Skip to content

Instantly share code, notes, and snippets.

Avatar

Hos.Mercury HosMercury

View GitHub Profile
@abou7mied
abou7mied / index.hbs
Created Dec 26, 2019
connect-flash + hbs example
View index.hbs
<html>
<body>
{{#each messages}}
Message: {{this}}
{{/each}}
</body>
</html>
@bpas247
bpas247 / state-updates-are-async.md
Last active Oct 12, 2022
State Updates Are Asynchronous
View state-updates-are-async.md

State Updates Are Asynchronous

The gist of it

You do this.

const handleEvent = e => {
  setState(e.target.value);
  console.log(state);
}
View stop-using-jwts.md

Stop using JWTs!

TLDR: JWTs should not be used for keeping your user logged in. They are not designed for this purpose, they are not secure, and there is a much better tool which is designed for it: regular cookie sessions.

If you've got a bit of time to watch a presentation on it, I highly recommend this talk: https://www.youtube.com/watch?v=pYeekwv3vC4 (Note that other topics are largely skimmed over, such as CSRF protection. You should learn about other topics from other sources. Also note that "valid" usecases for JWTs at the end of the video can also be easily handled by other, better, and more secure tools. Specifically, PASETO.)

A related topic: Don't use localStorage (or sessionStorage) for authentication credentials, including JWT tokens: https://www.rdegges.com/2018/please-stop-using-local-storage/

The reason to avoid JWTs comes down to a couple different points:

  • The JWT specification is specifically designed only for very short-live tokens (~5 minute or less). Sessions
@igorjs
igorjs / rest-api-response-format.md
Last active Jan 25, 2023
REST API response format based on some of the best practices
View rest-api-response-format.md
@greyscaled
greyscaled / README.md
Last active Sep 19, 2022
Sequelize + Express + Migrations + Seed Starter
View README.md
@rakd
rakd / template.go
Created Dec 6, 2017
template inheritance for echo/golang
View template.go
package main
import (
"fmt"
"html/template"
"io"
"log"
"os"
"path/filepath"
"strings"
@joepie91
joepie91 / sessions.md
Last active Nov 26, 2022
Introduction to sessions
View sessions.md

While a lot of Node.js guides recommend using JWT as an alternative to session cookies (sometimes even mistakenly calling it "more secure than cookies"), this is a terrible idea. JWTs are absolutely not a secure way to deal with user authentication/sessions, and this article goes into more detail about that.

Secure user authentication requires the use of session cookies.

Cookies are small key/value pairs that are usually sent by a server, and stored on the client (often a browser). The client then sends this key/value pair back with every request, in a HTTP header. This way, unique clients can be identified between requests, and client-side settings can be stored and used by the server.

Session cookies are cookies containing a unique session ID that is generated by the server. This session ID is used by the server to identify the client whenever it makes a request, and to associate session data with that request.

*S

@santoshachari
santoshachari / Laravel PHP7 LEMP AWS.md
Last active Jul 12, 2021
Laravel 5.x on Ubuntu 16.x, PHP 7.x, Nginx 1.9.x
View Laravel PHP7 LEMP AWS.md

#Steps to install latest Laravel, LEMP on AWS Ubuntu 16.4 version. This tutorial is the improvised verision of this tutorial on Digitalocean based on my experience.

Install PHP 7 on Ubuntu

Run the following commands in sequence.

sudo apt-get install -y language-pack-en-base
sudo LC_ALL=en_US.UTF-8 add-apt-repository ppa:ondrej/php
sudo apt-get update
sudo apt-get install zip unzip
@d2s
d2s / installing-node-with-nvm.md
Last active Jan 23, 2023
Installing Node.js to Linux & macOS & WSL with nvm
View installing-node-with-nvm.md

Installing Node.js with nvm to Linux & macOS & WSL

A quick guide on how to setup Node.js development environment.

Install nvm for managing Node.js versions

nvm allows installing several versions of Node.js to the same system. Sometimes applications require a certain versions of Node.js to work. Having the flexibility of using specific versions can help.

  1. Open new Terminal window.
View knexfile-example.js
module.exports = {
development: {
client: 'postgresql',
connection: {
port: process.env.DATABASE_PORT,
host: process.env.DATABASE_HOST,
database: process.env.DATABASE_NAME,
user: process.env.DATABASE_USER,
password: process.env.DATABASE_ACCESS_KEY,
},