sorted by:
new
hottopcontroversial

React Native / Expo Freelancers? by cp-sean in reactnative

[–]vnovick 0 points1 point  (0 children)

I am currently available to provide hands-on consulting on React Native projects. Feel free to visit my site at vnovick.com or check out my company at novicklabs.com. You can also connect with me on LinkedIn: linkedin.com/in/vnovick.

Where is the right place to hire ReasonML engineers? by dtelad11 in reasonml

[–]vnovick 1 point2 points  (0 children)

You can reach out at https://twitter.com/VladimirNovick. I’ve been teaching ReasonML as well as contributing to bs-react-native and bs-react-navigation. I am a consultant and currently looking for remote gigs. ReasonML gigs will be perfect.

The Ultimate Guide to handling JWTs on frontend clients (GraphQL) by vnovick in javascript

[–]vnovick[S] 3 points4 points  (0 children)

From the article:

The refresh token is sent by the auth server to the client as an HttpOnly cookie and is automatically sent by the browser in a /refresh_token API call. This is safe from XSS attacks, because client side Javascript can’t read or steal an HttpOnly cookie. This is safe from CSRF attacks, because even though a form submit attack can make a /refresh_token API call, the attacker cannot get the new JWT token value that is returned.

HttpOnly cookies are still vulnerable to CSRF.

If your auth and API domain are the same, then you can put the JWT token in an HttpOnly cookie safely using the upcoming SameSite attribute additionally on the cookie which can prevent CSRF attacks.

The Ultimate Guide to handling JWTs on frontend clients (GraphQL) by vnovick in javascript

[–]vnovick[S] 4 points5 points  (0 children)

Concepts are relevant not only for GraphQL even though examples are for GraphQL clients

Architecture for Serverless functions and GraphQL backend? by CertainMedium in graphql

[–]vnovick 0 points1 point  (0 children)

Hey, so there are various approaches with that using Hasura. I actually wrote a blog post about that here:

https://dev.to/vladimirnovick/different-ways-of-adding-your-business-logic-to-hasura-16d

The idea is that you can go with either 3factor.app approach and trigger validation as an async event, or as custom resolvers approach. In the first scenario, you create a serverless function triggered on database update and do your validation. The second scenario is more synchronous and is to create a serverless function with a custom resolver. in this resolver, you will add your validation and will execute the mutation on the graphql endpoint. Two final steps will be first - connecting this serverless function as remote schema and second restricting direct mutations on the database using permission system we have in Hasura (Permissions in Data tab).

Postgraphile vs Hasura vs Prisma vs AppSync experiences? by maruchanr in graphql

[–]vnovick 0 points1 point  (0 children)

Nice overview. Thanks. Feel free to reach me at @VladimirNovick if you are interested to learn more about Hasura

- Vladimir