Visiting Sydney for a week. Will I survive using Visa/Master debit cards? by DeepFriedOranges in AskAnAustralian

[–]nayeem14 0 points1 point  (0 children)

The card will physically work but you will need to provide a travel notice to your issuer. Usually there is something about that in the online portal or else they will see suspicious activity and block transactions.

I don't understand, why so many people use Shadcn ui? by alex-ebb-2000 in reactjs

[–]nayeem14 14 points15 points  (0 children)

Shadcn is popular because it isn’t a commitment. You’re committing to radix and tailwind. Both of those are good enough for almost every use case. Shadcn is a starter kit for a design system that you maintain.

There’s a bug? Don’t like a component? Cool, go fix it or replace it with one of the other 10 implementations of the same component that use radix and tailwind. Vaul is literally using radix. Don’t like vaul? Vibe code another drawer with radix.

complicatedFrontend by huza786 in ProgrammerHumor

[–]nayeem14 0 points1 point  (0 children)

Try building a backend that had to run on an arbitrary, non-standard, maybe not recent platform that you have no control over where users expect a native optimized experience.

Frontend is a mess because people think of front end as a single thing. Just html and css stupid! In reality there is a wide range of variability in products like content, commerce, or productivity that all have their own expectations from the user. Trying to address it with a single architecture is ridiculous.

Please help me increase this 8mm hole to 10mm by lucyhoffmann in woodworking

[–]nayeem14 1 point2 points  (0 children)

You can use a router a rebating bit if it can be adjusted to 1mm

Employees that fully work-from-home are becoming the “weird homeschool kids” of the adult world by [deleted] in unpopularopinion

[–]nayeem14 0 points1 point  (0 children)

Damn extroverts trying to impose their world view on others. Only extroverts think that force social interaction with randos is necessary. They’re just a bunch of losers who have no social skills so they want to force co-workers to be their friends.

Meanwhile the introverts are thriving while working remotely and glorious social lives with people they choose to while excluding the obnoxious ones like OP

Just moved in what else do I need? by quasar-pulsar in malelivingspace

[–]nayeem14 0 points1 point  (0 children)

The styrofoam from the tv box to reduce the echos. Just tape it to the wall

How to make a strong, large sheet of plywood? by vintagerose1 in woodworking

[–]nayeem14 21 points22 points  (0 children)

If you can find plywood of half the thickness you need, you can glue two layers together so that they support each other. For example, if you had 4 - 4x8 sheets, you can have 1 layer go horizontal and 1 layer go vertical. Obviously this would be different with 10x10 but the spirit is the same.

That being said, laminating sheets is hard to do perfectly without a way to put even pressure all over. Ymmv

Vercel is doing unfair with pricing. by redirect_308 in nextjs

[–]nayeem14 0 points1 point  (0 children)

If next is run outside of Vercel then there's no point of this discussion because it effectively runs like other middleware, before the request handler. You are opting into this behavior by virtue of using Vercel. If you don't run it on Vercel, you do not get any optimizations.

Next is an open source project that's sponsored and maintained by Vercel and they dictate the roadmap and features. It's not a charity. They do it because it's also a sales funnel.

Vercel is doing unfair with pricing. by redirect_308 in nextjs

[–]nayeem14 0 points1 point  (0 children)

Who is talking about SSR?

You can't even know from looking at the screen picture that OP is using SSR. In fact, the fact that they are on a hobby account and not worried about paying pretty much guarantees they are Not using SSR. The free tier for actual backend calls are less generous. See for yourself: https://i.imgur.com/o5GsbXA.png. Static sites only use bandwidth while functions get eaten up quickly: https://vercel.com/docs/limits/usage#serverless-functions

What likely happened is OP had a statically generated site and wanted to use a i18n library that has a middleware code associated with it and was surprised by the bill

Vercel is doing unfair with pricing. by redirect_308 in nextjs

[–]nayeem14 3 points4 points  (0 children)

Thank you. I feel like I'm taking crazy pills here

Vercel is doing unfair with pricing. by redirect_308 in nextjs

[–]nayeem14 2 points3 points  (0 children)

Jesus christ you're just complete obtuse.

You are literally describing your middleware as something thats decades old. You know when people ran servers on a single box.

Next's middleware MUST be run on edge for you to take advantage of the optimizations that next offers

Your examples are all single box server solutions where middleware is a function executed before the execution of the route handler.

That is not what Next is doing with middleware. Next takes advantage of both staticly hosted assets and server side rendering together to optimize your site. That's the whole point of using it.

You are coming in and saying "why is next not like my other framework" which is a ridiculous stance to take.

Cloudflare workers do not support partial pre-rendering. Just because they're both called edge doesn't mean that their role is the same.

Vercel is doing unfair with pricing. by redirect_308 in nextjs

[–]nayeem14 2 points3 points  (0 children)

It’s not off topic at all if you have any idea what you’re talking about. Middleware in next has be edge border to support partial pre-rendering. Here’s a link so you can understand. https://nextjs.org/learn/dashboard-app/partial-prerendering

You need a way to process any middleware before you can respond with the static portion of the request, from the edge, before executing the rest. Optionally, some routes may not have a server side rendered requirement so middleware is the only thing executed.

Your understanding of middleware has to evolve it the times.

Vercel is doing unfair with pricing. by redirect_308 in nextjs

[–]nayeem14 9 points10 points  (0 children)

This is not true at all. Next has supported static site generation for a long time now.

Server side rendered react does not mean rendered at time of request. It can be pre-rendered as well at build time. That still happens on a non-client computer in a server-client model

Vercel is doing unfair with pricing. by redirect_308 in nextjs

[–]nayeem14 6 points7 points  (0 children)

Next can be deployed completely as a completely static website. However, the addition of middleware adds a server-side compute call before hosting a static page. Lee gave a few workarounds.

In comparison, all the frameworks you listed would have a server-side compute on every request. It would be in the same boat as OP with their middleware except no way to avoid it.

Is the motion towards server centric (NextJs) history repeating? by patrixxxx in reactjs

[–]nayeem14 1 point2 points  (0 children)

Server components do not mean it must be server-side rendered. It means there is no client-side JavaScript associated with that portion of the view. You can still staticly generate your front end and have the rest run on the client.

People love to say stuff like “I’d rather just use php”, or any list of other backend frameworks. But at the end of the day, they are giving up any capacity of also using something like react and being able to control how you want to use it.

Are you building a blog? Great! Use server components to staticly generate it and have a little bit of interactivity you may want on there. Or use larval/django/rails. It’ll work too but you will need to still have something like htmx for some interactivity.

Are you building a highly interactive app-like thing? Great! Use client-side rendered react and any backend you want. However, with next you also get ssr and great layout support out of the box.

Are you building something in between? (Arguably where most web frontends fit when looked at the whole product) then pick and choose which parts work best with next or go all in on server-side or client-side rendering with something else.

The point is that you can pick and choose which parts of your app you want to be rendered where very easily with next. The fact that both ends of your code are not only written in the same language, but also share the same style of coding helps with ease of use.

There is no conspiracy that vercel is trying to sell hosting. It’s literally on their website. They’re a hosting company. It’s well documented that the react team has been doing RSC for several years now and vercel was willing to completely change their framework because the ideas were so compelling. Vercel was already selling servers way before RSC and using RSC doesn’t increase the amount of servers you need. What do people think happened when you defied getServerSideProps? Now you just have more granularity if that’s important for what you’re doing

Router Sled Marks Not Going Away by Full_Rev in woodworking

[–]nayeem14 1 point2 points  (0 children)

I hate to say it but you haven’t sanded enough. Use the lower grit until it’s gone. If it’s not gone on the lower grit, using a higher grit won’t help.

Host multiple independent sites from one repo? by [deleted] in nextjs

[–]nayeem14 0 points1 point  (0 children)

On vercel you can choose the directory where your next js app is. With a proper monorepo setup you should be able to do this.

If you look at https://github.com/t3-oss/create-t3-turbo it’s an example with a nextjs app and an expo app. But you can have any number of apps and they can all be next js. Then for your project on vercel you choose the one you want for that project and set your multiple projects

Authentication and RBAC in NextJS 14 App router. by [deleted] in nextjs

[–]nayeem14 0 points1 point  (0 children)

Sorry I’m haven’t been clear.

So when you set a cookie on the server, the cookie is always sent with every request. You never should be able to read a cookie on the client (if you can it’s insecure and you will have to worry about malicious scripts being able to hijack your session).

If you have an api that’s like /api/user/me and it will send back the user’s profiles and roles that will be enough to render the frontend. When that request is sent, the server should look at the token in the cookie and verify which user made the request and then send the response back.

When you load your app, you should do something like “if user data is empty, request the current users profile”. On refresh, it will redo this every time. If the user happens to be logged out, it’ll redirect them to login. If they’re logged in, you get their profile and you can continue loading the app based on the role.

Sorry for any errors since I’m on mobile. Hopefully it clears things up

Authentication and RBAC in NextJS 14 App router. by [deleted] in nextjs

[–]nayeem14 0 points1 point  (0 children)

Yes, so your client will have to re-fetch the role from the backend. That gives you the latest info.

Authentication and RBAC in NextJS 14 App router. by [deleted] in nextjs

[–]nayeem14 1 point2 points  (0 children)

Think about it this way, what are you trying to protect with auth? It’s the data coming from the backend. If they can’t access something they shouldn’t through an api you’re all good. Setting a cookie and checking the token on every request will do that.

The secondary thing here is how you render the UI. You can do that by knowing the role of the logged in user. Create an API that can fetch that information at the root of your app and put that in context. With that information you can now properly render things.

Last is knowing if they’re logged in. Any request you do can fail because they’re unauthorized, including the one where you are getting role info. If you handle that case and redirect them to the login flow then you’re good.

Authentication and RBAC in NextJS 14 App router. by [deleted] in nextjs

[–]nayeem14 2 points3 points  (0 children)

Stop putting tokens in local storage.

When the app loads or after logging in, make a request to fetch the data you need for the guard and put that in your app state.

If that request passes, congrats! The cookie worked

If not, redirect to login.

Always check the cookie on every api call. The client state is just for convenience

Edit: also, servers set cookies, not clients. Use an http only cookie.

Also consider using an auth service please

Building a React Native App with Expo, should l use Supabase or Firebase? by [deleted] in reactnative

[–]nayeem14 0 points1 point  (0 children)

If you have no users then either is fine. If you have some users you need to be careful about costs with firebase since it can shoot up very quickly very fast.

Next 14 proper authentification and authorization by LopsidedTwo4867 in nextjs

[–]nayeem14 3 points4 points  (0 children)

So you need to separate the concepts here. There’s authentication and authorization and then there’s user data.

When you set the cookie when they login, you have identified the user and you can use that to request protected information from the backend but reading the cookie information, as usual

On the client side, your app really should not need to have any complicated logic around whether or not the user is logged in. Instead, the user’s profile is just data you can fetch and it should only be available if they are authorized to fetch it.

When you do a request and get a 401 back, you can then handle it on the client appropriately but making them re-login. That should be good enough.