Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API

From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Search - "token"
-
Fuck the memes.
Fuck the framework battles.
Fuck the language battles.
Fuck the titles.
Anybody who has been in this field long enough knows that it doesn't matter if your linus fucking torvalds, there is no human who has lived or ever will live that simultaneously understands, knows, and remembers how to implement, in multiple languages, the following:
- jest mocks for complex React components (partial mocks, full mocks, no mocks at all!)
- token cancellation for asynchronous Tasks in C#
- fullstack CRUD, REST, and websocket communication (throw in gRPC for bonus points)
- database query optimization, seeding, and design
- nginx routing, https redirection
- build automation with full test coverage and environment consideration
- docker container versioning, restoration, and cleanup
- internationalization on both the front AND backends
- secret storage, security audits
- package management, maintenence, and deprecation reviews
- integrating with dozens of APIs
- fucking how to center a div
and that's a _comically_ incomplete list; barely scratches the surface of the full range of what a dev can encounter in a given day of writing software
have many of us probably done one or even all of these at different times? surely.
but does that mean we are supposed to draw that up at a moment's notice some cookie-cutter solution like a fucking robot and spit out an answer on a fax sheet?
recruiters, if you read this site (perhaps only the good ones do anyway so its wasted oxygen), just know that whoever you hire its literally the luck of the draw of how well they perform during the interview. sure, perhaps some perform better, but you can never know how good someone is until they literally start working at your org, so... have fun with that.
Oh and I almost forgot, again for you recruiters, on top of that list which you probably won't ever understand for the entirety of your lives, you can also add writing documentation, backup scripts, and orchestrating / administrating fucking JIRA or actually any somewhat technical dashboard like a CMS or website, because once again, the devs are the only truly competent ones - and i don't even mean in a technical sense, i mean in a HUMAN sense of GETTING SHIT DONE IN GENERAL.
There's literally 2 types of people in the world: those who sit around drawing flow charts and talking on the phone all day, and those WHO LITERALLY FUCKING BUILD THE WORLD
why don't i just run the whole fucking company at this point? you guys are "celebrating" that you made literally $5 dollars from a single customer and i'm just sitting here coding 12 hours a day like all is fine and well
i'm so ANGRY its always the same no matter where i go, non-technical people have just no clue, even when you implore them how long things take, they just nod and smile and say "we'll do it the MVP way". sure, fine, you can do that like 2 or 3 times, but not for 6 fucking months until you have a stack of "MVPs" that come toppling down like the garbage they are.
How do expect to keep the "momentum" of your customers and sales (I hope you can hear the hatred of each of these market words as I type them) if the entire system is glued together with ducktape because YOU wanted to expedite the feature by doing it the EASY way instead of the RIGHT way. god, just forget it, nobody is going to listen anyway, its like the 5th time a row in my life
we NEED tests!
we NEED to know our code coverage!
we NEED to design our system to handle large amounts of traffic!
we NEED detailed logging!
we NEED to start building an exception database!
BILBO BAGGINS! I'm not trying to hurt you! I'm trying to help you!
Don't really know what this rant was, I'm just raging and all over the place at the universe. I'm going to bed.20 -
micromanager: "Quick and easy win! Please have this done in 2-3 days to start repairing your reputation"
ticket: "Scrap this gem, and implement your own external service wrapper using the new and vastly different Slack API!"
slack: "New API? Give me bearer tokens! Don't use that legacy url crap, wth"
prev dev: "Yeah idk what a bearer token is. Have the same url instead, and try writing it down so you don't forget it?"
Slack admin: "I can't give you access to the slack integration test app, even though it's for exactly this and three others have access already, including your (micro)manager."
Slack: "You can also <a>create a new slack app</a>!" -- link logs me into slack chat instead. After searching and finding a link elsewhere: doesn't let me.
Slack admin: "You want a new test slack app instead? Sure, build it the same as before so it isn't abuseable. No? Okay, plan a presentation for it and bring security along for a meeting on Friday and I'll think about it. I'm in some planning meetings until then."
asdfjkagel.
This job is endless delays, plus getting yelled at over the endless delays.
At least I can start on the code while I wait. Can't test anything for at least a week, though. =/18 -
On the presentation for my database project my team and I showed a NodeJS + Mongo + VueJS project with cloud storage capability, nothing fancy but did everything from scratch (from token auth and system encryption to the frontend CSS and the database) the teacher made some questions and meh'd at it.
Behold team two's project, WordPress with a standard template and phpMyAdmin, teacher loves it because "it's so beautiful"
Guess who just failed that class?
God I love college, it's the best time investment I've ever done and it'll surely pay out.12 -
Well, for starters there was a cron to restart the webserver every morning.
The product was 10+ years old and written in PHP 5.3 at the time.
Another cron was running every 15 minutes, to "correct" data in the DB. Just regular data, not from an import or something.
Gotta have one of those self-healing systems I guess.
Yet another cron (there where lots) did run everyday from 02:00 to 4ish to generate the newest xlsx report. Almost took out the entire thing every time. MySQL 100%. CPU? Yes. RAM? You bet.
Lucky I wasn't too much involved at the time. But man, that thing was the definition of legacy.
Fun fact: every request was performed twice! First request gave the already logged-in client an unique access-token. Second request then processed the request with the (just issued) access-token; which was then discarded. Security I guess.
I don't know why it was build this way. It just was. I didn't ask. I didn't wanted to know. Some things are better left undisturbed. Just don't anger the machine. I became superstitious for a while. I think, in the end, it help a bit: It feels like communicating with an alien monster but all you have is a trumpet and chewing gum. Gentle does it.
Oh and "Sencha Extjs 3" almost gave me PTSD lol (it's an ancient JS framework). Followed by SOAPs WSDL cache. And a million other things.6 -
Hope you survived the Monday;)
As I promised, I’d like to post my comic series “Destory” here regularly.
A story about two devs and their funny but serious project, on the hype technology - the blockchain.7 -
Web3 truly is a fucked up space. All of the fuckertry happening over here is out of control. Literally a dystopian shithole of scams frauds crimes theft and ponzi schemes.... As much as i try to defend web3 since im a web3 dev it's getting real fuckin hard. The more i work in this space the more i understand economics and how all of this shitshow flows.
Without diving into details, I'll tell you right now from a very deep economic perspective: i realized that all of these cryptos are just.. shams, quasi buzz words to keep the "investors" giving them money. Essentially like wolf of wallstreet scams mixed with bernard madoff multi billion dollar ponzi schemes. The "investors" earn a lot of money.... But on paper! As unrealized gains. And by the time they are able to withdraw their money, that money becomes worthless because of insufficient liquidity in the pool that has been drained from top to bottom of the pyramid. So the only person truly getting filty rich is the one on top of this pyramid - the founders!
After the FTX disaster that happened 2 days ago the prices of ALL coins dropped drastically and it isnt stopping. So much for your glorified "decentralization" 😹😹😹😹😹
How can something be decentralized if its enough for 1 influential man to tweet some shit and the company/token price value drops or increases within minutes? In this case the whole of crypto got sliced by 1 influential man... Again. It's only a matter of time until someone else goes bankrupt and cycle repeats... Again.15 -
Hello fellow devRanters, look what I found in our API constants on this fine day!
LIST_USERS: '/api/GetUsers',
USERS_WITH_QUERY:'/api/GetUsers?Query=',
MORE_USERS: '/api/GetUsers?Token=',
You get what you pay for, you get what you pay for, you get what you- AAAAAAAAAAAAAAAAAAAARRRGGGGG!!!!!!!!!7 -
Hey here we go:)
My first comic series - “DevStory”
A story of two devs aiming at changing the world’s impact about cryptos by their own token project.
Bugs, cheap scammers, money, flying unicorns and a lot of laughs!
(Episode 1)26 -
ComputerToucher: *opens Jira ticket* Dev team needs tokens for the APM for a new app with multiple tenants. Ezpz. Hey, developer. Do you want one golden token for all of your app tenants or would you like us to generate one token for each?
Developer: Let’s have a meeting to discuss it.
CT: It’s…an exceedingly simple question. One token or 4? Which does your app support?
Dev: Yeah I think we should discuss with this with the platform team, can you set up the call?
CT: (Internally) I am the platform team? Do you not know how your applica-never mind I’ll just ask the PM directly.
CT (in chat): I’ll ask PM to schedule the call.
*Goes back to Jira ticket, changes priority to 4, removes ticket from sprint entirely, picks something else to work on*6 -
Follow up to: https://devrant.com/rants/5047721/....
1- The attacker just copy pasted its JWT session token and jammed requests on the buy gift cards route
2- The endpoint returns the gift card to continue the payment process, but the gift card is already valid
3- Clients wants only to force passwords to have strong combinations
4- Talk about a FIREWALL? Only next month
5- Reduce the token expiration from 3 HOURS to 10 minutes? Implement strong passwords first
6- And then start using refresh tokens
BONUS: Clearly someone from inside that worked for them, the API and database password are the same for years. And the route isn't used directly by the application, although it exists and has rules that the attacker kows. And multiple accounts from legit users are being used, so the person clearly has access to some internal shit7 -
Morning there:)
To everyone who’s enjoying / doesn’t but is going to enjoy ( ̀⌄ ́) the DevStory:
here we go, with the third episode.
Leave a comment below and tell me your “dev stories” :)11 -
How is the shopify developer experience actually so bad.
Shopify Buy JS docs suck
Product ID's are inconsistent
Token management is not built into GUI2 -
Project with partner company, during the meeting I asked them how can we secure the communication between two services. I suggested api keys, tokens. They were like nope, no need. But I asked them for their IPs to do whitelisting on our side in Nginx.
But their side, nah not even whitelisting, no tokens, no validations. If one has address, can send anything from anywhere.
How hard would it be to do at least, AT LEAST simple token validation. And they are using the very old IIS server. I think for them as long as data flows in as expected, it is fine.3 -
Started writing a parser for moonscript. Because I want to do my own syntax highlighting and error support.
I'm sorry, but was this supposed to difficult? Every article I read claimed this was gonna be some impossible feat of herculean effort. I half dreaded it, the other half was kinda elated.
Only it didnt live up to the hype. The tokenizer is a glorified character stream. The lexer is little more than a tokenizer, and the "most complicated" bit is nothing but a fancy transformation of the token output into a tree.
I'm completely to new parsers proper and semantic checking and maybe that's why it seemed easy, but I dont see what all the forewarning in tutorials were ever about.4 -
Can we take a moment to recognize how absolutely retarded JS' event system is?
Events aren't objects. No, they're managed by an object, and identified by a string.
To subscribe to an event, you call object.addEventListener(name, callback). Because for some reason we can't just have an event object. Events MUST have an owner.
But to unsubscribe you don't call the function addEventListener returned, you don't use the token it returned either. No, you pass the same function to removeEventListener.
Because we don't use serializable tokens like in PP, and we don't return functions like in FP, no, we use functions as tokens, realising idiomatic DFP.2 -
i don't understand what would be termed as "relaxing" for me.
when i was in college , i watched a lot of movies on romance, bromance and friendship. being from a very angry , isolated family with bitter relationships from relatives, we had almost 0 people to interact with.
i personnally was also very different from society and struggled making friends.
as of now i did have somewhat come over this problem and have a good number of "known people" (atleast 500+) that i can categorise into'
- A just people with whom i shared a situation( college, office, tutions)
-B people with whom i have spent my free times in those situations (aka friends, and free time = lunch breaks, seat sharing, projects with them, etc)
-C people with whom i spent some time willingly( aka close friends from college, tutions and home, with whom i played cricket, went on partying/touring places , etc)
-D people whom i liked but never got a love back( aka girls to whom i told i like them. they mostly belonged to category C but eventually went to category A)
previously the category C people were special for me and i would weave my life around them. like all those bromance and friendship movies? these are the guys with whom i would do that. world tours and awesome weird shit? these people will be their in the pic... i would wish them on birthdays, i will call them every few days, go meet with them , have a bite, plan trips, movies , etc...
but today i feel am so done with everyone. i feel like everyone is so fake and forgetful, no one is worth my attention. i can easily forget wishing them birthdays or calling/meeting them every few weeks, because i don't want to or care about it.
friendship , from what i have realised, is just a means of dealing with a task in a group. it just provides a herd immunity and herd advantage . and once you learn how to survive alone, you don't really see a point in it. after coming out of college i was alone in the world, as my friends were from different fields. before college, i thought these were the guys with whom we will be living as F.R.I.E.N.D.S, not just in terms of relation, but rather in a symbiotic way: each one helping each other.
today, i feel criingy just thinking about it.
no friend will remember you for more than a year if you die now. everyone will move on. and in the struggling phase that me and my friends are right now (20-30s), we don't even need to die to forget our friendships.
my so called friends have wished me less on my birthdays than the lifeless apps i have on my phone.
so neither i am expecting someone to do something for me, nor do i think i want to do anything with anyone
------
so back to the problem, i don't know how will i find some relax or meaningful time anymore.
i am always up for trips and one of the first person to say yes to plans.
once upon a time i had this realisation that in a trip, we can enjoy 3 things:
1. the people with whom we are
2. the place we are visiting : the locals, the foods, the nature
3. the mode of travel : car on highways, bikes or flights above the clouds , or some memorable train journeys, etc.
but lately so even that seems to be not working out.
- the people are shit
- places feel like somewhat same everywhere . it's either : rocks/mountains or snow or water or buildings and population. it's just a temporary change of scenary and doesn't really gives a feeling of peace. same for mode of transport.
if i rule the going out part, the things that remains is to enjoying your job, home family and daily life. that i do , but that's the thing that creates an environment of "bored-out"-ism in my mind.
i don't know what i am looking for. the only thing i have not experienced is that class D of people. to have a token of faith/respect/appreciation/love from a non blood related person. to have someone with home i will not feel "bored out" when am planning a journey with them.
mathematically , it seems so far fetched and crazily impossible. like if get bored out and loose trust on people whom i shared most of my life after 50-60 meets, how can i be not bored, and be unhappy with a person to whom i have to see each day?
but since this happens for most of the couples, i will say the mind is the biggest and the most fantasizing mystery of human body ❤️ 💔6 -
Haven't pushed anything to my github repos for over a year. Tried it today and it took me FOURTY FUCKING MINUTES to figure out this Personal Access Token HORSESHIT.
FUCK YOU GITHUB, why must every aspect of software development become spoiled by PARANOID FUCKING FUCKWEASELS?5 -
Interview question i had:
- how does jwt work under the hood, where is it stored, what 3 parts is it made of, who creates jwt, how does the server know what information the jwt token has (how can it say oh you're Joe you can login now)
- what is the difference between observable and promise in typescript, how does observable work, what is a stream, what is the difference between fetching data through an observable and fetching data with promise and when should we use one over the other, what does .next() funcrion do in observable under the hood
Answer me these questions without googling8 -
Cisco Anyconnect can blow me.
I go through the process of connecting to the vpn, username, password, token.
Then it has its pop up "respond to the banner to connect" and I click accept . . . and it does nothing.
So I go through the process again. And this time it says connected
But now I still can't connect to any of my companies sharepoint, SQL servers, Azure Devops, JIRA, etc
And the only solution to that is a reboot.
And this happens swear to god at least every other day.
Like good lord, if I put in my credentials and they pass authentication/authorization, let me do my goddamn work.4 -
Getting the angular interceptor working the way I want has proven to be a pain for me. I try to update an auth token, which returns a promise that has to be transformed to an observable again. based on that, redirect to a login page, in case of 401. But nothing works! Either infinite page reload because of the login() promise function of the auth provider or no reaction at all after a router redirect. 😤4
-
What did I do while down for the count with Covid?
* Setup a static React site
* Hosted the site at Cloudflare Pages
* Protected the page through CF access
* Extracted the JWT
* Setup a Rails API to validate the token
Now I have static React UIs with a nice rich API backend.2 -
Me: Hey I haven't used these repos/tokens/files in a while, let's remove them to clear up some space
Day later, a colleague: Hey Alex, could you update this repo/token/file?
EVERY FUCKING TIME1 -
> * npm login *
> puts everything right, uses token because of OTP
> npm login fails: incorrect user or password
you know what, fuck you5 -
Sometimes while working I find a subproblem that is isolated from the original problem domain, for example token renewal in an RTR authentication system. I take note of what I've been working on, clear my head of the broader problem write an exact specification of the subproblem. Then I code to that specification. The result is usually a self-contained open-source module which continues to improve my pace of work for years to come.
-
Fucking taiga wasting my day.
Client asked to set up a private taiga (taiga.io, some open source Jira alternative).
All goes fine and dandy until you need to link domain user creation to taiga user creation.
Seems I have to choose between having public registration (allows to programmatically create users, but also randoms to sign up) or use their private registry API that asks for a fucking token that is supposed to be returned from their membership/invitation API, that, guess what, doesn't return any bloody token. You can only get the token on the Django admin control panel.
Guess I'll have to end setting up LDAP or integrating with their existing gitlab, but this gig is already starting to smell, and we are close to the weekend 😡1 -
hey, so i have recently started learning about node js and express based backend development.
can you suggest some good github repositories that showcase real life backend systems which i can use as inspiration to learn about the tech?
like for eg, i want to create a general case solution for authentication and profile management : a piece of db+api end points + models to :
- authenticate user : login/signup , session expire, o auth 2 based login/signup, multi account login, role based access, forgot password , reset password, otp login , etc
- authorise user : jwt token authentication, ip whitelisting, ssl pinning , cors, certificate based authentication , etc (
- manage user : update user profile, delete user, map services , subscriptions and transactions to user , dynamic meta properties ( which can be added/removed for a single user and not exactly part of main user profile) , etc
followed by deployment and the assoc concepts involved : deployment, clusters, load balancers, sharding ,... etc
----
these are all the buzzwords that i have heard that goes into consideration when designing a secure authentication system for a particular large scale website like linkedin or youtube. am not even sure how many of these concepts would require actual codelines and how many would require something else.
so wanted inspiration from open source content to learn about it in depth, replicate and create new better stuff if possible .
apart from that, other backend architectures like video/images storage system, or just some server for movie, social media, blog website etc would also help.2 -
Trying to make a nodejs backend is pure hell. It doesn't contain much builtin functionality in the first place and so you are forced to get a sea of smaller packages to make something that should be already baked in to happen. Momentjs and dayjs has thought nodejs devs nothing about the fact node runtime must not be as restrained as a browser js runtime. Now we are getting temporal api in browser js runtime and hopefully we can finally handle timezone hell without going insane. But this highlights the issue with node. Why wait for it to be included in js standard to finally be a thing. develop it beforehand. why are you beholden to Ecma standard. They write standards for web browser not node backend for god sake.
Also, authentication shouldn't be that complicated. I shouldn't be forced to create my own auth. In laravel scaffolding is already there and is asking you to get it going. In nodejs you have to get jwt working. I understand that you can get such scaffolding online with git clone but why? why express doesn't provide buildtin functions for authentication? Why for gods sake, you "npm install bcrypt"? I have to hash my own password before hand. I mean, realistically speaking nodejs is builtin with cryptography libraries. Hashmap literally uses hashing. Why can't it be builtin. I supposed any API needed auth. Instead I have to sign and verfiy my token and create middlewares for the job of making sure routes are protected.
I like the concept of bidirectional communication of node and the ugly thing, it's not impressive. any goddamn programming language used for web dev should realistically sustain two-way communication. It just a question of scaling, but if you have a backend that leverages usockets you can never go wrong. Because it's written in c. Just keep server running and sending data packets and responding to them, and don't finalize request and clean up after you serve it just keep waiting for new event.
Anyway, I hope out of this confused mess we call nodejs backend comes clean solutions just like Laravel came to clean the mess that was PHP backend back then.
Express is overrated by the way, and mongodb feels like a really ludicrous idea. we now need graphql in goddamn backend because of mongodb and it's cousins of nosql databases.7 -
There's no official integration (package) for JWT in Java Spring?
I am new to Java Spring and want to create a simple RESTful server with JWT auth. Checked many tutorials, all of them involved creating your own JWT middleware to retrieve JWT token from incoming request and validate it using some 3rd party JWT library like jwtk/jjwt.
I am surprised this is not as simple as including a Spring JWT package and it would work out of box. I used to write a similar site using Python/Django, and for that adding JWT support is quite simple as adding "xxx.middleware.JWTAuthMiddleware".1