon). And typ defines type of token, which is JWT.

Payload

The payload contains the data that you want to send to your backend. Example:

{
  "score": "12",
  "name": "Crille"
}

Signature

The signature consists of a base64 encoded HS256-hash built on the first two parts of the token. And this is signed with a shared secret that the app and the backend has.

HMACSHA256(
  base64UrlEncode(header) + "." +
  base64UrlEncode(payload),
  secret)

Part 2 - Example: Creating a JWT with PHP

<?php

$encoded_header = base64_encode('{"alg": "HS256","typ": "JWT"}');
$encoded_payload = base64_encode('{"score": "12","name": "Crille"}');

$header_and_payload_combined = $encoded_header . '.' . $encoded_payload;

$secret_key = 'thisismysecretkey';

$signature = base64_encode(hash_hmac('sha256', $header_and_payload_combined, $secret_key, true));

$jwt_token = $header_and_payload_combined . '.' . $signature;

echo $jwt_token;

Line 3: This line base64 encodes the header json.

Line 4: This line base64 encodes the payload json.

Line 6: Here the the base64 strings are concatenated to one that looks like this:

eyJhbGciOiAiSFMyNTYiLCJ0eXAiOiAiSldUIn0=.eyJzY29yZSI6ICIxMiIsIm5hbWUiOiAiQ3JpbGxlIn0=

Line 10: Here the signature is created. It creates a hash with the s256 algoritm with the secret key that you can see on line 8. This is string is also base64 encoded.

Line 12: This line concatenates the signature with the rest of the values, and creating a jwt token looking like this:

eyJhbGciOiAiSFMyNTYiLCJ0eXAiOiAiSldUIn0=.eyJzY29yZSI6ICIxMiIsIm5hbWUiOiAiQ3JpbGxlIn0=.Or5OIu2KjpE6/rQeg0yDyAjBX7KGlHqRJBBTZYgi3I0=

Part 3: Example: Verifying signature

This code checks so that the signature that was received checks out.

#recieved_jwt would in real life be populated from a $_POST['values'] but for this example this will work
$recieved_jwt = 'eyJhbGciOiAiSFMyNTYiLCJ0eXAiOiAiSldUIn0=.eyJzY29yZSI6ICIxMiIsIm5hbWUiOiAiQ3JpbGxlIn0=.Or5OIu2KjpE6/rQeg0yDyAjBX7KGlHqRJBBTZYgi3I0=';
$secret_key = 'thisismysecretkey';

$jwt_values = explode('.', $recieved_jwt);

$recieved_signature = $jwt_values[2];
$recieved_header_and_payload = $jwt_values[0] . '.' . $jwt_values[1];

$what_signature_should_be = base64_encode(hash_hmac('sha256', $recieved_header_and_payload, $secret_key, true));

if($what_signature_should_be == $recieved_signature) {
	// signature is ok, the payload has not been tampered with
}

Line 2: $recieved_jwt contains the jwt. This would be received from a $_POST value in real life.

Line 5: $jwt_values is an array with the jwt values in it.

Line 7: $recieved_signature contains the signature from the original jwt

Line 8: we separate the header and payload an concatenates them.

Line 10: We create a new signature with the new header and payload.

Line 12: Check if the signature we created is the same as the one we received. If it is the data has not been tampered with.

Part 4 - A quick checklist

Base64 encode a header JSON Object.
Base64 encode a payload JSON Object.
Concatenate the header and payload strings with “.” separator
Compute the signature of the header and payload.
Base64 encode the signature.
Concatenate the signature to the header and payload string.

Conclusion

A json web token is quite easy to create yourself. And it’s easy to validate the signature as well. If the shared key (or $secret_key as its called above) gets in the wrong hands you can not trust the signatures anymore and need to change it.

PHP

Automate screenshots in mac os x

24 October 2015

Update

You can do this with Screenbar. It gives you a user interface instead of running it in the terminal.

Automate screenshots with shell script

I needed to automate screenshots in mac os x, but i needed to use both my hands to play a game at the same time as i was taking screenshots. So i found this gem at TrickyWays. The following script will take a screenshot with a unique name and save it on your desktop. Just copy and paste it into a terminal window:

while [ 1 ];do vardate=$(date +%d\-%m\-%Y\_%H.%M.%S); screencapture -t jpg -x ~/Desktop/$vardate.jpg; sleep 5; done

Just edit the number 5 to a interval in seconds that fit your needs.

Automate screenshots in mac os x terminal

MacOS

Game development

17 May 2015

The last months i’ve picked up game development i Unity. Every week on Fridays I have a day off to work with this project. That project also comes with a new site and developer blog.

Honkbark studios

If you are interested in following that progress you can check it out at Honkbark studios

Miscellaneous