How do i add loading on server side in remix? , in next js, i can create a file call loading.tsx

Overwrite. Underverse reference

When ever i feel down or dont wanna code I always comeback and look into your channel. your short videos and few motivational videos now and then helps a lot. thank you senpai

not the video i wanted, the video i needed

how do u use server action in client component. Like with this startTransition thing, i truly don't get it

I am fighting with this library to create a setup where I can use separators to build out 2 sections, but each section to fall under the docs/ route. If there's any other folder inside of docs it immediately makes it a menu and I can't figure out any way around this. Do you know ?

Everything you said, plus I also like the Things app (syncs mobile/desktop, etc.) which I learned about from another solopreneur dev. Related to dev/projects, I mostly just use the “recurring todos” feature or little one-off tasks/reminders for a certain day… actual project management with Trello (or plannerai :) )

Thanks,i think this is good info

I think i have a crippling fear of failure or hating my final project, cuz i never make good looking projects (ui is not so good) and it kinda demoralising

Hi Code, Does railway provides its own CDN for nextjs app or do we have to use other cdn service like cloudflare? Thanks

I can't even finish this video LMAO

thank you cody

Please make a video on Lucia Auth 👀

Great Lecture. Very Well explained. Good tool earse.. I will certainly use this toll.

Thanks man! I love your videos, it's fast but not fast enough to make it hard to understand and not slow enough to make me feel sleepy, your videos are precise and explains the connections/relationship between different things!

coincidentally this is like what im doing like right now. Great vid. Here is a video idea. How to use next auth with an external backend. Without nextjs built in backend if you get what im trying to say. because there is this backend guy i work with who built the jwt himself then in my next app i use next-auth so we are really confused on how to amalgamate the two strategies.

Small update on Drizzle Studio for those who face a problem to access it: 1/ update drizzle kit: npm i drizzle-kit@latest -D 2/ in the drizzle.config.ts, change driver to dialect and connectionString to url 3/ restart your studio: npm run db:studio It should work just fine.

Personally in these cases I prefer use the `cn` utility function, you can use `clsx` straight btw. I just separate logically the classes in logic order and I'm set. From: ``` <input className='flex flex-col my-3 mx-auto w-1/2 bg-white text-slate-900 border border-slate-200 rounded-lg shadow-sm hover:shadow-lg hover:border-slate-300 focus:outline-none focus:ring-2 focus:ring-slate-500 focus:border-slate-500' /> ``` To: ``` <input className={cn( 'flex flex-col my-3 mx-auto w-1/2', 'bg-white text-slate-900', 'border border-slate-200 rounded-lg shadow-sm', 'hover:shadow-lg hover:border-slate-300', 'focus:outline-none focus:ring-2 focus:ring-slate-500 focus:border-slate-500' )} /> ```

I will stick to my VPS approaches. But I completely agree with you on the database and file storage part. It is stressful to always think about those and implement defensive measures in your backend for them.

Has NextAuth basically been bought out by Clerk and turned into a sales funnel for them?

l'm looking to enhance the security of my Next.js app by implementing a feature where users need to re-enter their password before accessing routes displaying sensitive information or performing critical actions. How can I protect these routes to ensure that only authenticated users who have re-entered their password can access them?

What theme is that

Bro it's way past time for you to move to Remix

Thanks for sharing your perspective!

Nice! Basically the architecture of Dokku with the UX of Vercel. I'm a fan.

Why not just contribute in improving coffeescript rather than building another language..

Cody, just watched your video on automated email testing. If you are into efficiency and hate wasting leads, I gotta recommend FilterBounce. Their verification is so accurate, it keeps bounce rates under 1%. You get top-notch results and practically eliminate wastage.

Hey Cody, loved your video about your email newsletter app. Did you ever consider trying out FilterBounce for your verification needs? The accuracy they provide leaves other services in the dust, plus they offer 300 free email id verifications each month.

Just got done watching your latest video on automated email testing, Cody. Ever thought of giving FilterBounce a try? It is damn reliable and the accuracy blows any other verification service out of the water. Plus, they offer a free plan to get started.

Good work Cody on your latest video! As for Email Verification, FilterBounce has changed the game for me. I fear it might make some of your testing redundant, they are that good! Affordability is their middle name. Trust me, throw them into your mix.

Yo Cody, amped to see you tackling email verification in your latest. You know what could have saved you a ton of time? FilterBounce. They have an API for contact form verification that is top-notch. Never had a single issue with false positives.

us this any more useful than portainer

This is why I use Clerk, they do all this for you. 1min lived tokens

This is wayy good explanation!🫴✨

Hey Cody just wondering why you are saving refresh token in db, i understood your point for security but couldnt you just encrypt it with a secret on backend ? and put it in httponly cookie? incase of compromise you could just change the secret salt, (this might lead to many other people getting logged out though, but its a very rare case to happen)

REMIX REMIX REMIX!!

What a great explanation.

When I first used next-auth, I hated it because of these reasons. I was wondering how everyone is advertising next-auth as a good solution. I am glad I am not the only one who thinks so.

OMG Sheesh Why?

Thank you Bro Really good❤❤

As much as I love NextAuth, I always break my head with a wall when I need a more secure way to handle authentication or some extra functionalities. We need so much work arounds to bypass their limitations that your projects turns to an authentication app. I feel like this solutions need so much time and effort to accomplish what prebuilt solutions such as Clerk or Kindle do, that is not worth it. Although they are not totally free, the free tier is more than enough to keep your app running and growing without worrying about this kind of stuff. Once you're near the free tier limit, your app should have more ways to handle the costs of this solution, or you could opt out. I personally prefer to think about those things once I truly spent time developing, rather that overthinking something that blocks the rest of the project. As a side note, when you pay for this solutions you don't only pay for "the user", but the maintenance, the constant updates and security made by a profesional team.

How I would like to do it. /auth/login - issue refresh token and acesss token Store refresh token in cookie and don't store access token at all. /auth/refresh - get new access token using, called on full page reload or if token expire on when client is still on the page. Reduce lifetime of acess token to <5min. How I like to keep track of refresh token? I create a devices table which store the info about user-agent and ip address. I put device id in refresh token. When a request for token refresh is made I check if device exist if yes then return access token.

I love Next Auth but it is a constant pain when you run into basic things it doesn't support still

The way you mitigate attack surface, is that whenever the refreshtoken is used it returns a new access token and anew refresh token invalidating the previous refresh token. So effectively if an attacker steals any, next time the real user logs in the attacker has no valid tokens. I think that is the main point of refresh token being a separate http only cookie. It is a single use token. At that point you might as well keep the access token in memory since the absence of it and the presense of a valid refresh token would guarante always being authed. This used to be the most solid solution back in the localStorage days. But I am not really sure why you need to use jwt and not just a session cookie. Not really convinced that the flexibilty exists in next auth. Lucia auth seems more promising but it has no real csrf protection which next-auth has. Really strange that nextjs in general hasn't made that functionality robust since it is nothing new and all other real full stack frameworks have it for years.

You should check into building your own auth (cognito being the easiest for me) because it gives you way more control with less code. You already know the basics by now so you'll find it much simpler.

I tried using next auth at first and absolutely hated it. Could not get it to consistently refresh tokens across sever components, server actions, client components, etc. As i have a separate backend i switched it up where the backend handles the oauth flow and refreshes tokens automatically. All I need the frontend to do is check the cookie exists. If next Middleware doesn't see the cookie or a fetch returns 401 the user hits the backend /login route. You could almost certainly set that up with route handlers too I imagine.

you can blacklist your jwt in redis thereby invalidating it

screw this I'm switching back to database strategy. I'm not convinced using jwt strategy isn't worth the hassle when it comes to using next-auth

Isn't it good to get group membership list and plan in session without adding it to JWT token?

next and next-auth is a joke, you can use it only for hello world projects. in real world scenario where you need to support auth calls to api both in browser and server its impossible to implement this in next. switched to remix and feeling good