Discover gists

Про токены, JSON Web Tokens (JWT), аутентификацию и авторизацию. Token-Based Authentication

Last major update: 25.08.2020

Что такое авторизация/аутентификация
Где хранить токены
Как ставить куки ?
Процесс логина
Процесс рефреш токенов
Кража токенов/Механизм контроля токенов

Working with Q — Coding Agent Protocol

What This Is

Applied rationality for a coding agent. Defensive epistemology: minimize false beliefs, catch errors early, avoid compounding mistakes.

This is correct for code, where:

Reality has hard edges (the compiler doesn't care about your intent)
Mistakes compound (a wrong assumption propagates through everything built on it)
The cost of being wrong exceeds the cost of being slow

Flutter Clean Architecture Implementation Guide

Overview

This document provides comprehensive guidelines for implementing a Flutter project following Clean Architecture principles. The project structure follows a modular approach with clear separation of concerns, making the codebase maintainable, testable, and scalable.

lib/
├── core/
│   ├── database/

MECHREVO Wujie 14XA (Ryzen 7 8845HS) Reverse-engineering

This log documents ACPI calls and driver calls found through reverse engineering the MECHREVO Wujie 14XA laptop (marketed as 机械革命无界 14X 暴风雪版, or Mechrevo Boundless 14X Blizzard Edition).

I am playing with:

BIOS version: N.1.14MRO17
AP (control center) version: 5.56.51.17

"How did you capture these calls?"

Reliable mouseEnter/Exit for SwiftUI

On Mac, SwiftUI's .onHover closure is not always called on mouse exit, particularly with high cursor velocity. A grid of targets or with finer target shapes will often have multiple targets falsely active after the mouse has moved on.

It is easy to run back to AppKit's safety. Below is a SwiftUI-like modifier for reliable mouse-tracking. You can easily adapt it for other mouse tracking needs.

import SwiftUI

User-controlled Keys Considered Harmful

Two important takeaways from CVE-2025-55182

We now have a public POC for CVE-2025-55182, the React Server vulnerability that allows remote code execution on affected servers. The details of how the exploit works are fascinating, and they highlight a couple of important but obscure facts about JavaScript itself that all JS developers should be aware of so that we hopefully don't make the same mistakes in our own code.

It's important to be aware that client-side code can also be affected (XSS) in addition to server-side code (RCE).

1. Promises are overloaded

Cloudflare WARP: Installation and Usage Guide for Ubuntu

This guide provides a complete, step-by-step process for installing, configuring, and using the Cloudflare WARP client on Ubuntu, specifically for use as a local SOCKS5 proxy.

1. Installation

These instructions are for supported Ubuntu releases. The installation commands will automatically detect your system's version.

Supported Releases:

Noble (24.04)

	-- supabase/seed.sql
	--
	-- create test users
	INSERT INTO
	auth.users (
	instance_id,
	id,
	aud,
	role,
	email,

	## MPV Keyboard Shortcut to match VLC
	## Path: /etc/mpv
	## ==================

	UP ignore # ignore keybinds for
	DOWN ignore # directional keys
	LEFT seek -10
	RIGHT seek 10

	SPACE cycle pause # toggle pause

	POST / HTTP/1.1
	Host: localhost
	User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
	Next-Action: x
	Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryx8jO2oVc6SWP3Sad
	Content-Length: 459

	------WebKitFormBoundaryx8jO2oVc6SWP3Sad
	Content-Disposition: form-data; name="0"