The Guy
TTCTheo's Typesafe Cult
•Created by Joey9 on 4/23/2025 in #questions
T3 Env - Handle Dev vs Prod
The only time you should be checking the NODE_ENV is if you're doing some dev or staging specific actions/bypasses (i.e. I bypass webhook verification locally to speed up dev testing, when in a testing env don't do this, etc.). For separating different
.env files, most of the hosting platforms like Netlify/Vercel have env vars you can adjust and you can choose between prod, staging/preview, and local dev. The exception is if you're doing a lot of infra orchestration and hosting yourself, but that's a different conversation.12 replies
TTCTheo's Typesafe Cult
•Created by Filipi on 4/14/2025 in #questions
Suspense Boundary inside `layout.tsx` with `ppr` and `dynamicIO` enabled
Specifically regarding re-rendering:
“A layout is UI that is shared between multiple pages. On navigation, layouts preserve state, remain interactive, and do not rerender.”
6 replies
TTCTheo's Typesafe Cult
•Created by Filipi on 4/14/2025 in #questions
Suspense Boundary inside `layout.tsx` with `ppr` and `dynamicIO` enabled
I consider layouts to generally be static in the sense that they don’t re-render once delivered. Their children update, but they don’t normally. https://nextjs.org/docs/app/getting-started/layouts-and-pages
Suspense doesn’t work after first render because on first render, the generated layout sees that the child is streaming in, and therefore shows the Suspense boundary fallback. When we return to or move to a dynamic component after this, it’s slotting in the child but doesn’t re-run the suspense because the layout doesn’t re-render, preventing the suspense from running. Suspense can only run when a component is dynamically mounting/rendering or slotting in, and since the layout component doesn’t do that on change for child components, it can’t properly trigger the suspense within the layout component. The suspense also wouldn’t run if we refreshed or started on the second page or static page, then clicked on first page for the same reason.
The suspense being in layout isn’t “wrong” (it works on page load if you’re on the dynamic component), but it just isn’t useful because layout doesn’t re-render at all. Suspense is better off being placed in a component that consistently rerenders with the dynamic component we’re trying to account for.
6 replies
TTCTheo's Typesafe Cult
•Created by Iker on 4/16/2025 in #questions
Email Validation purely from frontend
For verifying an email, you shouldn’t do it purely on the frontend, for security and state management reasons. The flow for email verification traditionally is:
1. user clicks to verify email
2. A code is generated and stored somewhere, preferably a secure place like a db.
3. An email gets generated and sent with a link inside to something like
your-site.com/verify?code=<some verification code>. This can be a page or an API route, however way you want to do it.
4. The user clicks the link
5. Your route digests the verification code
6. In the db, code is marked as used and the email marked as verified.
7. The user gets redirected somewhere
For session based email verification, it’s relatively the same, but you’ll set the verified state in the session with an expiration however many minutes long in the future or make it one time use (requires some middleware/session state logic).
Email OTPs are similar, but without a link in the email. You’ll just place the generated numbers into the email.7 replies
TTCTheo's Typesafe Cult
•Created by AshiBoyMan on 4/6/2025 in #questions
Elixir/Phoenix Journey - Share Your Wisdom!
I will say I’ve yet to look at using phoenix, and probably won’t ever get around to using it.
5 replies
TTCTheo's Typesafe Cult
•Created by AshiBoyMan on 4/6/2025 in #questions
Elixir/Phoenix Journey - Share Your Wisdom!
I don’t have an extreme amount of experience with Elixir, but I can give what the hardest part of the learning curve was for me.
Elixir is closer to the functional programming paradigm than OOP. It follows more mathematical principles like variables being immutable or non-reassignable, using functions to iterate/access arrays, pattern matching properly, etc. I’d say that was the biggest part of the beginner curve for me when learning the language.
There are some pretty well documented resources explaining the primitives and data structures in elixir, including concepts like pinning. I’d suggest using exercism to start picking up the syntax or hopping into codecrafters build your own x. Right now, the free one is an HTTP server, which is beginner friendly for people trying to pick up a new language.
5 replies
TTCTheo's Typesafe Cult
•Created by alextana on 3/24/2025 in #questions
user data encryption
To be fair, the key management is a regular solution. It doesn't fully meet US Federal Security standards lol but it'll do for most applications that don't deal with PII.
If it's something you'd like to learn more about, tools like k8 helm or hashicorp vault are nice. It is geared towards devops/security infra work, but IMO it's never bad to have some knowledge there unless you absolutely hate it. AWS and Cloudlfare have their own secrets manager. Vercel has
sensitive secrets which is really their only form of secrets management right now. The values get decrypted at build, so unless you SSH or get a terminal inside of the server instance, you shouldn't be able to get the env var value. I've used Vault before where we stored API keys and other sensitive items for multiple clients (fintech SaaS), and it's a relatively nice, dynamic experience. Didn't touch infra or management sides of it though.11 replies
TTCTheo's Typesafe Cult
•Created by alextana on 3/24/2025 in #questions
user data encryption
Spot on with what I was about to suggest hahaha just wanted to make sure I had the context right. Sounds like a good solution!
11 replies
TTCTheo's Typesafe Cult
•Created by alextana on 3/24/2025 in #questions
user data encryption
I second that but also wonder what the point of asymmetric encryption would be in this case. If the browser client is decrypting the data, then there’s no point in encryption since the decryption keys will most likely be accessible to anyone using the site, unless everything is SSR or a key pair is made per user.
11 replies
TTCTheo's Typesafe Cult
•Created by alextana on 3/24/2025 in #questions
user data encryption
Would you be able to provide more context for the problem being solved? From what is given, I’m struggling to determine why encryption is taking place and what benefit it provides.
11 replies
TTCTheo's Typesafe Cult
•Created by utdev on 3/20/2025 in #questions
Slug Api Fetch error
Also, I’m noticing you’re using a rewrite, would you be able to share that rewrite from your next config? It could possibly be related to that vs the local DNS
7 replies
TTCTheo's Typesafe Cult
•Created by utdev on 3/20/2025 in #questions
Slug Api Fetch error
7 replies
TTCTheo's Typesafe Cult
•Created by utdev on 3/20/2025 in #questions
Slug Api Fetch error
From what I can tell, yes. Next step might be checking the appropriate service to ensure it’s receiving the request. If it isn’t, then there may be an issue with local DNS resolving the uri
7 replies
TTCTheo's Typesafe Cult
•Created by utdev on 3/20/2025 in #questions
Slug Api Fetch error
Main thing I’m noticing is the subdomain on localhost (not common, so idk if that’s related), but the port is missing from the API url you’ve pasted. From what I’ve searched up, even with the subdomain on local host, you still need the port that backend is running on.
test.localhost:<port number>/api/*
try adding that in and seeing if it solves it!7 replies