1 概览

随着微服务时代的到来，我们越来越少的编写一个大型单体应用程序，而是将应用的各个功能拆分成不同的服务，每个服务之间通过网络来相互调用。那么这样就会带来一个问题：

网络是不可靠的

构建一个容错性高的服务成为开发人员的目标，一个弹性的服务可以很好的帮助我们应对各个故障问题。

Polly 就是这样一个 .Net 库， 它提供了若干种策略（Policy）来让我们的服务在应对各种情况下该如何处理。在 Java 世界里也有相同的库：Hystrix.

Polly 对业务代码的侵入量非常小，简单来讲主要分为两步

• 创建策略 (Policy) : 这一步根据需要的场景来创建相应的策略， 比如重试，熔断器等等；还有可以将多个策略组装在一起，形成一个复合的策略。
• 执行操作：将业务逻辑封装成一个委托（Action)，然后调用策 …

1 Content Security Policy

上周在工作中遇到了这样一个问题，在一个网页前端中，使用 Javascript 代码访问一个本地的服务，然后抛出了这样一个错误。

Refuse to connect to 'https://localhost:9780/dauthsvc/sign' because it violates the following Content Security Policy directive: "connect-src 'self' api.localhost ....

原本以为是服务端的错误，在 Google 之后才知道，这原来是 W3C 一个标准协议。那么究竟是怎么一回事呢？

我们都知道我们的网站会被会被一些不法分子攻击，比如跨站脚本（Cros是Site Script, XSS)，比如说攻击者将一个 …

Implement Git series

• 1 Introduction
• 2 Data Provider
• 3 Command Parameters

Ugit supports a lot of basic git operations. All of them are wrapped into the Operations namespace to make it manageable.

1 InitOperation

This operation supports the init command parameter, which has two steps.

1. Clear the .ugit folder
2. Create the HEAD to master branch

2 BranchOperation

This operation is designed to manipulate the branch. For examples

• Show all branches
• Create one branch
• …

There is no secret in BranchOperation just read and write ref/heads folder. Each file of them represents the branch. …

Implement Git series

• 1 Introduction
• 2 Data Provider

As a CLI program, ugit must have to accept multi-commands according to the various input. For example

> ugit init
> ugit add a.txt

C# doesn’t support command parameters parse very well. CommandLine does the job very well.

Now, we add commit command which accepts a required message parameter. what’s more, you can customize the parameter such short verb and long verb forms.

How to use these option?

By default, this package supports up to 16 options. But in ugit, it probably exceeds that. What we need to do is just adding ParserResult<object> and Parser extension method.

So the ugit basic workflow is obvious.

Implement Git series

• 1: Introduction

In the previous post, we have known that Git chooses local file system as database to implement distribution. The key is the the .ugit folder in the repo. On top of that we build all the command to manipulate the repo for version control.

The architecture of ugit .

With IDataProvider we hidden all basic IO operation and provide the local file database operator, like HashObject,GetObject,Get/Update/Delete ref and so on.

We leverage System.IO.Abstractions to make ugit testable and injectable. Besides the ugit file database operator, the IFileOperator also exposes some primitive IO operation.

1 Init

It…

Implement Git by yourself (1: Introduction)

I’d like to say that Git is the most popular version control system (VCS). As a developer, you probably use git porcelain commands in your daily work and treat it as black box. But

If you can’t make one, you don’t know how it works.

You can access to git source code though, it’s a little bit of challenge to go through this repo now. What’s worse, git is written in C language which is sophisticated for us. Git is also Linus Torvalds’s masterpiece. It contains a lot of tricky code.

So, we are…

The On-Behalf-Of flow is used in the case where an application invokes a service/web API, which in turn needs to call another service/web API. The idea is to propagate user identity and permissions through the request chain.

Protocol Diagram

At this point, the application has an access token for API A( token A) with the user’s claim and consent to access the middle-tier web API (API A). Now the API A needs to make an authenticated request to the downstream web API （API B).

Now, I’d like to create web application that will retrieve the user’s profile from Microsoft Graph.

1 App Registration

…

1 Authentication and Authorization

Authentication is the process of proving you are who you say you are. The common used protocol is OpenID Connect. While Authorization is the act of granting an authenticated party permission to do something, which is implemented by OAuth 2.0 protocol.

Before exploring these two protocol flows, let’s have a quick look of parties involved in.

• The Authorization Server is the identity provider (aka: Azure AD) which is responsible for ensuring the user’s identity, granting and revoking access to the resources, and issuing tokens.
• The Resource Owner is typically the end user.
• The OAuth Client is your app, identified by…