Skip to content

Commit

Permalink
jq magic to create contacts for SimpleLogin aliases
Browse files Browse the repository at this point in the history
github-actions[bot] authored Feb 23, 2024
1 parent dfa5aef commit 6a19bdc
Showing 3 changed files with 64 additions and 3 deletions.
9 changes: 6 additions & 3 deletions content/blog/Storing 2FA codes on my 1Password.md
Original file line number Diff line number Diff line change
@@ -10,9 +10,12 @@ date: 2021-10-09
I definitely agree with [what James writes here](https://blog.james.cridland.net/should-you-store-your-2fa-totp-tokens-in-your-password-manager-9798199b728):

> Storing them in your password manager is probably as safe, or even safer, than using your phone
> Many people, like Google or the government, text a code to your mobile phone when logging in. That might be visible on my mobile phone’s lockscreen, or my SIM card could be cloned and used elsewhere. It’s much better than having nothing at all, of course: but it’s not quite as secure.
> If you’re storing your 2FA code using Google Authenticator or Authy on your phone, and your password is saved on your phone, then you’ve no two-factor authentication anyway. Both are being stored on the same device, just like your password manager would.
> Lose your phone with Google Authenticator installed, and you lose your codes. If you change phones, you can manually transfer those codes these days, assuming that you still have access to your old phone, but it’s a monumental hassle to switch otherwise.
Many people, like Google or the government, text a code to your mobile phone when logging in. That might be visible on my mobile phone’s lockscreen, or my SIM card could be cloned and used elsewhere. It’s much better than having nothing at all, of course: but it’s not quite as secure.

If you’re storing your 2FA code using Google Authenticator or Authy on your phone, and your password is saved on your phone, then you’ve no two-factor authentication anyway. Both are being stored on the same device, just like your password manager would.

Lose your phone with Google Authenticator installed, and you lose your codes. If you change phones, you can manually transfer those codes these days, assuming that you still have access to your old phone, but it’s a monumental hassle to switch otherwise.

Most people feel that storing 2FA codes would equal putting all eggs in the same basket, but password managers these days are locked down with themselves supporting 2 step authentication. In my case, 1Password goes one step beyond by offering [an unique Secret Key method](https://support.1password.com/secret-key/).

22 changes: 22 additions & 0 deletions content/blog/dnsmasq: Custom DNS resolvers for specific domains.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
---
external: false
notion: b86aaac5-f487-4d84-8ec1-d3cc4eaa7fda
title: dnsmasq: Custom DNS resolvers for specific domains
slug: dnsmasq:-custom-dns-resolvers-for-specific-domains
description: It's possible to setup custom DNS resolvers for certain domains using a dnsmasq config file. Requests still pass through pihole, for ad-blocking capabilities.
date: 2021-10-30
---

Learned a neat thing today -- [it's possible to set custom DNS resolvers for certain domains](https://news.ycombinator.com/item?id=29026068). I can create a custom config file for dnsmasq and specify the DNS resolvers to use for those domains. I don't have a need for it today, but may be handy in cases like archive.is not loading on Cloudflare DNS.

These requests still go through pihole, so ad-blocking capabilities are available. It's just the upstream that changes. My test below confirms so: I have set `dnsleaktest.com` to be queried using Google DNS but requests still pass through pihole.

```text
/etc/dnsmasq.d/02-test.conf
server=/dnsleaktest.com/8.8.8.8
server=/dnsleaktest.com/8.8.4.4
```

![44287-image-5.png](https://blogarunsathiya.files.wordpress.com/2022/07/44287-image-5.png?w=1024&h=357)

I use two Raspberry Pi devices at home, both running pihole with Unbound as a recursive DNS resolver. These devices are connected to my [Tailscale network, so all of my devices (and my friends) can enjoy Unbound and pihole's ad-blocking capabilities](https://blogarunsathiya.wordpress.com/2021/03/30/pi-hole-on-tailscale/).
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
---
external: false
notion: fe3dd800-d59c-4887-96cd-179e64177a33
title: jq magic to create contacts for SimpleLogin aliases
slug: jq-magic-to-create-contacts-for-simplelogin-aliases
description: If you are using SimpleLogin to create unique email aliases, here's a hacky workaround using jq to create contact reverse alias from your terminal application.
date: 2021-10-11
---

One thing that I found lacking in the [SimpleLogin API](https://github.com/simple-login/app/blob/master/docs/api.md) is that, it doesn't expose an API endpoint to create a contact based on the alias' email address. Rather, the `POST /api/aliases/:alias_id/contacts` endpoint requires the alias ID. So, I ended up downloading all aliases as multiple batches (each query returns upto 20 results) and saved them as json files in a folder.

With them in a folder, I could use jq to parse all of these json files for an alias email address, get its ID and further use it to create a new contact. All of this works like a charm now. My entire process works independent of the dashboard now: create a new alias, get its ID, create a contact, copy the reverse contact address, paste it on my email client.

The first part for getting the alias ID involves this command:

```text
cat ~/Documents/SimpleLoginFiles/* | jq '.aliases[] | select(.email=="aliasAddress")' | jq '.id' | tr -d '\n' | pbcopy .
```

It was a pleasant surprise when I learned that I could pipe in all files in a folder to jq, instead of having to implement some sort of a loop logic. I don't know if it's bash's magic or something that jq handles elegantly.

The second part for creating the contact involves this command:

```text
curl --location --request POST 'https://app.simplelogin.io/api/aliases/aliasID/contacts' --header 'Authentication: token' --header 'Content-Type: application/json' --data-raw '{"contact": "contactAddress"}' | jq '.reverse_alias' | tr -d "\\"" | pbcopy .
```

If you are wondering what the `tr -d "\\""` part is, it's to remove the unwanted escape characters that appears as a part of the SimpleLogin API output. I imagine it's possible to remove that using jq, but for now, the current workaround is sufficient.

The contact's reverse address is finally in my clipboard, which I can paste on Apple Mail:

![00750-image-1.png](https://blogarunsathiya.files.wordpress.com/2022/07/00750-image-1.png)

Reverse alias on the "To" field of the composer

SimpleLogin recently announced an update to their Firefox extension too, to create reverse aliases (contact reverse address) on the go, but I like this API-based process better. The extension takes a while to populate all aliases.

0 comments on commit 6a19bdc

Please sign in to comment.