How To Build Your Own Auth
Syntax - Tasty Web Development Treats17 Maalis 2021

How To Build Your Own Auth

In this episode of Syntax, Scott and Wes talk about building your own authentication — diving deep into JWT, sessions, tokens, cookies, local storage, CSRF, and how it all works! Prismic - Sponsor Prismic is a Headless CMS that makes it easy to build website pages as a set of components. Break pages into sections of components using React, Vue, or whatever you like. Make corresponding Slices in Prismic. Start building pages dynamically in minutes. Get started at prismic.io/syntax. LogRocket - Sponsor LogRocket lets you replay what users do on your site, helping you reproduce bugs and fix issues faster. It’s an exception tracker, a session re-player and a performance monitor. Get 14 days free at logrocket.com/syntax. Hasura - Sponsor With Hasura, you can get a fully managed, production-ready GraphQL API as a service to help you build modern apps faster. You can get started for free in 30 seconds, or if you want to try out the Standard tier for zero cost, use the code “TryHasura” at this link: hasura.info. We’ve also got an amazing selection of GraphQL tutorials at hasura.io/learn. Show Notes 01:51 - Overview Level Up uses a JWT & secure cookie-based authentication and tracks sessions via a db table. Accounts.js 05:13 - JWT Base 64 encoded (not encrypted) token that contains data. We have both accessTokens and refreshTokens. JWT has three parts: Header What kind of algo was used Payload Data about the user Email Username UserID refreshToken, authToken, sessionId Signature This ensures that no one monkeyed with the above parts. If you change your email in the payload, the signature is not invalid, because in order to generate the signature, it uses the header and payload as part of it. accessToken A short lived JWT that contains the sessionToken, userId and expires after 90min. refreshToken A long lived JWT that contains just the sessionToken and doesn’t expire. JWT can be decoded and read, but you have to encode them with your secret. JWT can be stored anywhere, there are two main places: 20:26 - Cookies We use httpOnly, secure cookies to store the accessToken and the refreshToken. The accessToken is a session cookie and is removed whenever the browser is closed. The refreshToken is valid for 100 days but is also re-created and revalidated for 100 more days each time the accessToken is generated. Because these are httpOnly cookies, they cannot be accessed by JavaScript in the client and can only be set and removed on the server. Note: Safari has stricter rules than others for same domain cookies (e.g. localhost won’t work). 34:26 - Sessions Sessions are when a user logs in on a device. If you open a phone and log in and a computer and log in, those will create two different sessions. A session contains information about the user’s connection (like their IP) but it also contains the userId which allows us to create new accessTokens from a valid session. Sessions can be valid or invalid. This allows us to log anyone out by setting their session to valid: false. Sessions also have sessionToken which are generated on authentication or create account. 38:10 - CORS Cross-origin-resource-sharing Can be super tricky to get working cross-domain You usually have to actually visit the website for the cookie to be set, even with lax cors 46:06 - CSRF 48:47 - Authentication process bcrypt.js 52:13 - Helper Packages NextAuth.js is super easy Passport.js auth0 Links Caddy Fastify ××× SIIIIICK ××× PIIIICKS ××× Scott: reMarkable 2 Wes: Opration Odessa Shameless Plugs Scott: Node Fundamentals Authentication - Sign up for the year and save 25%! Wes: Advanced React - Use the coupon code ‘Syntax’ for $10 off! Tweet us your tasty treats! Scott’s Instagram LevelUpTutorials Instagram Wes’ Instagram Wes’ Twitter Wes’ Facebook Scott’s Twitter Make sure to include @SyntaxFM in your tweets

Jaksot(970)

826: You Need These 30 Apps - PART 2

826: You Need These 30 Apps - PART 2

In part 2 of covering the best apps for web developers, Scott and Wes dive into must-have tools that will level up your workflow. From screenshot utilities to development tools and video production apps, this episode is packed with recommendations to boost your productivity and creativity. Show Notes 00:00 Welcome to Syntax! 01:44 Brought to you by Sentry.io. 02:30 Utilities. 02:48 BetterTouchTool. 09:31 Hyperkey. 11:46 Amethyst. 12:51 Klack. 13:47 Bottom (Btm). 14:54 Pearcleaner 16:40 App Cleaner. 17:35 Rocket Emoji. 20:27 Clippy. 23:37 Screenshots and Screen Recordings. 24:05 Dropshare. 25:29 OBS with Source Record. 29:20 Screen Studio. 30:58 Detail.co. 31:22 Cap. 32:08 Kap. 32:46 CleanShot X 34:15 Video and Production. 34:24 DaVinci Resolve. 37:46 Affinity Pro. 39:42 PrincipleForMac. 40:39 Inkscape. 41:34 Development tools. 41:38 DBngin. 43:12 TablePlus. 45:48 MongoDB Compass. 46:14 Proxyman. 47:00 Wireshark. 47:31 Polypane. 48:30 Setapp. 49:44 SVG Grabber. 51:42 Sick Picks & Shameless Plugs. Sick Picks Scott: Untold Sign Stealer. Wes: Magentiles Marble Run. Shameless Plugs Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

25 Syys 202456min

825: Syntax Assistant Desktop App

825: Syntax Assistant Desktop App

Scott walks Wes through the new Syntax Production Assistant Desktop App, designed to streamline and automate their complex publishing process. From tech stack choices like Svelte5 and Rust to AI-driven features, they dive into how this tool keeps everything consistent. Show Notes 00:00 Welcome to Syntax! 00:44 Brought to you by Sentry.io. 01:37 What was the idea? 05:42 The tech. Svelte5, Tauri, Rust, FFMPEG. 08:32 Markdown editor. ink-mde, Dillinger. 09:32 Epoch timestamps. Epoch.vercel. 10:01 Updating front-matter. 10:10 Dexie.js function. 11:25 Backing up data. 11:58 Rust functions. 12:58 Why a desktop app and not a website? 14:38 Some small AI features. 16:26 Challenges with OAuth. 20:03 Publishing challenges. 23:29 Could this work on Windows? 23:54 Debugging. 26:23 Deciphering Apple logs. Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

23 Syys 202428min

824: Taylor Otwell's opinions on PHP, React, Laravel and Lamborghini Memes

824: Taylor Otwell's opinions on PHP, React, Laravel and Lamborghini Memes

In this episode of Syntax, Wes and Scott talk with Taylor Otwell, the creator of Laravel. Taylor shares insights on his journey from creating Laravel in his free time to building a strong community and user base. He discusses Laravel’s growth, including the major features and tools that were developed over the years. Taylor also shares his outlook on the PHP ecosystem, productivity tips, and plans for Laravel Cloud, a new deployment platform for PHP and Laravel applications. Show Notes 00:00 Welcome to Syntax! 00:29 Laracon 03:13 Laravel’s inspiration and features Intertia Livewire 07:18 Why don’t we have a “Laravel for JavaScript”? 09:02 What parts of Laravel came first? 10:07 The Laravel ecosystem Forge Vapor 12:29 Laravel Cloud 14:00 What parts of Laravel are Intertia and what parts are React? 15:57 How many people are using Laravel? 16:59 Taylor’s productivity and development philosophy 24:43 Brought to you by Sentry.io 25:19 What makes a beautiful API? 29:33 Taylor’s thoughts on typing PHP 30:41 Features Taylor would like to see in PHP 33:03 What people get wrong about modern PHP 34:22 PHP stacks and CMSs Nginx FrankenPHP Statamic 37:30 Taylor’s thoughts on WordPress 38:14 Lambo memes 43:44 Taylor’s coding setup Sublime Text Vs Code 45:36 Sick Picks + Shameless Plugs Sick Picks Taylor: Tiny Glade No Man’s Sky Shameless Plugs Taylor: Laravel Cloud Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

20 Syys 202450min

823: Is Cursor AI the VS Code Killer?

823: Is Cursor AI the VS Code Killer?

Scott and Wes serve up a discussion on AI coding assistants with a deep look at Cursor AI, exploring its unique features like multi-line auto-complete and Smart Rewrites. They also discuss why Cursor’s intuitive UI stands out and tackle the big question: is it worth the investment? Show Notes 00:00 Welcome to Syntax! 01:16 Brought to you by Sentry.io. 01:48 Handling objections around AI assistants. 02:55 Context windows and how they’re improving functionality. Syntax.fm Episode 728 with Kevin Hou of Codeium 04:08 Cursor’s UI. 04:51 This is cool, why is it not a plugin? 08:12 What makes the UI interesting. 09:13 Smart Rewrites. 11:44 It can create multiple files. 13:05 Using the chat interface. 16:32 Another chat example. 20:22 The main features of Cursor. 21:55 Multi-line auto-complete. 23:55 Using docs for additional context. 27:26 AI is here to help you, not replace you. 33:27 Is it worth it? 33:55 The pricing. 44:10 Sick Picks & Shameless Plugs. Sick Picks Scott: The Iron Historian, Scott’s Salt & Pepper Mills. Wes: Oxo Salt & Pepper Mills. Shameless Plugs Scott: Syntax.fm Zed Theme. Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

18 Syys 202450min

822: Receipt Printer with JavaScript

822: Receipt Printer with JavaScript

Wes unveils his Hack-Week project —a thermal printer controlled by JavaScript that prints out Sentry.io errors in real-time. Scott and Wes dive into the nitty-gritty of how it works, from the ESC/POS protocol to tackling socket issues, and whether the project was worth the effort. Show Notes 00:00 Welcome to Syntax! 00:38 Brought to you by Sentry.io. 01:10 What is Hack Week? 01:41 The project. Follow the posts on X. 02:40 Why a receipt printer? 03:55 How do these printers work? ESC/POS. 05:20 Communicating with the printer. 07:24 ESC/POS Encoder. ESC/POS Encoder. 08:42 Socket issues. 09:56 Using Transformers.js to stop ‘toxic comments’. Xenova’s toxic-bert. Implementation in Wes’ code. 10:48 Back to socket issues. 12:18 Integrating with Sentry. 15:01 Printing images with Playwright. 16:17 Was it worth it? Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

16 Syys 202420min

821: Is Tauri the Electron Killer?

821: Is Tauri the Electron Killer?

In this episode of Syntax, Wes and Scott talk with Daniel Thompson-Yvetot about Tauri. They dive into what Tauri is, the motivations behind its development, its open-source ecosystem, use cases, and more. Show Notes 00:00 Welcome to Syntax! 02:01 What is Tauri? 02:59 What’s new in Tauri 2.0? 06:41 The benefits of Tauri over Electron 11:28 Can you use Node? 14:21 Mac, Linux, and Windows Verso Servo 25:05 How does Tauri make money? CrabNebula 30:05 Brought to you by Sentry.io 30:30 Accessing Swift from JavaScript 31:44 What’s the hardest part of a project like this? Haptics Plugin 37:00 Some of the apps that have shipped with Tauri Cody GitButler Tauri Discord Awesome Tauri 43:18 The future of Tauri 50:23 Sick Picks & Shameless Plugs Links Rustlings Cassidy Williams Sick Picks Daniel: 5secondfilms Shameless Plugs Guest: Manufacturing European Software (Coming Soon) Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

13 Syys 202454min

820: Potluck: 8000 ESLint Errors × HTML Time Tag × 7 Meg React Bundle × CSS Modules

820: Potluck: 8000 ESLint Errors × HTML Time Tag × 7 Meg React Bundle × CSS Modules

In this Potluck episode of Syntax, Scott and Wes answer your questions, from weighing the trade-offs between numerous small npm packages and a few larger ones to managing the challenges of work-from-home life. They also explore CSS modules, strategies for shrinking JavaScript bundles, and even where to find the best replacement ear cups for your headphones. Show Notes 00:00 Welcome to Syntax! 00:38 Commentating basketball. 01:16 Brought to you by Sentry.io. 02:09 The video podcast doesn’t translate well to audio. 04:08 Many small npm packages vs a few large. 09:55 Developers dealing with WFH, ADHD, and kids. 15:59 CSS modules for scoping styles to components. 20:55 Scoped CSS in React? 23:21 Reducing JS bundle sizes. Bundle Phobia. Javascript Bundle Analysis [Beta]. 29:44 Balancing learning, doing, and teaching. 33:04 Making maps local first. 36:20 How to pronounce ‘schema’. Wes Bos Tweet. 37:09 HTML tag. 40:11 Where to get replacement ear cups for headphones? wickedcussions. Scott’s Audeze Headphones. 42:21 ESLint and hiding errors. 48:48 Sick Picks & Shameless Plugs. Sick Picks Scott: Allen Wrench Set. Wes: Clarkson’s Farm – Amazon Prime. Shameless Plugs Wes: Syntax.fm, YouTube Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

11 Syys 202456min

819: Fun & Profitable Side Projects for Developers

819: Fun & Profitable Side Projects for Developers

Scott and Wes serve up a hasty discussion on side projects, sharing their latest Hack Week experiments and tips on how to turn fun ideas into profitable ventures. They cover everything from finding inspiration to choosing the right tech, and even offer advice on how to finish what you start. Show Notes 00:00 Welcome to Syntax! 01:11 Brought to you by Sentry.io. 01:27 Wes’ Hack Week project. 02:30 Scott’s Hack Week project. 04:18 Where do you get ideas for side projects? 09:22 End goals for a side project. 14:47 Other end goals. 16:45 What tech should you use? drop-in. 20:34 Keeping notes. 23:14 Finishing side projects. 26:39 Shameless Plugisode! Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

9 Syys 202428min

Suosittua kategoriassa Politiikka ja uutiset

tervo-halme
aikalisa
rss-ootsa-kuullut-tasta
ootsa-kuullut-tasta-2
politiikan-puskaradio
viisupodi
rss-kuka-mina-olen
rss-vaalirankkurit-podcast
rss-podme-livebox
otetaan-yhdet
rikosmyytit
rss-kaikki-uusiksi
et-sa-noin-voi-sanoo-esittaa
rss-hyvaa-huomenta-bryssel
rss-asiastudio
radio-antro
rss-kiina-ilmiot
rss-poliittinen-talous
rss-merja-mahkan-rahat
rss-tasta-on-kyse-ivan-puopolo-verkkouutiset