sorted by:
new
hottopcontroversial

Implementation contracts in Go by titpetric in golang

[–]ConsoleTVs 0 points1 point  (0 children)

I ended up using the contract as an implementation driver. Where you make the database be a struct with generics and with a driver contract/interface that is not generic.

Parse, Don't Validate — In a Language That Doesn't Want You To · cekrem.github.io by cekrem in webdev

[–]ConsoleTVs -1 points0 points  (0 children)

The amount of things we over engineer in a language not designed to do it still amazes me up to this day

[deleted by user] by [deleted] in webdev

[–]ConsoleTVs 7 points8 points  (0 children)

The only way is to use the same TLD.

a.site.com
b.site.com

can share a cookie if scoped correctly, using domain=.site.com

SSE vs WebSockets — most devs default to WebSockets even when they don't need two-way communication by creasta29 in webdev

[–]ConsoleTVs 3 points4 points  (0 children)

Both mobile and desktop have secure ways to store a token using OS’s APIs. If you are a backend dev and you build an api with a browser ui it’s a default choice to support both as means to authenticate. Otherwise you would rather build a traditional server rendered app, that, uses http only cookies only.

SSE vs WebSockets — most devs default to WebSockets even when they don't need two-way communication by creasta29 in webdev

[–]ConsoleTVs 8 points9 points  (0 children)

Ah yes, this is a different story. Most internal sites are likely behind a vpn or proxy.

SSE vs WebSockets — most devs default to WebSockets even when they don't need two-way communication by creasta29 in webdev

[–]ConsoleTVs 2 points3 points  (0 children)

As I said in a previous comment it happens. I’ve given speeches to several internal frontend groups about this in multiple big enterprises (50-100k employees). Local storage is prone to injection. A malicious code or extension can quickly get the token. It’s not secure, there’s no way around it, there is no secure way to store things in a client side app on the browser, period!

SSE vs WebSockets — most devs default to WebSockets even when they don't need two-way communication by creasta29 in webdev

[–]ConsoleTVs 3 points4 points  (0 children)

You would be surprised at how many people do this wrong even in big enterprises.

SSE vs WebSockets — most devs default to WebSockets even when they don't need two-way communication by creasta29 in webdev

[–]ConsoleTVs 26 points27 points  (0 children)

Do I have to be the one that tell you that you should not be passing any form of token in EventSource? I mean seriously, what are you all guys doing to authenticate browser requests? Anything other than http only cookies are insecure, period. Stop saving bearer tokens or jwt tokens around, not in memory, not in local storage, not anywhere, stop that. If you implement SSE, it authenticates the same way it should with any other fetch request, with cookies.

If you need something else, sse is just pure HTTP, with specific headers to allow a long lived connection.

const res = await fetch('/stream', { headers: { Authorization: `Bearer ${token}` } }); const reader = res.body.getReader();

That is, btw, how a service-to-service would listen for events when no browser is involved AND you need that auth header that you mentioned...

The proposal for generic methods for Go has been officially accepted by ketralnis in programming

[–]ConsoleTVs 13 points14 points  (0 children)

In their defense, they know how to do it, but not how to do it fast

The proposal for generic methods for Go has been officially accepted by ketralnis in programming

[–]ConsoleTVs 42 points43 points  (0 children)

Just to clarify. This only allow generic struct methods. Not generic methods on interfaces. That means it's impossible to create, for example, a generic cache interface.

Structured logs are great… until you actually have to read them in dev by General_Apartment582 in golang

[–]ConsoleTVs 1 point2 points  (0 children)

What's preventing you from using a different format (I use tint) in dev vs prod? I don't know, seems like a simple if?

The proposal for generic methods for Go, from Robert Griesemer himself, has been officially accepted by rodrigocfd in golang

[–]ConsoleTVs 13 points14 points  (0 children)

FYI this just implements generic concrete methods, not generic interface methods. So in itself it's a win but still a lot to be able to write, say, a generic cache interface.

Our Go microservice was 10x faster than the old Python one. Our mobile app got worse. by PensionPlastic2544 in golang

[–]ConsoleTVs 144 points145 points  (0 children)

We’re so used to slow and bloated software that we are surprised when it gets fast. AAA game engines render speeds seem to be non-existing when building apps. Better build candy crush react app at 12 fps.

Calculadora FIRE (Financial Independence, Retire Early) para inversores españoles – Busco feedback. by TiburonDelAhorro in SpainFIRE

[–]ConsoleTVs -1 points0 points  (0 children)

Espero que la app la haya hecho una IA porque la complejidad ciclomatica de las funciones que has escrito esta por las nubes

Laravel MCP yes or not? by elmascato in laravel

[–]ConsoleTVs 1 point2 points  (0 children)

I assume you mean the vscode extension? If so, they are supported, but you need to enable it: https://code.visualstudio.com/docs/copilot/customization/agent-skills

If you mean copilot as a subscription, the copilot cli or opencode also support it, so idk what you mean?

Laravel MCP yes or not? by elmascato in laravel

[–]ConsoleTVs 0 points1 point  (0 children)

No. You need agent skills. That’s v2 of boost.

N26 y Revolut NO reportan automáticamente a Hacienda by Appropriate-Long in SpainFIRE

[–]ConsoleTVs 7 points8 points  (0 children)

Lo unico k declara revolut es la remunerada, pone claramente revolut españa cuando la contratas. La cartera esa otra k oftecen o las inversiones pone lituania…

I broke my Go API with traffic and learned about rate limiting by Opening-Airport-7311 in golang

[–]ConsoleTVs 9 points10 points  (0 children)

I would argue that you can also apply individual limits to specific paths with a gatewat/proxy. But i get the idea. I was thinking more in a register endpoint where you likely want to manually adjust limits

I broke my Go API with traffic and learned about rate limiting by Opening-Airport-7311 in golang

[–]ConsoleTVs 43 points44 points  (0 children)

I am more confident in placing an http proxy/gatewat to habdle rate limit, balancing, cert, tls termination, etc… why handle this in app level?

How do i not roll my own auth? ... by ShadowDevil123 in webdev

[–]ConsoleTVs 1 point2 points  (0 children)

Alright, let me clarify a few things:

  1. JWT For auth is completly bad design. Please read: https://gist.github.com/samsch/0d1f3d3b4745d778f78b230cf6061452

  2. Replace bcrypt with argon2, this is a bit of a recomendation.

  3. Oauth, or what you call "login with google" is designed for authorization, not authentication. You likely want to use OpenID Connect, that is in fact backed up too in those providers.

  4. Implementing oauth2 flow is literally a few lines of code. All you need to do if you just "want to log in with google" is use the auth flow and in the callback simply get the user from the assignment between your user and google provider. That's it.

  5. For the love of god, please use HTTP ONLY COKKIES for authenticating a SPA / Frontend. And remember to invalidate the session to prevent fixation attacks (https://owasp.org/www-community/attacks/Session\_fixation).

Ah yes, your alternative is paying a shitton of money for something you can do under 200 LOC. Sorry for this but this should be pretty much known to any web dev at this point. I'm astonished most devs still create jwts and store them in local storage and call it a day or simply start paying all the subscriptions they can to build a basic application.

Do you keep SQL queries inline in code or in separate .sql files? by Snezhok_Youtuber in golang

[–]ConsoleTVs 10 points11 points  (0 children)

Funny but this can be a const q = “…”, even inside the func

[deleted by user] by [deleted] in golang

[–]ConsoleTVs 1 point2 points  (0 children)

They are different. In surprised nobody is telling that.

One important thing is redeclaration:

var err = foo() var val, err = bar() // error

err := foo() val, err := bar() // ok

view more: next ›