This channel is a collection of various programming videos, tutorials, projects, talks, or anything software engineering and programming related. If you are new to coding and want to learn how to program or get a job in the industry, be sure to subscribe to my channel. There is a lot of great content on this channel to help you out in your coding goals.
Пікірлер
How do i add loading on server side in remix? , in next js, i can create a file call loading.tsx
Overwrite. Underverse reference
When ever i feel down or dont wanna code I always comeback and look into your channel. your short videos and few motivational videos now and then helps a lot. thank you senpai
not the video i wanted, the video i needed
how do u use server action in client component. Like with this startTransition thing, i truly don't get it
I am fighting with this library to create a setup where I can use separators to build out 2 sections, but each section to fall under the docs/ route. If there's any other folder inside of docs it immediately makes it a menu and I can't figure out any way around this. Do you know ?
Everything you said, plus I also like the Things app (syncs mobile/desktop, etc.) which I learned about from another solopreneur dev. Related to dev/projects, I mostly just use the “recurring todos” feature or little one-off tasks/reminders for a certain day… actual project management with Trello (or plannerai :) )
Thanks,i think this is good info
I think i have a crippling fear of failure or hating my final project, cuz i never make good looking projects (ui is not so good) and it kinda demoralising
Hi Code, Does railway provides its own CDN for nextjs app or do we have to use other cdn service like cloudflare? Thanks
You’d need to put cloudflare in front of
I can't even finish this video LMAO
thank you cody
Please make a video on Lucia Auth 👀
Great Lecture. Very Well explained. Good tool earse.. I will certainly use this toll.
Thanks man! I love your videos, it's fast but not fast enough to make it hard to understand and not slow enough to make me feel sleepy, your videos are precise and explains the connections/relationship between different things!
coincidentally this is like what im doing like right now. Great vid. Here is a video idea. How to use next auth with an external backend. Without nextjs built in backend if you get what im trying to say. because there is this backend guy i work with who built the jwt himself then in my next app i use next-auth so we are really confused on how to amalgamate the two strategies.
Small update on Drizzle Studio for those who face a problem to access it: 1/ update drizzle kit: npm i drizzle-kit@latest -D 2/ in the drizzle.config.ts, change driver to dialect and connectionString to url 3/ restart your studio: npm run db:studio It should work just fine.
Personally in these cases I prefer use the `cn` utility function, you can use `clsx` straight btw. I just separate logically the classes in logic order and I'm set. From: ``` <input className='flex flex-col my-3 mx-auto w-1/2 bg-white text-slate-900 border border-slate-200 rounded-lg shadow-sm hover:shadow-lg hover:border-slate-300 focus:outline-none focus:ring-2 focus:ring-slate-500 focus:border-slate-500' /> ``` To: ``` <input className={cn( 'flex flex-col my-3 mx-auto w-1/2', 'bg-white text-slate-900', 'border border-slate-200 rounded-lg shadow-sm', 'hover:shadow-lg hover:border-slate-300', 'focus:outline-none focus:ring-2 focus:ring-slate-500 focus:border-slate-500' )} /> ```
I will stick to my VPS approaches. But I completely agree with you on the database and file storage part. It is stressful to always think about those and implement defensive measures in your backend for them.
Has NextAuth basically been bought out by Clerk and turned into a sales funnel for them?
l'm looking to enhance the security of my Next.js app by implementing a feature where users need to re-enter their password before accessing routes displaying sensitive information or performing critical actions. How can I protect these routes to ensure that only authenticated users who have re-entered their password can access them?
What theme is that
Bearded theme stained blue
Bro it's way past time for you to move to Remix
If remix had rsc and server actions I would
@@WebDevCody they just showed off RSC today
Thanks for sharing your perspective!
Nice! Basically the architecture of Dokku with the UX of Vercel. I'm a fan.
Why not just contribute in improving coffeescript rather than building another language..
Cody, just watched your video on automated email testing. If you are into efficiency and hate wasting leads, I gotta recommend FilterBounce. Their verification is so accurate, it keeps bounce rates under 1%. You get top-notch results and practically eliminate wastage.
Hey Cody, loved your video about your email newsletter app. Did you ever consider trying out FilterBounce for your verification needs? The accuracy they provide leaves other services in the dust, plus they offer 300 free email id verifications each month.
Just got done watching your latest video on automated email testing, Cody. Ever thought of giving FilterBounce a try? It is damn reliable and the accuracy blows any other verification service out of the water. Plus, they offer a free plan to get started.
Good work Cody on your latest video! As for Email Verification, FilterBounce has changed the game for me. I fear it might make some of your testing redundant, they are that good! Affordability is their middle name. Trust me, throw them into your mix.
Yo Cody, amped to see you tackling email verification in your latest. You know what could have saved you a ton of time? FilterBounce. They have an API for contact form verification that is top-notch. Never had a single issue with false positives.
us this any more useful than portainer
This is why I use Clerk, they do all this for you. 1min lived tokens
This is wayy good explanation!🫴✨
Hey Cody just wondering why you are saving refresh token in db, i understood your point for security but couldnt you just encrypt it with a secret on backend ? and put it in httponly cookie? incase of compromise you could just change the secret salt, (this might lead to many other people getting logged out though, but its a very rare case to happen)
That’s just the common convention many do. Logging everyone out because one key got leaked is enough of an issue to warrant saving each token as a separate revokable thing in a db
REMIX REMIX REMIX!!
What a great explanation.
When I first used next-auth, I hated it because of these reasons. I was wondering how everyone is advertising next-auth as a good solution. I am glad I am not the only one who thinks so.
OMG Sheesh Why?
Thank you Bro Really good❤❤
As much as I love NextAuth, I always break my head with a wall when I need a more secure way to handle authentication or some extra functionalities. We need so much work arounds to bypass their limitations that your projects turns to an authentication app. I feel like this solutions need so much time and effort to accomplish what prebuilt solutions such as Clerk or Kindle do, that is not worth it. Although they are not totally free, the free tier is more than enough to keep your app running and growing without worrying about this kind of stuff. Once you're near the free tier limit, your app should have more ways to handle the costs of this solution, or you could opt out. I personally prefer to think about those things once I truly spent time developing, rather that overthinking something that blocks the rest of the project. As a side note, when you pay for this solutions you don't only pay for "the user", but the maintenance, the constant updates and security made by a profesional team.
How I would like to do it. /auth/login - issue refresh token and acesss token Store refresh token in cookie and don't store access token at all. /auth/refresh - get new access token using, called on full page reload or if token expire on when client is still on the page. Reduce lifetime of acess token to <5min. How I like to keep track of refresh token? I create a devices table which store the info about user-agent and ip address. I put device id in refresh token. When a request for token refresh is made I check if device exist if yes then return access token.
I love Next Auth but it is a constant pain when you run into basic things it doesn't support still
The way you mitigate attack surface, is that whenever the refreshtoken is used it returns a new access token and anew refresh token invalidating the previous refresh token. So effectively if an attacker steals any, next time the real user logs in the attacker has no valid tokens. I think that is the main point of refresh token being a separate http only cookie. It is a single use token. At that point you might as well keep the access token in memory since the absence of it and the presense of a valid refresh token would guarante always being authed. This used to be the most solid solution back in the localStorage days. But I am not really sure why you need to use jwt and not just a session cookie. Not really convinced that the flexibilty exists in next auth. Lucia auth seems more promising but it has no real csrf protection which next-auth has. Really strange that nextjs in general hasn't made that functionality robust since it is nothing new and all other real full stack frameworks have it for years.
You should check into building your own auth (cognito being the easiest for me) because it gives you way more control with less code. You already know the basics by now so you'll find it much simpler.
I tried using next auth at first and absolutely hated it. Could not get it to consistently refresh tokens across sever components, server actions, client components, etc. As i have a separate backend i switched it up where the backend handles the oauth flow and refreshes tokens automatically. All I need the frontend to do is check the cookie exists. If next Middleware doesn't see the cookie or a fetch returns 401 the user hits the backend /login route. You could almost certainly set that up with route handlers too I imagine.
you can blacklist your jwt in redis thereby invalidating it
Yeah but then you need to lookup the jwt every api call. That kind of defeats the purpose of using a jwt right?
@@WebDevCody yeeah, but as far as i know this is the only option. at least redis is fast
screw this I'm switching back to database strategy. I'm not convinced using jwt strategy isn't worth the hassle when it comes to using next-auth
just ditch next-auth KEKW
I'm still not sure what the benefits are to JWT but I just swapped to it because I need to support a Credentials to support something like a yubikey and the credentials providers don't support database sessions... though I don't understand why.
I would def use if i wanted credentials based strategy i would use lucia
The benefits of the jwt show case themselves when you have large high traffic systems. As one of the main selling points is that don’t need to go to the db every round trip. Everything is encapsulated in the jwt itself. You should only need to hit to the db if you are nearing expiration and need to refresh it using a long lived token
This very week I had to reimplement our company’s auth because of how bad next-auth v5 is. We went with iron-session and rolled our own, but Lucia auth seems good.
Isn't it good to get group membership list and plan in session without adding it to JWT token?
I guess it’s fine as long as the cookie session is encrypted so that the client can’t modify it
next and next-auth is a joke, you can use it only for hello world projects. in real world scenario where you need to support auth calls to api both in browser and server its impossible to implement this in next. switched to remix and feeling good
This is a skill issue bud.
@@nickolaki care to elaborate? im evaluating nextauth and lucia but would love to hear your thoughts
@@cybor-gg Was just referring to how nickolay has changed framework because of the issues he's been having. I've kept out new upcoming auth tools for some time, lucia for instance. Not a clue, so not going to be much value to you. Clerk has been my goto for about a year and working just fine, have you looked at that?