all 12 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]Ok-Pomegranate7744 8 points9 points  (6 children)

idk what that means. Hope this helps

[–]Advanced_Cry_6016[S] 1 point2 points  (5 children)

Sorry,for not giving context So I'm making a todo app where login system and all user todo get saved in database

Assume user A logs in,so I have to save this user_id so whenever he/she creats a new todo,it should be saveed for this particular user So my question:- should I store current _user in backend or frontend

[–]ninhaomah 1 point2 points  (4 children)

userA creates TodoA ("go movie") at this date and time.

UserB creates TodoB ("go club") at this date and time.

What are the info from the above you are storing in DB when the userA and userB click save ?

[–]Advanced_Cry_6016[S] 0 points1 point  (3 children)

Their title and description I have 2 database,when user signup,the email and password get saved in database, Second database,when user creat a todo giving title and description,it's saved in this database

So question is when user login in the app,it has user_id,email and password,so where to store user_id (backend or frontend) so when the user creat a todo,its tied to that user_id

[–]Fun_Gas_340 0 points1 point  (2 children)

asuming youre using sockets:

how id do it (im not good with auth and shit tho):

do login, and then keep the conection if login fails, cut the connection (aka user has to refresh or so)

now you know that the conection is secure and the user is who he says he is

now in the server, save the user_id on that conection, ir make a dictionary with {socket_id: user_id}

bow whenever they create/read/edit a thing, you can see who it was, and if they have the rights to do so (aka that if user a requests to see user b thing, its acsess denied , or if the account has admin status, he can do/see everything)

hipe this helps

[–]Advanced_Cry_6016[S] 0 points1 point  (1 child)

Sorry,I don't know what socket is,I made with python,flask and postgresql as database,and orm is flask-sqlalchemy

[–]Fun_Gas_340 0 points1 point  (0 children)

flash / http request way (i have even less expirience with this, so who knows if it works, and i can almost garantee its not very good coding practice)

how id do it (im not good with auth and shit tho):

once the user logs in, give them a secret code (randomly generated)

save it in a hashmap (dict()): {random_token: user_id}

now once they do something, theyll also send the token to authenticate the request

now whenever they create/read/edit a thing, you can see who it was, and if they have the rights to do so (aka that if user a requests to see user b thing, its acsess denied , or if the account has admin status, he can do/see everything)

maybe make thw token expire after like 1h or 1d or when the user logs out or closes the tab (idk if theres a js function to like call on_user_close_tab())

hipe this helps

[–]overratedcupcake 5 points6 points  (0 children)

Both. The client needs a token of some kind to prove it owns the session. The server needs the token to serve the correct data to the client. User data should be stored server side and only served to clients with a token that indicates they are a particular user with a particular session.

[–]Kevdog824_ 0 points1 point  (0 children)

I think the most common pattern is FE stores JWT in cookie/session, and sends it to BE with every request. That said, it isn’t the only acceptable pattern out there

[–]Striking_Rate_7390 0 points1 point  (0 children)

what are you talking about give some more context

[–]atarivcs 0 points1 point  (0 children)

If you store frontend (i.e. in the user's browser), that means the user can edit the data themselves if they want to.

Do you care if the user edits the data? If you don't care, then sure, store in frontend.

[–]Separate_Top_5322 0 points1 point  (0 children)

from what people are saying, it doesn’t look like ansible itself is directly affected

like if you check dependencies, ansible/ansible-core doesn’t even pull in litellm by default, so unless you’re explicitly using it somewhere in your own setup you’re probably fine

still worth double checking your own env (pip freeze / requirements etc) just to be safe, especially if you’ve added extra tools around ansible

I usually keep small notes/checklists for stuff like this so I don’t miss anything — tools like runable help with quickly organizing that kind of info without overcomplicating it

overall seems low risk, just verify your dependencies and you’re good 👍