stateless | A simple library for creating state machines in C # code
kandi X-RAY | stateless Summary
kandi X-RAY | stateless Summary
This project, as well as the example above, was inspired by Simple State Machine.
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of stateless
stateless Key Features
stateless Examples and Code Snippets
def stateless_dropout(x, rate, seed, rng_alg=None, noise_shape=None, name=None):
"""Computes dropout: randomly sets elements to zero to prevent overfitting.
[Dropout](https://arxiv.org/abs/1207.0580) is useful for regularizing DNN
models. Inpu
def stateless_sample_distorted_bounding_box(image_size,
bounding_boxes,
seed,
min_object_covered=0.1,
def stateless_random_uniform(shape,
seed,
minval=0,
maxval=None,
dtype=dtypes.float32,
name=None,
Community Discussions
Trending Discussions on stateless
QUESTION
Migrating a legacy project to Jakarta EE 8 (Maven EAR build on Wildly 26) I am struggling to get the dependancy injection working from my Entities module (EJB packaging) to WAR module, the maven project structure is:
...ANSWER
Answered 2022-Mar-25 at 11:37Eventually got this working by adding module dependancies to the EJB and Entity modules in jboss-deployment-structure.xml as below...
QUESTION
I'm trying to connect Spring Security to my project. Created the Security Config class
...ANSWER
Answered 2022-Mar-02 at 19:19If this is a local environment, you don't need to configure Spring, instead you modify angular configuration.
Create a file proxy.conf.json
in your project's src
/ folder.
Add the following content to the new proxy file:
QUESTION
As far as I understood, each part of code which is related to any state will be changed(recomposed) with state changes →
And each state is an observable and the dependent UI part observes that state and is subscribed to it(the state) and whenever the state changes it will be notified(redrawing that part of UI) and happening recomposition.
But here in this article of google Thinking in compose, it says that recomposition happens with changing input, so I am confused.
Recomposition is the process of calling your composable functions again when inputs change. This happens when the function's inputs change. When Compose recomposes based on new inputs, it only calls the functions or lambdas that might have changed, and skips the rest. By skipping all functions or lambdas that don't have changed parameters, Compose can recompose efficiently.
Also, here in other sample of compose-roadmap, encourage hoisting the state to make the composable function stateless to avoid recompositions
So it would be great, if someone can make it clear that the recompositions happens only with state changes or input changes also causes?
Thank you in advance for your help
...ANSWER
Answered 2022-Feb-17 at 11:34Recomposition happens when either the parameter values change or a mutable state variable within the composable function is updated.
A stateless function, sometimes referred to as an "immutable" function, is one where no data is stored in the function. This means that if you call the function repeatedly, it would be the same as if you had called it for the first time. The function retains no memory of any variables each time it is called.
Hoisting the state of a composable means that the state variables are kept outside of the composable and the values of those state variables are passed into the composable as normal parameters. This allows you to reuse the composable. This is especially important if you are creating a library of composables that you want to reuse from one project to another. Users of the library can be assured that there are no state dependencies that the composable requires. If you want a truely stateless composable, you would avoid doing things like passing in viewmodels. A viewmodel is very much dependent on the app in which it resides and will have code in it that is very specific to the app. A stateless composable has no dependencies on the app and therefore can be reused elsewhere.
That doesn't mean that you can't use viewmodels in your composables. Initially Google was against this when Compose first came out but realized that it was very awkward for developers. If a developer had no reason to make a reusable composable outside of the screen that it appears on, hoisting the state for every composable becomes a pain resulting in unnecessary boilerplate code. So the general rule is that if your composable is not going to be reused elsewhere and you need access to viewmodel data, you can either pass in the viewmodel as a parameter or access it within the composable through other means.
Aside from viewmodels, you may still want to make a composable stateful even when it needs to be reused. A good example of this is if you are using a TextField. As you are typing in text, you want the text to appear. Without using a state variable to retain the typed characters, you won't see the TextField update. For this reason, using a local state variable to store the entered characters is acceptable. While this doesn't make the composable stateless, it is still something you need to implement. However, even in this example, you can still make it stateless by passing the typed characters back up to the hoisted function and storing it in a viewmodel state variable that in turn triggers the hoisted function to recompose the composable and pass in the text that the TextField needs. But this is rather convoluted and a big round trip just to get characters shown in the TextField and therefore isn't recommended. You might want to do it though if you have a very complex TextField composable and you need to process the characters in your viewmodel as they are being typed - such as might be the case for doing a suggestion lookup for a url.
So even if your composable is stateless but your viewmodel has a mutable state variable that the hoisted function is observing, if the mutable state of that variable changes, the hoisted function will recompose. But whether the composable that the hoisted composable is calling gets recomposed depends on whether the parameter values to that composable change. If they change, a recomposition will occur.
QUESTION
I've created rust bindings to a C library and currently writing safe wrappers around it.
The question is about C functions which take in C function pointers which are not able to take in any custom user data.
It is easier to explain it with an example,
C Library:
...ANSWER
Answered 2022-Jan-25 at 22:52First off, this is a pretty hard problem to solve. Obviously, you need some way to pass data into a function outside of its arguments. However, pretty any method of doing that via a static
could easily result in race conditions or worse, depending on what the c library does and how the library is used. The other option is to JIT some glue code that calls your closure. At first glance, that seems even worse, but libffi abstracts most of that away. A wrapper using the libffi crate would like this:
QUESTION
This is a typical part of Spring Security configuration:
...ANSWER
Answered 2021-Nov-21 at 12:33It seems to me that your only option is the following:
QUESTION
I'm new to flutter. I implemented flutter PageView with the help of its documents:
...ANSWER
Answered 2021-Oct-03 at 13:12I used PageView in my Flutter portfolio website. I noticed that I couldn't swipe to change pages. Later I came to know that this could be done by my Mac's trackpad gestures. Since the PageView was horizontal, I had to horizontally swipe two fingers on my trackpad. You can try that.
QUESTION
I'm trying to run this GitHub project using Drools 7.57.0.Final instead of 7.39.0.Final which was used in original project. And I found some issues. The issue that most triggers me is the one in the Section 6, Step 5. The problem lies in the Drools file VisaApplicationValidationWithAgendaAndSalience.drl. Here is the content with the "debug" statement that I have added:
...ANSWER
Answered 2021-Nov-19 at 20:57Congratulation, you found drools bug DROOLS-6542 - fixed in 7.60.0.Final
There is a workaround - remove mvel dialect for the rule "Invalidate visa application with invalid passport"
.
BTW, I'd like to propose you drools testing library which may save you great amount of time to mind complicated rules and simplify writing test scenarios. Here is how test may look like.
QUESTION
I've been reading about this for a while, and nothing makes sense, and the explanations are conflicting, and the comments are proving that.
So far what I understood is that JWTs are storing information encoded by the server, can have expiry times, and the server with its secret key can decode the information in it if it's valid. Makes sense.
It is useful for scalability, so independent APIs can decode, and validate the information in the token, as long as they have the secret key. Also, there's no need for the information to be stored in any database, not like in sessions. Makes sense.
If the token gets stolen, the API has no way to tell if the token is used by the right person, or not. It is the downside of the above.
By reducing the expiry time of a token, the security vulnerability can be reduced, so thieves have less time to use the tokens without permission. (side question, but if they were able to steal it once, they will probably do it second time as well)
But reducing the time of how long the token is valid means that the user will need to log in every time the token expires, and as from above, it's quite frequent, so wouldn't provide too good UX. Makes sense.
From now, nothing makes sense:
Introducing a refresh token would solve this problem, because it has a longer expiry time. With the refresh token access tokens can be generated, so the user can be logged in as long as they have the refresh token - which is for a longer period of time -, while a stolen access token is still only valid for a short time.
For me the above seems like an extra layer of complexity without any improvement in security. I.e. for me it seems like the above equals to a long-living access token.
Why? Because for me it seems the refresh token is basically an access token (because that's what it generates). So having the refresh token means unlimited access tokens, so unlimited access to the API.
Then I have a read an answer that there's a one-to-one mapping of refresh token, and access token, so stealing the access token still means unauthorised access to the API, but only for a short time, and stealing the refresh token would generate a different access token, so the API could detect the anomaly (different access tokens are used for the same account), invalidating the access tokens.
It seems like I'm not the only one who's confused about the question.
If the above is not true, how refresh tokens really help?
If the above is true, and there really is one-to-one mapping of refresh tokens, and access tokens:
- it completely loses it's benefit of being "stateless"
- the user cannot be logged in from multiple devices (it would have been an "anomaly")
- I can't understand how an access token could be invalidated - is there a session ID stored in the token data, or the user is "blocked"?
It would have been really great if someone could clear the question, because from 5 explanations, 5 conflicting statements are (sometimes the same explanation contains conflicting information), and many developers want to understand this method.
...ANSWER
Answered 2021-Nov-02 at 19:38There is this general confusion around token-based auth, so let's try to clear some of it up.
First, JWTs are not just "encoded" by the server, they are "signed" (which more precisely is message authentication usually). The purpose is that such a token can not be altered or changed by the client, any field (claim) in the token can be trusted to be as the issuer created it, otherwise validation will fail.
This yields two important takeaways:
- validating tokens is important (obviously) in any implementation
- the contents (claims) of a JWT are not encrypted, ie. it's not a secret and can be viewed by the client
Such a token can be used to maintain a session without server-side state, if it contains some kind of an identity for the subject (user, like a user id or email address), and an expiry.
Another important takeaway though:
- Logout (immediate session invalidation) is not possible in a stateless way, which is a drawback. To be able to log out as in invalidate an existing session, the server must store and check revoked tokens, which is necessarily a stateful operation.
Also a JWT token is typically stored in a way that it's accessible for client-side code (javascript), so things like who the user is and when the token will expire can be read by the client app. It need not be so, yet most implementations do this, eg. store it in localstorage. This makes these tokens susceptible to XSS attacks, meaning that any successful XSS will be able to get the token.
For the reasons discussed so far, JWT authentication is inherently less secure than a plain old session, and should only be used if there is a need. Many times when token auth is used, it is not actually necessary, just fancy.
Sometimes such a token is stored in a httpOnly cookie, but in that case the token cannot be sent to multiple origins (one benefit of localStorage) and a plain old session id could also have been used, and would actually be more secure.
Ok, so what are refresh tokens. As you correctly stated, limiting the lifetime of an access token is useful to limit the validity of a compromised token. So a refresh token can be used to get a new access token when the old one expired. The key is where these are stored.
A key takeaway:
- If a refresh token is stored the same way as the access token, it usually doesn't make any sense. This is a common mistake in implementations.
In a better architecture, the following can happen:
- There are (both logically and "physically" as much as it makes sense in today's cloud world) at least two separate components: the identity provider (IdP, or "login service"), and the resource server (eg. an API).
- When a user logs in, they actually create a session with the IdP. In this case either a plain old session id (acting as refresh token) or an actual JWT refresh token is set up for the IdP origin (domain name).
- An access token is then created when needed for the resource server origin, using the existing session with the identity provider.
- Now even if there is a total compromise of the resource server, like in case of successful XSS, the refresh token belongs to a completely separate origin, so cannot be accessed by the attacker. Even if it's the same origin, but the refresh token is in a httpOnly cookie, that helps, because the attacker then needs to be able to perform repeated XSS against a victim user to receive new access tokens.
There can be implementation variants of this, but the point is the above, separation of access to the two tokens.
A one-to-one mapping of refresh tokens to access tokens as you described would I think be unusual and also unnecessary, but one session per user is in fact sometimes a requirement (especially in financial applications where you want to have a very clear audit trail of what a user did). But this is not much related to the things discussed above.
Also as stated above, proper logout (session invalidation) is not possible in a stateless way. Fortunately, very few applications actually need to be truly stateless on the server-side.
QUESTION
I would like to deserialize a wire format, like this JSON, into the Data
structure below and I am failing to write the serde Deserialize
implementations for the corresponding rust types.
ANSWER
Answered 2021-Oct-29 at 13:41Much simpler using tagging, but changing your data structure:
QUESTION
I have a side effect I want to happen when a value changes, but only if a second value is true
. Since both values must be in the dependency array, the side effect is also triggered when the first value is unchanged and the second value is turned 'on', but I don't want it to.
I'm creating a game in React. I want to play (short) sound effects at various events, such as winning and losing. I have a simple helper function to play sounds, which works:
...ANSWER
Answered 2021-Oct-27 at 03:44Manage trigger event with other state not winner object itself.
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install stateless
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page