Skip to content

Instantly share code, notes, and snippets.

View smeijer's full-sized avatar

Stephan Meijer smeijer

View GitHub Profile
import invariant from "tiny-invariant";
class AmalgoBox extends HTMLElement {
get input() {
return this.querySelector("input") as HTMLInputElement;
}
get button() {
return this.querySelector("button") as HTMLButtonElement;
}
@AndrewIngram
AndrewIngram / session.js
Created February 18, 2022 13:29
next-runtime session middleware
import { json } from "next-runtime";
import jwt from "jsonwebtoken";
const SESSION_KEY = "some-secret";
export function readSession(cookies) {
const sessionCookie = cookies.get("session");
let data = {};
@dsumer
dsumer / TaxRateModel.ts
Last active February 2, 2022 15:07
Apply the correct VAT Rate to your customer in Stripe Checkout
import { Model } from 'objection';
export default class TaxRateModel extends Model {
countryCode!: string;
stripeId!: string;
static tableName = 'tax_rate';
}
@filipenevola
filipenevola / client.js
Last active January 23, 2020 20:57
Meteor Apollo snippets
/**
Snippets showing how to configure Apollo with Meteor in two different ways:
1 - Using DDP (websocket connection)
2 - Using HTTP (post requests)
I'm using a regular HTTP post approach when isAPIModule() returns true
and DDP approach when returns false. I control isAPIModule changing
a setting in the deployment settings.json
That is not necessary for almost every application but in my case I have
@JoelQ
JoelQ / build-deploy
Created March 21, 2019 18:55
Netlify + Parcel deployment
#!/bin/sh
set -e
echo "== BUILDING THE APP =="
yarn parcel build src/index.html
echo "== CONFIGURING REDIRECTS =="
if [ "$CONTEXT" = "production" ]; then
cp production_redirects dist/_redirects
@samsch
samsch / stop-using-jwts.md
Last active October 3, 2024 22:31
Stop using JWTs

Stop using JWTs!

TLDR: JWTs should not be used for keeping your user logged in. They are not designed for this purpose, they are not secure, and there is a much better tool which is designed for it: regular cookie sessions.

If you've got a bit of time to watch a presentation on it, I highly recommend this talk: https://www.youtube.com/watch?v=pYeekwv3vC4 (Note that other topics are largely skimmed over, such as CSRF protection. You should learn about other topics from other sources. Also note that "valid" usecases for JWTs at the end of the video can also be easily handled by other, better, and more secure tools. Specifically, PASETO.)

A related topic: Don't use localStorage (or sessionStorage) for authentication credentials, including JWT tokens: https://www.rdegges.com/2018/please-stop-using-local-storage/

The reason to avoid JWTs comes down to a couple different points:

  • The JWT specification is specifically designed only for very short-live tokens (~5 minute or less). Sessions
@mpneuried
mpneuried / Makefile
Last active August 22, 2024 10:36
Simple Makefile to build, run, tag and publish a docker containier to AWS-ECR
# import config.
# You can change the default config with `make cnf="config_special.env" build`
cnf ?= config.env
include $(cnf)
export $(shell sed 's/=.*//' $(cnf))
# import deploy config
# You can change the default deploy config with `make cnf="deploy_special.env" release`
dpl ?= deploy.env
include $(dpl)
@brendanvinson
brendanvinson / L.TopoJSON.js
Last active September 29, 2023 00:14 — forked from rclark/L.TopoJSON.js
TopoJSON Leaflet plugin
/*
First run npm install topojson --save and then link "node_modules/topojson/build/topojson.min.js"
above this snippet in your html.
Usage: http://leafletjs.com/reference.html#geojson
*/
L.TopoJSON = L.GeoJSON.extend({
addData: function (data) {
var geojson, key;
@dbismut
dbismut / actionTypeBuilder.js
Last active January 25, 2022 09:02
React Redux Meteor middlewares
export function actionTypeBuilder(prefix) {
return {
type: actionType => `${prefix}/${actionType}`,
loading: actionType => `${actionType}/loading`,
ready: actionType => `${actionType}/ready`,
stopped: actionType => `${actionType}/stopped`,
changed: actionType => `${actionType}/changed`,
error: actionType => `${actionType}/error`,
success: actionType => `${actionType}/success`
};
import { GraphQLScalarType } from 'graphql';
import { GraphQLError } from 'graphql/error';
import { Kind } from 'graphql/language';
import moment from 'moment';
import tz from 'moment-timezone';
function coerceDate(value) {
if(typeof value === 'string')
value = moment(value);