How To Build Your Own Auth
Syntax - Tasty Web Development Treats17 Maalis 2021

How To Build Your Own Auth

In this episode of Syntax, Scott and Wes talk about building your own authentication — diving deep into JWT, sessions, tokens, cookies, local storage, CSRF, and how it all works! Prismic - Sponsor Prismic is a Headless CMS that makes it easy to build website pages as a set of components. Break pages into sections of components using React, Vue, or whatever you like. Make corresponding Slices in Prismic. Start building pages dynamically in minutes. Get started at prismic.io/syntax. LogRocket - Sponsor LogRocket lets you replay what users do on your site, helping you reproduce bugs and fix issues faster. It’s an exception tracker, a session re-player and a performance monitor. Get 14 days free at logrocket.com/syntax. Hasura - Sponsor With Hasura, you can get a fully managed, production-ready GraphQL API as a service to help you build modern apps faster. You can get started for free in 30 seconds, or if you want to try out the Standard tier for zero cost, use the code “TryHasura” at this link: hasura.info. We’ve also got an amazing selection of GraphQL tutorials at hasura.io/learn. Show Notes 01:51 - Overview Level Up uses a JWT & secure cookie-based authentication and tracks sessions via a db table. Accounts.js 05:13 - JWT Base 64 encoded (not encrypted) token that contains data. We have both accessTokens and refreshTokens. JWT has three parts: Header What kind of algo was used Payload Data about the user Email Username UserID refreshToken, authToken, sessionId Signature This ensures that no one monkeyed with the above parts. If you change your email in the payload, the signature is not invalid, because in order to generate the signature, it uses the header and payload as part of it. accessToken A short lived JWT that contains the sessionToken, userId and expires after 90min. refreshToken A long lived JWT that contains just the sessionToken and doesn’t expire. JWT can be decoded and read, but you have to encode them with your secret. JWT can be stored anywhere, there are two main places: 20:26 - Cookies We use httpOnly, secure cookies to store the accessToken and the refreshToken. The accessToken is a session cookie and is removed whenever the browser is closed. The refreshToken is valid for 100 days but is also re-created and revalidated for 100 more days each time the accessToken is generated. Because these are httpOnly cookies, they cannot be accessed by JavaScript in the client and can only be set and removed on the server. Note: Safari has stricter rules than others for same domain cookies (e.g. localhost won’t work). 34:26 - Sessions Sessions are when a user logs in on a device. If you open a phone and log in and a computer and log in, those will create two different sessions. A session contains information about the user’s connection (like their IP) but it also contains the userId which allows us to create new accessTokens from a valid session. Sessions can be valid or invalid. This allows us to log anyone out by setting their session to valid: false. Sessions also have sessionToken which are generated on authentication or create account. 38:10 - CORS Cross-origin-resource-sharing Can be super tricky to get working cross-domain You usually have to actually visit the website for the cookie to be set, even with lax cors 46:06 - CSRF 48:47 - Authentication process bcrypt.js 52:13 - Helper Packages NextAuth.js is super easy Passport.js auth0 Links Caddy Fastify ××× SIIIIICK ××× PIIIICKS ××× Scott: reMarkable 2 Wes: Opration Odessa Shameless Plugs Scott: Node Fundamentals Authentication - Sign up for the year and save 25%! Wes: Advanced React - Use the coupon code ‘Syntax’ for $10 off! Tweet us your tasty treats! Scott’s Instagram LevelUpTutorials Instagram Wes’ Instagram Wes’ Twitter Wes’ Facebook Scott’s Twitter Make sure to include @SyntaxFM in your tweets

Jaksot(968)

880: Creator of Home Assistant: Web Components, Self Hosting and Home Hacking

880: Creator of Home Assistant: Web Components, Self Hosting and Home Hacking

Wes and CJ talk with Paulus Schoutsen, creator of Home Assistant, about the future of smart homes, AI-powered automation, and open-source innovation. Show Notes 00:00 Welcome to Syntax! 00:29 What is Home Assistant? 03:32 Web Components in Home Assistant Home Assistant Frontend 10:41 Home Assistant’s stability and longevity 17:05 Is Home Assistant the biggest open-source project using web components? 20:03 How does the native app work? 23:34 Code sharing between Android and iOS 24:17 Self-hosting Home Assistant 28:13 Brought to you by Sentry.io 30:47 Bundle size and memory usage 32:29 How AI and voice assistants are shaping the future of Home Assistant Talking with Home Assistant 37:16 How Paulus made it possible to flash microcontrollers directly from the browser Open Home Foundation 43:48 Web Serial and Web Bluetooth APIs 47:03 Matter, Zigbee, and Z-Wave – where smart home standards are headed Matter Zigbee Z-Wave 51:17 Paulus’ smart home setup Reolink Yale 53:16 Sick Picks + Shameless Plugs Andrew Schmelyun Sick Picks Paulus: Bambu 3d Printer Shameless Plugs Paulus: Nabu Casa Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

26 Helmi 202558min

879: Fullstack Cloudflare

879: Fullstack Cloudflare

Wes and CJ break down everything Cloudflare—from Workers and R2 Storage to Hyperdrive and AI Gateway. Get the scoop on what makes Cloudflare tick, the quirks of their ecosystem, and whether vendor lock-in is a real concern. Show Notes 00:00 Welcome to Syntax! 01:40 Brought to you by Sentry.io. 01:58 What we’re talking about today. 02:48 Cloudflare Workers. 03:06 How Cloudflare Workers… work. 04:39 How Cloudflare Workers run. 06:05 Workers size limitations in JavaScript. 07:37 Cloudflare has their own way. 08:13 Potential vendor lock-in. 08:51 You pay based on CPU time, not wall time. 10:26 Cloudflare Pages. Compatibility Matrix 12:07 Durable Objects. Zeb X Post. PartyKit.io, tldraw. 16:41 Cloudflare Workflows. 19:52 How we do something similar on Syntax.fm. 20:52 Cloudflare Queues. 25:26 Files. 26:15 R2 Storage. Ep 780: Cloud Storage: Bandwidth, Storage and BIG ZIPS. 28:00 The Open Bandwidth Alliance. 28:39 Image Pipelines. 33:24 Cloudflare Stream. Streaming Video in 2025. 34:24 Data. 36:37 Key Value. 40:16 Time To Live. 41:13 Hyperdrive. How It Works. Query caching. 44:01 Vectorize Data. 45:41 AI Gateway. 47:49 Automated Rate-Limiting. 48:50 Frameworks. Orange.js. 52:13 Analytics Engine. Counterscale. Ep 761: Cloudflare Analytics Engine, Workers + more with Ben Vinegar. 52:52 WebRTC Engine. 53:01 Puppeteer API. 54:09 Sick Picks + Shameless Plugs. Sick Picks CJ: Flush MicroSD Adapter for Macbook Wes: Synology. Shameless Plugs Wes: Syntax on YouTube. Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

24 Helmi 202558min

878: You Are Sleeping On Nuxt, Nitro and Vue w/ Daniel Roe

878: You Are Sleeping On Nuxt, Nitro and Vue w/ Daniel Roe

Wes and Scott talk with Daniel Roe about Nuxt and Nitro, demystifying the UnJS ecosystem, serverless deployments, open-source sustainability, and the future of full-stack web development. Show Notes 00:00 Welcome to Syntax! 02:52 Daniel’s work with Nitro Nitro 06:01 What’s the connection between Nitro and Nuxt? Nuxt 09:23 What makes something an UnJS package? UnJS 12:55 Nitro’s built-in features 18:21 What would Daniel use to build an app today? Cloudflare Vercel Netlify 28:01 Brought to you by Sentry.io 28:36 Nuxt and SST SST 32:25 Nuxt vs. Next.js in 2025 Next.js 40:06 Keeping docs up to date 44:46 Who is behind the fantastic design of the Nuxt website? Anthony Fu Rmoon Vite 47:27 Why is Vue awesome? Vue alien-signals 52:47 How do you make money in full-time open source? 55:32 Sick Picks + Shameless Plugs Sick Picks Daniel: DeskPad Shameless Plugs Daniel: React to Nuxt Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

19 Helmi 202558min

877: Tailwind 4

877: Tailwind 4

Tailwind 4.0 is here, and Scott and Wes break down all the spicy new features, from CSS-powered configs to first-class container queries. Plus, they dig into Tailwind Oxide, @property magic, and whether it’s finally time to stop asking, “Why not just use normal CSS?” Show Notes 00:00 Welcome to Syntax! 00:16 Brought to you by Sentry.io. 01:03 Tailwind 4. Tailwind CSS V4.0 Blog. 02:53 Wes’ favorite new feature. 05:45 @property. CSS Houdini API. 07:28 The config is now a CSS file. 08:25 Tailwind Oxide. 10:48 P3 color space. 12:36 Dynamic Utilities + Variants. 13:36 Data attributes. 15:32 First class container query support. 17:03 Starting Style. 19:22 When to use inline styles. 20:13 Descendant selector. Styling Descendants. 20:48 Why not just use “normal” CSS? 22:03 No text shadow support. Scott has to use Tailwind. Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

17 Helmi 202525min

876: MIDI & Music in the Browser

876: MIDI & Music in the Browser

Wes and Scott talk about the Web Audio and Web MIDI APIs, diving into how they enable powerful music and sound manipulation in the browser. They explore MIDI messaging, synthesizing audio, creative coding with music, and share hands-on projects, tips, and libraries to get started. Show Notes 00:00 Welcome to Syntax! 01:17 Brought to you by Sentry.io 02:04 Fun audio experiments Bebot 05:32 What is MIDI? Web MIDI API 14:18 Advanced examples with WEBMIDI.js WEBMIDI.js 17:02 Outputting MIDI messages 24:40 Exploring the Web Audio API webmidirtc 31:20 Audio sampling in the browser 37:35 Media Recorder 39:21 Fun projects MIDI chord machine 42:08 Sick Picks + Shameless Plugs Sick Picks Scott: MX Master 3S Wes: Microcontoller Shameless Plugs The MOST Starred JS Projects Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

12 Helmi 202548min

875: JavaScript Signals Explained

875: JavaScript Signals Explained

JavaScript is missing a built-in way to make variables reactive—but Signals might change that. Scott and Wes break down what Signals are, how they compare to React state, and how different frameworks like Preact, Solid, Vue, and Qwik are already using them. Show Notes 00:00 Welcome to Syntax! 01:49 Brought to you by Sentry.io. 02:28 Why JavaScript needs reactive variables. 03:16 What exactly are signals? Signals Proposal. 04:02 Understanding computed state. 04:59 How signals differ from React state. 06:12 How different frameworks handle reactivity. 07:09 DOM Parts. Pull Request. 07:26 HTML Template Instantiation. Template Instantiation. 09:10 Comparing signals across frameworks: Preact, Solid.js, Vue, and more. PreactJS Signals. Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

10 Helmi 202516min

874: Fast Apps - Easy Perf Wins

874: Fast Apps - Easy Perf Wins

Is your app feeling sluggish? Scott and Wes break down the biggest performance bottlenecks—like bloated assets, slow databases, and waterfall requests—and share easy wins to make your site feel lightning fast. From smarter caching to preloading tricks, these tips will have your app zipping along in no time! Show Notes 00:00 Welcome to Syntax! 00:58 Brought to you by Sentry.io. 02:01 What makes apps slow? 02:10 Loading too much. 03:26 Slow database work. 04:04 Slow server. 04:54 Waterfall requests. 06:34 How do I know what is slow? 06:45 Web vitals. 12:50 Streaming. 14:05 Network tab. 18:18 Performance tab. 22:53 Caching. 22:59 Client-side caching. 23:38 Server-side caching. Valkey.io. Redis.io. 25:40 Local data. 26:11 Gzip. 29:23 CDN. 30:57 Images. Cloudinary. Cloudflare Images. Imgix. Vercel Images. 31:08 Serving. 34:16 Compressing. 35:06 Ship fewer images. 35:50 Loading JS. Async vs Defer Attributes. 37:00 CSS. 38:28 Preloading & Prefetch. 39:40 Preloading on hover. 41:44 Ship less code. 43:49 Icons Nucleo App. 47:01 Fonts Tolin.ski. 51:13 Sick Picks + Shameless Plugs. Sick Picks Scott: Skywalkers on Netflix. Wes: Oxo Swivel Peeler. Shameless Plugs Scott: Syntax on YouTube. Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

5 Helmi 202554min

873: Standard Schema: The Universal JavaScript Data Interface

873: Standard Schema: The Universal JavaScript Data Interface

Wes and Scott talk about the standard schema for data validation, a collective effort by various library authors to create a unified interface. They discuss the benefits, how it works, and its impact on developers and libraries. Show Notes 00:00 Welcome to Syntax! 01:24 Brought to you by Sentry.io 02:44 What is Standard Schema and how does it work? Standard Schema Spec Fabian Hiller Valibot David Blass ArkType Colin McDonnell Zod 06:00 Benefits of Standard Schema 08:54 Implementation and usage 11:25 Is this primarily for end users or library authors? Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

3 Helmi 202513min

Suosittua kategoriassa Politiikka ja uutiset

aikalisa
rss-ootsa-kuullut-tasta
ootsa-kuullut-tasta-2
tervo-halme
rss-vaalirankkurit-podcast
et-sa-noin-voi-sanoo-esittaa
rss-kuka-mina-olen
rss-podme-livebox
politiikan-puskaradio
otetaan-yhdet
rikosmyytit
rss-merja-mahkan-rahat
aihe
viisupodi
rss-hyvaa-huomenta-bryssel
rss-raha-talous-ja-politiikka
rss-tasta-on-kyse-ivan-puopolo-verkkouutiset
rss-50100-podcast