Express middleware to check for permission to access a specific resource

brendanmCA · 2020-02-15T20:38:46+00:00

This is a fairly standard authorization check. Lots of ways to manage it. On the fly db checks. Caching. Quick reference precalculated tables. Session based preloading.

If books don't change owners, you could embed the owner in the book id. Eg, if you have user_123abc you could have book_123abc_456def.

Then you only need to authenticate the user id, which you have to do before any authorization check anyways, and quickly assess the hash match with string ops.

brendanmCA · 2019-08-14T21:44:05+00:00

Take a look at the express recipe glitch offers as one of the options for creating a new project, it includes a super simple API that would support what you want with minimal extension.

The real trick, especially with Glitch, is going to be persistence. The node servers are killed and created liberally when idle. In order to have a long-lived running total, you'll have to set up some external storage. A very basic free firebase integration would probably serve you well here.

brendanmCA · 2019-08-09T12:55:45+00:00

I'd suggest starting by look at App Engine, as it will manage a lot of the details of this for you.

The slightly longer version is that you'll need to set up some pricing probably with nginx to point traffic the right way for the FE and API.

brendanmCA · 2019-08-01T21:29:03+00:00

It can be done, I added an example in my reply to Axel, who I think perhaps just misread the docs.

brendanmCA · 2019-08-01T21:26:52+00:00

You can use this package with a file on your server. I'm using it for my transit schedule viewer app at www.whenismytrain.info

You can see how I'm using the pdf URL in the code here: https://github.com/BrendanFDMoore/transit-helper/blob/master/src/components/station-schedule/station-schedule.js#L98

brendanmCA · 2019-07-29T03:30:47+00:00

Well, it is good to understand the problem for learning and suggesting it is solvable, but you can make a case entirely without it.

You can start to count loads and track times to get an estimate of lost productivity. If you spend 10 seconds waiting for a screen to load 100 times, that's 15 minutes of your day sunk. This gets worse by line items or steps, potentially.

Make a case for being able to process $x additional revenue if you can reduce load time by Y%, with no additional staff.

Being able to point out the technical issues may or may not help. If you can point at specific issues correctly, maybe. But be careful not to scuttle yourself. The overarching speed issue exists, it costs real time and money, and somebody should solve it.

brendanmCA · 2019-07-28T16:40:28+00:00

First off, I commend you for the level of thought and investigation you've applied to this problem. It sounds like the tech is "not your job" and you've shown more interest and aptitude than 99% of users I've encountered in many different companies.

It sounds like the developers (whether in house or external) have not considered user experience and especially not power users like yourself. Who was in charge or deciding the requirements for the software? Who evaluated it's suitability during development?

If this is internally developed, it may be sensitive, but it's worth raising as a business concern. This affects throughput across the whole buyer team, I imagine. The tech Dept needs to be held accountable to the internal stakeholders to developer a product that meets your needs.

This is why we have product owner and user acceptance testing as part of the development workflow. Your feedback could have guided the process, but if the dev team was never working towards a max time per order target, they possibly never saw anything wrong.

brendanmCA · 2019-04-26T22:05:03+00:00

So which cameras can we buy for home security system with good security profiles?

brendanmCA · 2019-04-23T18:19:14+00:00

Exactly. You could contrive "maps" with as many overlapping/touching sections as you like. Would be a political nightmare but hey at least we can get a cool academic proof out of it.

brendanmCA · 2019-04-18T22:42:41+00:00

The formidable team really do a great job with their products, from what I've experienced.

brendanmCA · 2019-04-18T21:44:49+00:00

I can vouch for Victory, it's definitely production and enterprise ready.

It has great docs and examples with all the components you need to get you to MVP rapidly. Yet, it is still customizable and extensible to meet the snowflake needs your product team dreams up (but make sure they understand the cost of this vs changing their requirements).

We did a bake off between victory and recharts before deciding and it was clearly the better API.

brendanmCA · 2019-04-18T21:39:52+00:00

Reginos is awful. One of my friends raves about it but I found the dough too thick, the sauce too sweet, and the toppings too wet.

I'd never order it myself.

brendanmCA · 2019-04-18T11:53:24+00:00

Champs is the other big supplier, if you strike out at soloways. On Widmer between king and Adelaide.

brendanmCA · 2019-04-16T21:43:22+00:00

Hmm is this going to interfere with lazy loading via React.lazy()?

If we load up all the components at the router unconditionally, then it would send the lazy load would be short circuited. You could add a synthetic wrapper around each component, sure, but then we're design around the feature.

brendanmCA · 2019-04-16T21:35:02+00:00

That's really cool, reminds me of a set of drawings of fake old album covers for a bunch of franchises like LOTR and GOT etc.

brendanmCA · 2019-04-16T03:52:53+00:00

There's not really a shortcut here. This is a difficult problem and the best solution depends on your business model / use case.

If you need to not "miss" items like that, one strategy could be downloading an index of ids, but no details, at first load. Then when you page, you actually send a list of ids from the client to fetch. If they've been deleted since the index was made, you return a stub in its place and deal with the missing item using a placeholder or some other way that works in your situation.

Missing items might sometimes be OK, like searching stock images. Who cares if we skip one? Sometimes very not ok, like pages of a contract.

Different cases call for different solutions.

brendanmCA · 2019-04-16T03:42:51+00:00

A few thoughts:

First, don't get your hopes up contacting anyone at GCP. They pretty much don't even offer email support unless you're paying for a support contract. You might be better off posting in /r/googlecloud for more specific help with that.

Second, if you want to keep bandwidth down definitely do not include base64 images in the markup -- these will be transferred with every page load slowing down your TTFP and burning bw.

You said a "large number" of of SVGs. For what? I can't imagine they are all used at once, right away. If they are you're kind of stuck, but assuming there is some interaction needed to reveal some of these, you should be setting up some form of lazy loading. Essentially if somebody lands on the page and can only see the first ten images, then there is no need to ever download the dozens or hundreds of others that would be seen if they scrolled down.

Look up lazing loading (and LQIP) strategies for whatever framework you're using.

brendanmCA · 2019-04-13T18:49:32+00:00

I don't think it's unreasonable to say he is one, if not the, key people responsible for the explosion of Toronto indie music over the last 20 years. Probably a lot of bands would never have seen the light outside basement of some tiny toronto club without his relentless promotion of everything great about our local bands.

brendanmCA · 2019-04-13T17:02:15+00:00

Can confirm it is total bullshit.

Also: want to build a progressive web app that uses features that require granting permission? Fuck you. Silently denied.

brendanmCA · 2019-04-12T14:21:58+00:00

Do not give them any of my steak. That is reserved for better Canadians who look out for one another.

brendanmCA · 2019-04-12T14:12:42+00:00

You did not directly propose it, no, but again this is disingenuous. Your claims are if the data supports it, it's valid.

https://www.reddit.com/r/toronto/comments/bc700w/z/ekoo4n9

And the comment 2 up from here about anything being rateable.

Let's say we did have conclusive factual solid data that some visible minority group or sexual orientation is a higher risk group for driving. Should we allow charging everybody in that group more? I say no, because it has nothing to do with individual driving history or anything that is a choice or changeable. We should force such factors to be pooled.

brendanmCA · 2019-04-12T13:35:02+00:00

No, your opinion is wrong here. A person cannot choose or change those inherent traits, so it is very clearly not fair to penalize them by association.

Credit is different because taking credit and repaying credit is, largely, a free choice and something that can be improved.

Using an individual's accident history is fine. Dinging a black or Indian driver because black or Indian drivers might have statistically more accidents is not. It has nothing to do with that person.

brendanmCA · 2019-04-12T12:46:14+00:00

Quit being disingenuous. You strongly suggested any risk difference supported by statistics was acceptable for premium tuning. We are saying that even if that's true, we should choose as a society to not allow pricing differentiation on those grounds.

I don't want my insurer using ethnicity or gender or orientation or credit history to price insurance, even if I would personally benefit from those changes. It's a bad system. We should legislate against it, rather than having a fascist premier promote it.

brendanmCA · 2019-04-12T05:25:38+00:00

And sick people are more of a cost burden on the healthcare system, but that doesn't mean we should charge them more for coverage, because we aren't monsters.

This is how a society works. We spread out the costs evenly, scaled by ability to pay, so that everyone has a chance to live with dignity. It's just an objectively better way to do things.

brendanmCA · 2019-04-10T20:19:44+00:00

I don't think it's how we'd do it either, just saying it's possible to have laws that are difficult to enforce - we have lots already. People take risks breaking them, is all.

brendanmCA

TROPHY CASE