> 2021年05月15日信息消化 ### SaaS Architecture [10 multi-tenant SaaS application architecture best practices](https://amitashwini.medium.com/10-multi-tenant-saas-application-architecture-best-practices-fa107d69c788) - **self-service**: they should be allowed to register and use the service immediately. - **high-level personalization** - multi-tenancy architecture - **be capable of integration**: integration is possible with other SaaS and on-premise applications. - **operational performance**: web excellent rendering and data querying abilities. - **secure and compliant with industry standards and regulations**: data is segregated for the privacy of the tenants - Dedicate yourself to **monitoring** and **maintaining** the SaaS application - **application scalability** - **database scalability** #### 如何用Auth0设计一个现代的多租户SaaS应用 [How to Design a Modern Multi-tenant SaaS Application with Auth0](https://engineering.opsgenie.com/how-to-design-a-modern-multi-tenant-saas-application-with-auth0-45c446e825b7) we wanted to; - Have a multi-tenant architecture to separate groups of users - Support username-password based sign ups and logins - Support SSO based sign ups and logins with Google, maybe LinkedIn and GitHub next - Built a REST API that can be consumed by different client applications such as a SPA (Single Page Application) or a mobile app client. ![img](https://raw.githubusercontent.com/Phalacrocorax/memo-image-host/master/PicGo/0*WbZIgjxPxRGDiLLo.) ##### Auth0 Management API Auth0会自动创建这个API。我们将使用Auth0管理API来访问和修改我们在Auth0中的所有配置,以及我们的用户相关数据。 Auth0 automatically creates this API. We will use Auth0 Management API to access and modify all our configuration in Auth0 as well as our user related data. ##### Local API (Name after your API such as Badges Rest API) - Identifier (the *audience*) param cannot be changed later so be careful about it. You can use *localhost:8080* for your local Spring boot app development by default. - Enable `*Allow Skipping User Consent*` option in our case. The reason for this is explained later in the post under *Important Points* title. - In our case, we don’t need scope based access for now. If you do, go ahead and modify the scopes. - Don’t forget to authorize *Spring Boot Server App* Client from *Non Interactive Clients* tab. Single Page and Native apps do not require further configuration. ![img](https://raw.githubusercontent.com/Phalacrocorax/memo-image-host/master/PicGo/0*dWO7wSIessk8-Lu5.) ##### REST API — Spring Boot Application ```java @Override protected void configure(HttpSecurity http) throws Exception { final JwkProvider jwkProvider = new JwkProviderBuilder(issuer).build(); final BadgesJwtAuthenticationProvider authenticationProvider = new BadgesJwtAuthenticationProvider(jwkProvider, issuer, apiAudience); JwtWebSecurityConfigurer .forRS256(apiAudience, issuer, authenticationProvider) .configure(http) .authorizeRequests() .antMatchers(POST, "/yourendpoint").permitAll() .antMatchers(GET, "/yourendpoint/status/**").permitAll() .antMatchers("/admin").hasRole("ADMIN") .anyRequest().authenticated() .and() .csrf().disable(); } ``` JwtWebSecurityConfigurer提供了一个方便的抽象来配置Spring Security。如果你看一下实现细节,它会为你处理很多事情。在我们的案例中,我们没有使用默认的AuthenticationProvider。原因是我们想在允许用户在我们的应用程序中进行认证之前,检查额外的数据,如customerId或一个叫做ready的布尔属性。我们还返回一个自定义的AuthenticatedUser类,如果用户成功认证,该类持有额外的数据,如customerId和角色。这些都与多租户支持有关,将在下一篇博文中研究。另一个需要补充的是,如果你想允许来自不同服务器的AJAX请求,在你的Spring应用中要允许CORS映射,对我们来说,这是我们的React.js应用。 JwtWebSecurityConfigurer provides a convenient abstraction to configure Spring Security. If you look at the implementation details, it handles a lot for you. In our case, we did not use the default AuthenticationProvider. The reason for this is that we wanted to check additional data such as customerId or a boolean property called ready before allowing a user to authenticate in our application. We also return a custom AuthenticatedUser class that holds additional data such as customerId and roles if user successfully authenticates. These are related to the multi-tenancy support and will be examined in the next blog post. Another note we should add here is to allow CORS mappings in your Spring app if you want to allow AJAX requests from a different server, for us it was our React.js application. ### Blake Emal: 如何用13个步骤推出产品 https://twitter.com/heyblake/status/1391865961255407616?s=19 **Launch process✍????Write out a plan????Determine target audience????Share on social????Write out pitch content????Write promo content????Amplify at events????Make product available????Share all comms…** I've launched 10+ products (and learned a lot through failure.) Here's how to launch a product in 13 steps: ##### 1: Write out the spec of the launch in a detailed memo. Decide what type of launch this is: - New feature - Net new product - Site and product redesign - Improvements on existing feature Answer the who, what, where, when, and why of the launch. ##### 2: Determine if this should be a small, medium, or large launch. Small - Small milestones and improvements on already existing features. Medium - A new feature that makes a clear difference in a current tool. Large - Net new product. ##### 3: Identify what specific group of people this launch is for. Is this for a subset of your current audience? Is this for a new audience entirely? Outline your niche and ideal customer personas. ##### 4: Compile the exact list of tactics you plan to include for this launch. This is a long section, so gear up. Here are all the places you can look to promote your product launch. Where: Twitter Tactic: Write a Twitter thread. Key Tip: Tell the full story of the product, the fun, and the difficult. Share your vision and hopes. Where: Your Blog Tactic: Write a blog post about your vision. Key Tip: Repurpose the Twitter thread into a blog post. Share with your existing audience. Where: YouTube Tactic: Make a launch video. Key Tip: Show the product in action. Talk about your story and vision. Where: Facebook Groups Tactic: Post in relevant FB groups about your product launch. Key Tip: Ask the group owners before posting anything to make sure it's OK. Where: Your Email List Tactic: Share the Twitter thread to your email subsscribers. Key Tip: Do this instead of directly promoting the link to the product. This helps generate more traction on Twitter first. Where: Google, Facebook, YouTube Tactic: Run paid ads. Key Tip: Not for everyone. If you have budget for this, try running ads (preferably based on prior targeting so you can re-market.) Tactic: Launch before you launch. Key Tip: Set up a listing on BetaList 30 days before launch. This works a lot like Product Hunt. Where: Events or Meetups Tactic: Find events or meetups to promote at. Key Tip: Make the value of your product super clear. Nobody just wants to be pitched at. Where: Social Media Tactic: Collab with influencers. Key Tip: don't just focus on big accounts. Look for relevant accounts to your product that would spread the word for you. Do giveaways! Where: Affiliates Tactic: Co-launch with affiliates. Key Tip: If you already have affiliates for another product, see if they'll be interested in this one as well. Set up a launch plan for them. ##### 5: Write down expected OKRs and metrics to track. What doesn't get measured doesn't get done. Know your goals for: - Revenue - Web Traffic - New Customers - Conversion Rate ##### 6: Write all outreach or pitch content needed. If you're doing events, collaborations, or any type of coordinated content for your launch...write it all out. Batch this work together for max productivity and continuity of messaging. ##### 7: Send outreach to necessary parties and follow up regularly if no response. Pretty self-explanatory on this one. Need a guest for a live stream? Email them. Promoting a Twitter thread? Send it to your audience. And above all: FOLLOW UP. ##### 8: Write all promo content. Batch all your writing for a Twitter thread, blog, video script, FB group blast, email broadcast, etc. Don't procrastinate or this work really adds up. ##### 9: Attend all meetings, podcasts, webinars, collaborations, events, etc expected. Show up to your engagements. Go on tour. **Promote yourself and the product shamelessly.** ##### 10: Make the new feature or product widely available. Push the product live. Collect feedback ASAP. Begin planning V2. ##### 11: Publish all content created when necessary. Once launched, publish your threads, blogs, videos, and do a live stream to celebrate the launch! ##### 12: Stand by for reports of bugs and serve customers. Your job now is customer service. Listen to issues and concerns. Resolve problems. Give your users an amazing first experience with your new product. ##### 13: Conduct a Post Mortem. Report back on metrics for the campaign and make plans for improvements the next go-around. What didn't work for this launch? What worked really well? What 20% of your effort contributed to 80% of the results? ### 区块链防盗版 迪士尼[专利了](https://torrentfreak.com/disney-patents-blockchain-based-movie-distribution-system-to-stop-pirates-210512/)基于区块链的电影发行系统,让盗版者更难盗版分发到影院的电影。被称为“[Blockchain configuration for secure content delivery](https://torrentfreak.com/images/disney-blockchain.pdf)”的专利描述的是向电影院分发电影拷贝。这个过程容易被盗版者在期间或事后拦截。迪士尼认防盗版的安全机制如加水印并足以阻止盗版,因为此类机制都是被动反应而不是预防。它认为基于区块链的安全机制能更严格的控制电影分发过程。预定目标的电影院在允许播放内容前需要先进行验证,确保它们是真正的接收方。区块链安全系统还可以引入其它安全机制,如跟踪电影的播放次数,防止播放次数超过预期。目前还不清楚迪士尼是否会实现这一机制。 https://www.solidot.org/story?sid=67773 ### 一点收获 - [牛人的面试面试memo](https://www.yuque.com/docs/share/1b795dd4-e1f2-4922-b205-7bb0c758103c?#) - FTDD: [Stack on a budget (Free Tier Driven Development FTDD)](https://github.com/255kb/stack-on-a-budget) - Excellence than perfection.