steveyash
TTCTheo's Typesafe Cult
•Created by steveyash on 2/14/2025 in #questions
Curious about Next.js Errors
Additional context:
* I'm trying to build a completely SSG website.
* All content is precompiled and routes are known at compile time.
* Next.js
export mode is intentional
* Next.js v15.1.52 replies
TTCTheo's Typesafe Cult
•Created by 7A657230646179 on 1/29/2025 in #questions
what's a good way to add a blog to my friend's site
I'm working on my blog and website rn. Instead of building a whole CMS, auth and everything else, I'm using Jupyter notebooks for writing and writing a fully SSG next.js site which renders those notebooks.
Trying to keep it simple until it infuriates me, then I'll add complexity (a backend).
11 replies
TTCTheo's Typesafe Cult
•Created by Tariq Atlas on 1/13/2025 in #questions
Personal inventory system
You could even attach a form to a spreadsheet to reduce data errors (such as Google Forms + Google Sheets). When you outgrow a spreadsheet, you can normalize and convert it to a database. I typically prefer to use the simplest and cheapest method first until I reach its limitations. 😉
9 replies
TTCTheo's Typesafe Cult
•Created by Jimmy Page on 12/27/2024 in #questions
JWT with long-lived Refresh Tokens
possibly. you'd just need enough information to invalidate the JWT.
76 replies
TTCTheo's Typesafe Cult
•Created by Jimmy Page on 12/27/2024 in #questions
JWT with long-lived Refresh Tokens
xss is just one possible vulnerability
76 replies
TTCTheo's Typesafe Cult
•Created by Jimmy Page on 12/27/2024 in #questions
JWT with long-lived Refresh Tokens
user enters their username / password again
76 replies
TTCTheo's Typesafe Cult
•Created by Jimmy Page on 12/27/2024 in #questions
JWT with long-lived Refresh Tokens
Handling expired refresh tokens depends on your business rules. For some use cases (such as banks, for example), you may not allow the refresh token to be renewed. But in other cases, the refresh tokens can be renewed.
76 replies
TTCTheo's Typesafe Cult
•Created by Jimmy Page on 12/27/2024 in #questions
JWT with long-lived Refresh Tokens
Using a refresh token and an access token provides a good mix of security, revocability and performance without adding significant amounts of complexity. Think of the typical lifecycle:
1. User logs in - is granted a refresh token.
2. User calls some APIs, does some things - they would use a short lived access token.
3. Someone hacks both the access token and refresh token
Revocation:
the access token could be allowed to expire, or a small kv-db or cache could be used to revoke it. Problem solved for the access token, but not yet the refresh token.
Since you are rarely touching the refresh token, it can be less optimized - keep a token id in the JWT refresh token and mark it revoked at the database. It shouldn't have a huge performance penalty because the refresh tokens are rarely used.
The best part is since access tokens are very unlikely to be revoked, the amount of storage required to store if an access token is revoked is negligible.
Performance:
There will always be fewer access tokens than refresh tokens. They expire fast, so do not need to be persisted long term. It's really easy to optimize them to use redis or another lightning fast store.
Obviously, if somoene gets a hold of an access token or refresh token, it takes moments to destroy somoene's account. Thus for destructive actions, it's anyways a good idea to re-authenticate the user.
76 replies
TTCTheo's Typesafe Cult
•Created by I'm Not An Engineer on 12/28/2024 in #questions
Are Serverless functions the right thing for me?
GH pages is just a static host. Use S3 or literally anything else - even your own hard drive.
24 replies
TTCTheo's Typesafe Cult
•Created by I'm Not An Engineer on 12/28/2024 in #questions
Are Serverless functions the right thing for me?
@I'm Not An Engineer Weird idea - why not run everything locally and build to static files? Moreover, if you are the only one adding content, you might be able to get by with Jekyll or smtn and host on GH pages :).
24 replies