huytd

pub async fn auth_middleware(
    State(db): State<PgPool>,
    cookies: Cookies,
    mut request: axum::extract::Request,
    next: axum::middleware::Next
) -> Result<impl IntoResponse, StatusCode> {
    if let Some(session_token) = cookies.get("session_token").map(|cookie| cookie.value().to_string()) {
        let query = "SELECT user_id FROM sessions WHERE session_token = $1 AND expiration > NOW();";
        match sqlx::query_as::<_,(Uuid,)>(query).bind(&session_token).fetch_one(&db).await {
            Ok((user_id,)) => {

jeremychone

#![allow(unused)] // silence unused warnings while exploring (to comment out)

use sqlx::postgres::{PgPoolOptions, PgRow};
use sqlx::{FromRow, Row};

// Youtube episode: https://youtu.be/VuVOyUbFSI0

// region:    Section

// Start postgresql server docker image:

LukeMathWalker

name: Security audit
on:
  schedule:
    - cron: '0 0 * * *'
  push:
    paths:
      - '**/Cargo.toml'
      - '**/Cargo.lock'
jobs:
  security_audit:

jonhoo

#![warn(rust_2018_idioms)]

#[derive(Debug)]
pub struct StrSplit<'haystack, D> {
    remainder: Option<&'haystack str>,
    delimiter: D,
}

impl<'haystack, D> StrSplit<'haystack, D> {
    pub fn new(haystack: &'haystack str, delimiter: D) -> Self {

abou7mied

<html>
<body>
{{#each messages}}
  Message: {{this}}
{{/each}}
</body>

</html>

bpas247

State Updates Are Asynchronous

The gist of it

You do this.

const handleEvent = e => {
  setState(e.target.value);
  console.log(state);
}

samsch

Stop using JWTs!

TLDR: JWTs should not be used for keeping your user logged in. They are not designed for this purpose, they are not secure, and there is a much better tool which is designed for it: regular cookie sessions.

If you've got a bit of time to watch a presentation on it, I highly recommend this talk: https://www.youtube.com/watch?v=pYeekwv3vC4 (Note that other topics are largely skimmed over, such as CSRF protection. You should learn about other topics from other sources. Also note that "valid" usecases for JWTs at the end of the video can also be easily handled by other, better, and more secure tools. Specifically, PASETO.)

A related topic: Don't use localStorage (or sessionStorage) for authentication credentials, including JWT tokens: https://www.rdegges.com/2018/please-stop-using-local-storage/

The reason to avoid JWTs comes down to a couple different points:

• The JWT specification is specifically designed only for very short-live tokens (~5 minute or less). Sessions

rylev

Learning Rust

The following is a list of resources for learning Rust as well as tips and tricks for learning the language faster.

Warning

Rust is not C or C++ so the way your accustomed to do things in those languages might not work in Rust. The best way to learn Rust is to embrace its best practices and see where that takes you.

The generally recommended path is to start by reading the books, and doing small coding exercises until the rules around borrow checking become intuitive. Once this happens, then you can expand to more real world projects. If you find yourself struggling hard with the borrow checker, seek help. It very well could be that you're trying to solve your problem in a way that goes against how Rust wants you to work.

igorjs

rest-api-response-format

REST API response format based on some of the best practices

Rest API Popular Endpoint Formats

https://api.example.com/v1/items

https://example.com/api/v1/items

Rest API Success Responses

greyscaled

Sequelize + Express Starter Guide

Based off of: http://docs.sequelizejs.com/en/1.7.0/articles/express/

Create your project directory

Create and initialize your a directory for your Express application.

$ mkdir sequelize-demo