Skip to content

Instantly share code, notes, and snippets.

View vesan's full-sized avatar

Vesa Vänskä vesan

140 followers · 105 following
View GitHub Profile
@amkisko
amkisko / _slack_button.html.erb
Last active August 24, 2023 13:36
Slack oauth2 omniauth devise implementation
<%=
button_to(omniauth_authorize_path(resource_name, provider),
method: :post,
style: "margin:1rem;align-items:center;color:#fff;background-color:#4A154B;border:0;border-radius:48px;display:inline-flex;font-family:Lato, sans-serif;font-size:16px;font-weight:600;height:48px;justify-content:center;text-decoration:none;width:256px",
"data-turbo": false) do
%>
<svg
xmlns="http://www.w3.org/2000/svg"
style="height:20px;width:20px;margin-right:12px"
viewBox="0 0 122.8 122.8"
@windoverwater
windoverwater / of-cross-link-2-objects.omnifocusjs
Last active September 10, 2024 19:02
Multi-select Omnifocus to Obsidian project/task copy
@kaspth
kaspth / object_proxy.rb
Created June 10, 2023 14:42
Making Ruby better at object proxying, so we don't need to add `user_name` etc. for Law of Demeter.
class Object::Proxy < SimpleDelegator
def initialize(object, **values)
super(object)
@values = values
end
def method_missing(name, ...)
@values.fetch(name) { super }
end
end
@tannerlinsley
tannerlinsley / README.md
Last active June 12, 2023 10:19

This middleware does a few interesting things:

  • Ensures a url shape in the zustand store, where we'll store URL information.
  • Assumes we will be storing our url state slice in the ?state search parameter after it has been stringified and base 64 encoded.
  • On creation, decodes stores state from the ?state search parameter into the url slice of our store.
  • After each state update, updates the ?state search parameter with the new url state slice.
  • Sets up an event listener that listens for popstate and re-decodes the state from the URL into our store.
@gaearon
gaearon / 00-README-NEXT-SPA.md
Last active October 14, 2025 04:17
Next.js SPA example with dynamic client-only routing and static hosting

Next.js client-only SPA example

Made this example to show how to use Next.js router for a 100% SPA (no JS server) app.

You use Next.js router like normally, but don't define getStaticProps and such. Instead you do client-only fetching with swr, react-query, or similar methods.

You can generate HTML fallback for the page if there's something meaningful to show before you "know" the params. (Remember, HTML is static, so it can't respond to dynamic query. But it can be different per route.)

Don't like Next? Here's how to do the same in Gatsby.

@amkisko
amkisko / application_view_record.rb
Last active October 15, 2023 08:44
Rails application view record for using pure sql files as source of base query for the model
# AUTHOR: Andrei Makarov (github.com/amkisko)
class ApplicationViewRecord < ApplicationRecord
self.abstract_class = true
def self.attribute_names
@attribute_names ||= attribute_types.keys
end
def self.load_schema!
@motoyasu-saburi
motoyasu-saburi / lack_escape_content-disposition_filename.md
Last active March 4, 2025 05:49
Land Mine named "Content-Disposition > filename"

TL;DR

  • I found 1 browser, 1 language, and 15 vulnerabilities in { Web Framework, HTTP Client library, Email library / Web Service, etc }
  • All the vulnerabilities I found were found from a single perspective (I investigated maybe 50-80 products).
  • The RFC description of the problem (rather confusingly) describes the requirements for this problem, while the WHATWG > HTML Spec is well documented.
  • The problem is clearly targeted at the Content-Disposition fields filename and filename*.
  • This problem affects HTTP Request/Response/Email in different ways.
    • HTTP Request : request tampering (especially with file contents, tainting of other fields, etc.)
    • HTTP Response : Reflect File Download vulnerability
  • Email : Attachment tampering (e.g., extension and filename tampering and potential file content tampering)
@amkisko
amkisko / form.html.erb
Last active December 15, 2022 09:07
leaflet osm address search and reverse coordinates lookup with stimulus for Rails
<div data-controller="address-form">
<%= simple_form_for(address, url: address_path(address)) do |f| %>
<%= f.text_field :address, "data-address-form-target" => "address" %>
<%= f.hidden_field :address_lon, "data-address-form-target" => "addressLon" %>
<%= f.hidden_field :address_lat, "data-address-form-target" => "addressLat" %>
<div data-address-form-target="addressMapContainer" style="width: 500px; height: 500px; margin-left: -3.6rem;"></div>
<%= f.button :submit %>
<% end %>
</div>
@amkisko
amkisko / cleanup_apollo_schema_variants.rb
Last active November 24, 2022 15:01
Apollo Studio graph variants cleanup script (uses git branches for matching existing variants)
#!/usr/bin/env ruby
# USAGE:
# APOLLO_SCHEMA_KEY=service:... APOLLO_SCHEMA_NAME=Project-Name ./cleanup_apollo_schema_variants.rb
require "pry"
require "uri"
require "json"
require "net/http"
@shawnmclean
shawnmclean / rss-contentful.js
Created November 2, 2022 00:24
Spotify Podcast RSS to Contentful Migration
import { env } from "process";
import * as Parser from "rss-parser";
import slufigy from "slugify";
import * as Contentful from "contentful-management";
import { htmlToText } from "html-to-text";
const client = Contentful.createClient({
accessToken: env.ACCESS_TOKEN,
});