#development

yea, see that little spike? that was handled automatically

yeah, I think thats the part everyone forgets

200ms is on average what most apis handle

and those are the cold starts

Goof around with cf workers for a bit.
Its like 100k requests free a day.

Its really interesting stuff

(in terms of discord bots, thats 100k commands run per day free)

just calculated it and it costs about £5.39 a year

not as bad as i thought

My api averages at 150 ms with image gen around 400 - 500 ms

I used to run my bots and stuff on an actual pc but that was like 200 quid a couple years ago and I can't justify

not too bad

indeed

when my lambda is warm it can respond in less than 2ms

my ping to the discord api is about 30ms lol

That might mean it's cacheing the response

it can't. it's sending the unique interaction url token along. any caching would break it

Mine was around 5ms on cf workers when it didn't have to hit the database, which was about 40% of the time.

I mean it wouldn't really take much to just send the interaction token then xD

serverless is fast

i'm not hitting a DB either. just verifying the discord signature and then invoking another lambda

it's doing some crypto stuff

that and more scalable lol

docker has built in load balancing if you use hostnames and container networks properly

At that point though if you really need scaleability you would just go with AWS/GCP/DO

yea

self-managed is more fun tho

:^)

and way cheaper if you do it right

Working on a docker UI alternative similar to portainer, would this be a good permission set to use?

just skimming over it yes

honestly once you have this semi stable I might use it for our topstats deployment for easy log access

portainer is fine but its a bitch sometimes

Yea it has its annoying issues and the permission system in it is fked and no 2FA either

yarp

we have 25 containers now (8 of which are github self-runners) but still

would be nice to see logs without using ssh

for mobile access etc

whats the frontend written in?

asp.net blazor SSR

Pretty good for dashboard type applications and good for security and real-time stuff like this

Man making me wanna dust off my .NET experience just to contribute 💀

I havent used .NET in like, 8 years lmao

Dang

not saying I couldnt it would just take me reading docs and trial and error and code review tbf

If you have any like suggestions or features i could add into this project let me know 🙂
Here's a preview version too https://devspace-demo.fluxpoint.dev/

you got a notion or a public board of tickets of whats already planned?

Oh the demo is broken no team

im working on a replacement for ticketbot rn

lol

gonna be fun

Ah nice

you can create one

nvm

:^)

UI is hella nice

if the background customizable? @prime cliff

Yup

For demo there is a specific preview for it with url

Oh noice

first real rust project 🔥

Is there a performance difference (if any) to instantiating a relatively simple object (class with get set members) and a struct in c#?

I know in compiled languages structs and simple classes get optimised down to a simple stack allocation with the members populated in compile time (assuming we are setting members compile time) but not sure how c# handles this

there is. in c# sturcts are value types allocated on the stack (when they arent part of a ref type) avoiding garbage collection

while classes are ref types allocated on the heap, potencially leading to gc overhead

structs are faster for small objects because it doesnt require heap allocation or garbage collection

oversimplified

You don't really need to worry that deeply about performance when using C# it's pretty well optimized already :/

so based

chat is this real

my first ever model from scratch seems to spit out exponentially worse output in every iteration

im pretty proud even though most code is still pretty mid https://github.com/mcjars/mcvcli

looks okay for a first rust project

could have some refactoring but overall looks good

thanks

@harsh nova

i amma try it

steamne moment

Thx

np

oh no i failed to get 50 usd

I amma blame u for no reason then

it's learning, just backwards

the thing is this is the dataset 😭

chat is this real?

given enough time it'll eventually print all digits of pi

WAIT I THINK IT'S FINALLY LEARNING

left is expected result, right is predicted value

wait nevermind??

Is this for springs?

wdym by for springs?

Like, force applied to the spring and the distance it stretches

For calculating the spring constant

oh right yeah

"Given a dataset of the relationship between the extension of the spring (x) and the force given (F) in the Hooke's Law experiment is obtained as follows:"

Yeah

Wdym by “model” here?

You can calculate this definitively using physics :p

we were asked to optimize a model with gradient descent with that dataset for 4 iterations

Oh this is ML stuff

yeah

Lucky

not physics lol

I haven’t had an ML class at all yet

NOOOOOOOOOO

i'm screwed

Never even done ML on my own

Although I’ll hopefully be doing it soon

Trying to get into a quant research program at my school run by a club here

i kinda made a simple pseudo machine learning model from scratch in C

it kinda worked for the example dataset provided in the lecturer's presentation

this is with 1,000 iterations btw

wish I had an ML class early on

I'm senior status this year and still haven't taken one

i'm honestly unsure if it worked with this dataset

we were asked to perform only 4 iterations but even this 1,000th iteration doesn't even look good

😭

when i tweaked a single digit it suddenly becomes like this

perfect

wish i didn't have an ML class in my first semester 😭

such a huge jump from programming basics

I've literally never touched any AI/machine learning programming, chatgpt or co-pilot
I'm a pure dev

I mean assuming that this is a linear regression model, I’d imagine it should be able to handle a linear relationship with ease (judging on the name)

Actually nvm I’m stupid

here's what it should typically output

🧌

ci?

Go catch your cargo
The cargo is on the run

does anyone know why this embed isn't showing a video:
https://ftcscrimmage.org/post/B0CUYY

ive added the video meta tags, you can confirm that by viewing the page source

Idk if it is much help, but these are all of the tags for a site which does embed videos correctly

https://discord.mx/i/ClvdqcB9Sj.png

thanks

why are you using </meta> after each one

does that matter

idk LOL

also try direct file url

with .mp4

got it

also there seems to also be twitter:player

found this just now https://github.com/TheLovinator1/discord-embed

ill check it out thanks

pls god dependabot never make this pull request ever again

never bump dependencies without testing and reading changelog

where's the editing option on top.gg page

like i want to use css to change bg and stuff

where can i find it

I dont see a bot with your id approved
when the bot is approvedm there is an option to click edit on the bot page

i am on edit page

where can i use CSS

in description?

or anywhere else

-htmldesc

Yea, you can use HTML and CSS in long description

-htmldesc

ohh thanks!!

yeah forgot

been trying

i just edited and when i clicked on save it popped up!

Invalid CSRF Token. Please refresh the page and try again

i refreshed 3 times

wrong reply

😭

# give <@&1230605757486202990> luca access (including ban)

can u send sc in #support

But thats what gives me adrenaline 😔

I love this thrill when I do not know if my code will continue to work or lunch into space

what can be the issue when i preview the code in vscode it's like this and quite opposite on top.gg

An overview of your code would help.
All we can say now is; yes it's different, use iframes.

@earnest phoenix here it is

i want this to be on my bot's page

what type of link can i use in iframe

github is not supported

Anyone help!

any website

it is, if you host your website/file

top.gg's bot description is not a website, it's a description

markdown description with few supported html elements and attributes

so either work with the limitations

or host the html page using e.g. GitHub Pages and then use an iframe

And there's something called patience

@earnest phoenix Thanks for your help. I hosted it on github then took out iframe in long-description

can i do the same in shorter one?

No, the short description does not support HTML

why would anyone do that

horrible ux

💀

one last

ques

can i make it bigger?

https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe

do note that the width is at its maximum in that screenshot

you cannot go over the sidebar

unless you do some css stylings

I mean, u still cant cuz you'll get banned off topgg lul

there's limitation on styling?

You can't do some things

Like blocking buttons or removing elements

nah, i didnt say anything about blocking buttons/removing elements

there's a way to make that full width, like display: block, but the buttons are at the very bottom (bottom of review). the other way is use flex-direction: column-reverse. that'll make the buttons on top, but need to style them to become row instead of column

TBH, I wouldn't make it bigger than that anyway.
I would change the styling on page like Mimu does.

https://top.gg/bot/493716749342998541

Makes it look like the desc is much more incorporated

Bruh there's literally a button on there that just redirects to Discords own app directory

Also the bot name is gone

@solemn latch

Now thats amazing

Its intresting because it just disapears for me

Wait what

it seems to be something with the "css-rd8i1m" class cuz without it the text shows up

anti mod code

css-rd8i1m is setting content to ''

oh

I mean, she explicitly set that, so Idk

Weird thing to do tbh

Reported it to iara, probably unintentional.

👀 anyone want to review my sql schema?
I'm pretty bad at database structures, going to start learning a bit more proper approaches to table structure. Might be fun to get feedback before I really start learning.

I'm curious LOL

Yup sql is fun to break

context for what this is for: #general message

I'ma post the sql on pastebin, its long

https://pastebin.com/mTTuqRDF

Things like attachments, reactions are not included yet

pastebin

yeah ikr

I havent used pastebin since highschool

https://pastes.dev 🙏

also what the hell is happening there

scams lots of them

no moderation pastebin, woot

it's been awhile i think

i first saw theses quite awhile ago

woo, you could use some not nulls there

content u can use a varchar column with size set to whatever is max discord length

same for other text columns

Should not nulls be used even when things may be empty strings?

people really post a review instead of join a discord server for help LOL

At least it's 4 star review

well, not when it's a nullable field in discord, but when it's a required field

like username

yeah at least

username may be empty

or well null

username cant be empty

private users will have null usernames

But yeah, some things are not null.
tag names should be filled.

private users?

yeah, so on the website users by default wont show their actual username.

It will be generated per thread, randomized.

I dont need to track those users usernames

ah, not private, anonymous then

yeah

Kind of private, since they wont have a profile on the site either

you could still make it not null, just dont fill author_id on thread

a null column still takes space

alright, good ^-^

the timestamps could also have a DEFAULT CURRENT_TIMESTAMP to reduce insert payload size

good point

oh also, I saw answer_message_id BIGINT on threads

does this mean that they can only have one answer?

oh is it like stackoverflow?

Yeah, one marked answer. Figured it would be easiest

yep, that's fine

well, the rest seems fine, just replace the text fields with a bounded varchar where possible

and if you plan on adding more flags in the future, you could use a bitfield instead

an int bitfield can hold 32 booleans at 1/8 the size of 32 bool columns

I've never worked with bitfields in a database. great thing to learn

they're just boolean arrays but in a number

(bitfield >> n) & 1 == 1 is the same as doing array[n]

What about the circular fkey references?

Threads referencing messages, messages referencing threads.

Is that bad?

That’s what mapping tables are for

Or maybe I’ve misunderstood your intent here

Many to many relationships?

unless you want threads and messages to have a 1<>1 relationship, only one side will have a reference

also it'll be impossible to insert data when it has circular FK (unless you bypass constraints, which u shouldn't)

Yeah if the thread has many messages, and the message has one thread, then the message table will have an ID to the thread row that owns it

CREATE TABLE threads (
    thread_id BIGINT PRIMARY KEY,
    channel_id BIGINT REFERENCES channels(channel_id),
    thread_name TEXT,
    answer_message_id BIGINT REFRENCES messages(message_id),  
    owner_id BIGINT,           
    guild_id BIGINT REFERENCES guilds(guild_id),
    last_active_at TIMESTAMPTZ,
    is_locked BOOLEAN DEFAULT FALSE
);

CREATE TABLE messages (
    message_id BIGINT PRIMARY KEY,
    thread_id BIGINT REFERENCES threads(thread_id),
    author_id BIGINT,
    guild_id BIGINT,
    content TEXT,
    timestamp TIMESTAMPTZ,
    edited_at TIMESTAMPTZ,
    deleted_at TIMESTAMPTZ
);

Thread has many messages

One message can be the answer in the thread

This looks fine I think

I'm assuming that answer_message_id will be nullable?

yeah

Yeah that should be fine then

oh, right, in this case it's fine

You could run into issues if it weren't nullable, since the message that answers the thread has to be created to reference it in the thread table, but the messages wouldn't exist before the thread

But since it's nullable this is fine

oh, u forgot one thing btw

What about marking a message as the original post?

I'd mark that in the messages table right?

status columns, to mark them as deleted (tho can use deleted_at for this)

Hmmmm, I'd probably mark that in the threads table

Assuming that your threads work similarly to discord threads, right?

all of this is discord forums

context: #general message

Yeah, that was my intention, when a threads deleted just delete everything. messages marked with deleted_at

I would mark the original message in the threads table with a FK to a message row

Since the message exists before the thread is created

👀 is that how it works in fourms?

I think both are passed in the thread create event, but I havent looked yet

Honestly I have no idea how discord does it. I am just thinking from a standpoint of how I would model this relationship in a relational db

If possible, I'd do it this way bc otherwise you're just going to have a ton of conditional checks later on if you try to make this from the messages standpoint. Having a column for something like is_original_thread_message in my mind would be messy, since most of your rows are going to show false for this

Instead of just directly accessing the original thread message from the FK on the thread itself

I wonder how next does it, they dont mark this at all in their schema

https://github.com/rafaelalmeidatk/nextjs-forum/blob/main/packages/db/schema.ts

putting it in the header table is the best option

using the oldest message as the original?

create thread -> create original message -> link both

Yeah, they just get the oldest message in the thread.

https://github.com/rafaelalmeidatk/nextjs-forum/blob/eec1a1447c8f70dedb11855f08e9a4dcb73c812d/apps/web/app/post/[id]/page.tsx#L57

I dont see any problems with this, since discord fourms require you to send a message when creating the thread.

Ohhhh I was confused on how threads work

I was assuming that you HAD to have a message exist before creating a thread on it

yeah, its backwards in fourms

thanks for the consistency, discord!

Much better method 😄

I got some good notes, thanks guys ^-^

I used to be a big relational db hater

Now that I understand it, they're awesome

My issue is I don't really understand anything.
I can make them but I never know if its right.

You'll get a hang of it pretty quickly

Or at least the basics

Optimizing is a little bit more difficult, like figuring out when to create db indexes, or how to optimize certain queries, but the structure is pretty intuitive after some practice

Yeah, indexs I'll do last. I'm not sure what I'll need indexed until then.

I would be clueless if it weren't for the fact that I was forced into using relational DBs by my internship, which is something super valuable to have

If you ever make a web api, check out ASP.NET with EF Core

I love how structured it is, very intuitive to understand. Very easy to separate out your business logic from everything else

On this topic, how do I actually document bitfields?

Just in whatever file handles the bitfield?

Lol I've thought about adding that as a paid module for thread watcher

Its a fun side project 😄

Honestly it's a pretty good idea

Yeah for sure! Kinda made a bot like that alr but it worked with GitHub issues

I've been so busy with stuff that I haven't had time for side projects 😦

Do you can right click a message in a thread and press "add to GitHub issue"

Going to try to get into ML stuff soon with financial models

But honestly no idea where to start

That part is always the hardest part

My issue with discord is nothing is indexed, so i cant just google things from a specific discord.
Discord search sucks 😭

I have been watching a video series made by my school's quant finance club on the black scholes model and geometric brownian motion

Which I'm actually enjoying quite a bit

But still going to take a while to figure out, I'm thinking maybe I start with a project that tries to estimate values for drift and volatility given a stock's historical data

Yeah discord search is really unreliable

I'll have some times where it works, and most times where it doesn't

It would be a great feature for discord to implement. restrict it to boost level 3 servers or something.

So, just implement it into a bot. Discord loves stealing bots ideas.

I remember seeing a bot that did this with normal text channels or something like that

Nextjs has a bot for it https://github.com/rafaelalmeidatk/nextjs-forum

Its just only for one guild.

It would be probably somewhat expensive to host for multiple guilds, plus probably requires customization per-guild

Yeah, thats my target.

But I could actually see something like this making some money, especially for bigger servers

hopefully ad supported, but I'll throw in a use your own domain feature to premium servers.

https://github.com/AnswerOverflow/AnswerOverflow

Is what I was thinking of

Either way, nice project to put on a resume 😉

sick.

thanks for the help google

why do they even have this open if they dont answer to anyone but probably companies that make them money

They are working on this case tho

i'll check back in a year to see if they are still working on it

It must really be something serious that it takes them so much time

🔥🔥

this is sick

3 hours pain getting named pipes to work

use ipipe::Pipe;

pub fn status(pid: Option<usize>) -> bool {
    if pid.is_none() {
        return false;
    }

    let pid = sysinfo::Pid::from(pid.unwrap());
    let sys = sysinfo::System::new_all();

    let process = sys.process(pid);

    if process.is_none() {
        return false;
    }

    let process = process.unwrap();
    for value in process.environ() {
        if value
            .to_str()
            .as_deref()
            .unwrap()
            .contains("/.mcvcli/java/")
        {
            return true;
        }
    }

    false
}

pub fn get_pipes(identifier: &str) -> (Pipe, Pipe, Pipe) {
    let stdin = Pipe::with_name(&format!("{}_stdin", identifier)).unwrap();
    let stdout = Pipe::with_name(&format!("{}_stdout", identifier)).unwrap();
    let stderr = Pipe::with_name(&format!("{}_stderr", identifier)).unwrap();

    (stdin, stdout, stderr)
}

this ended up being the entire thing

Just recode it for multiguild

Thats boring

😄

https://www.answeroverflow.com

ah, someone posted answeroverflow already

Yep

I need ideas to add into my ticket bot, any ideas?
I’ve switched it up entirely and gone for the use of forum threads instead of multiple text channels and it’s working relatively smoothly

oh god im so lucky, a user posted the solution 5 hours ago on last 2 years issue about a problem i got https://github.com/cfug/dio/issues/2060

meanwhile me using C having to scour through forum threads from 1997

lmao, at least most of threads from 19xx still relevant to C now, unlike frameworks like flutter, that mostly does major updates every some years

it all fairness to C

it's like the easiest language to read if you're just starting out

because most of the time it just makes sense lmao

and yea the 19xx threats are the best

yeah

most of them weren't even threads

they were in the form of emails

that shows how old they are

bros maxing out the salary pathway

good luck

Hello, I created such a background, but when the resolution changes, the curved lines shift and the triangular shapes in the background are distorted.

When the resolution changes:

No matter what, I want the triangular shapes in the back to remain intact.

that’s the goal

Haha yeah – when would you not?

The only way you wouldn't care too is if you already have money and/or are complacent with your position in life

if you wanted to do something fun and meaningful

but I come from an upper middle class family and haven't really struggled for money

Exactly - spoken like someone who hasn’t struggled. Nothing against you though… happy for you!

alr bro

we'll see where I end up

I appreciate that you recognize your advantage though

does anyone know how to do so when you type a command in the discord server it saves it in a code?

i don't quite get what you meant. save what? is it like command tracking, to track which commands is used etc?

sorry for late reply but lemme explain
so for example with my bot someone does the command !addswear
i want that swear to be automatically saved in the code so when i restart the vps it saves the swear word and the owner dosent have to add it again

ah, it's better to use database, a very simple one can do the job, like better-sqlite3. i'm pretty much sure it's not recommended to edit code in runtime, by that i mean like you update const badwords = [a, b, c, d] to const badwords = [a, b, c, d, e, f]. if better-sqlite3 is still too much, the very very simple way is to use txt files and play with it. like

a
b
c
```. tho using file "db" like txt/json is not recommended

oh ok

thans

ima tell u if it dosent work

oke

JSON/text DB is a bad idea

Use a proper database for this

yeah, i said that at the end of msg

Just wanted to emphasize

is text risky?

Yes

well why

One concurrent write and it’s going to fuck up your file

It’s also slower than using a database that’s optimized for exactly this purpose

oh ok

Plus learning a relational database is always a good thing 🙂

i use ai to code my bots so you kinda confused me but whatever

ouch

If you actually want to learn, using AI is detrimental. If you don’t care about that though, go for it

It’ll be difficult to get very far with it though, I must warn you

One message removed from a suspended account.

I use ai to code waifus for my lonely heart

nah its just a little project i dont plan to make it smth important

readFileSync solves that problem except your whole bot goes to sleep while its writing to the file 😕

One message removed from a suspended account.

One message removed from a suspended account.

uhm...

I havn't used SQLite as a database in years

it is incredibly robust you can run a high traffic app on it for a while before things slow down or break

One message removed from a suspended account.

unless your name is cloudflare d1

a lot of people unnecessarily use huge server databases like postgresql when a sqlite database will work

True, once I discovered MongoDB I've used nothing but that and love using it

I’m not a huge fan of nosql databases

i simply slap a dockerized postgres on my project and call it a day

Same, docker makes this super easy

docker compose is a life saver

everything deployed through docker

not gonna look back

One message removed from a suspended account.

One message removed from a suspended account.

One message removed from a suspended account.

One message removed from a suspended account.

@modern sable

its one of these that opens up a fake popup window

these are clever

ty

the domain isnt anything weird hows it a scam?

its a real browser popup but they hide the URL (popups let you do that) and replace it with their own fake url bar

ohhh

scary indeed

actually in this case its a fake popup but ive seen it done with real ones

if you viewed this on linux it would still show the windows UI on the popup which wouldnt make sense

who even uses linux lmao

actually, a lot

One message removed from a suspended account.

One message removed from a suspended account.

One message removed from a suspended account.

isnt linux just an cmd?

One message removed from a suspended account.

One message removed from a suspended account.

One message removed from a suspended account.

One message removed from a suspended account.

One message removed from a suspended account.

android ;p

that penguin reminds me of this

One message removed from a suspended account.

One message removed from a suspended account.

One message removed from a suspended account.

One message removed from a suspended account.

One message removed from a suspended account.

why does the server do this???

One message removed from a suspended account.

wdym

One message removed from a suspended account.

One message removed from a suspended account.

One message removed from a suspended account.

yeah the database just fucked up the bot

WHY DID I DO IT UGH

One message removed from a suspended account.

imaa just remove the saving thing

One message removed from a suspended account.

One message removed from a suspended account.

One message removed from a suspended account.

One message removed from a suspended account.

i deleted it since i thought the database fucked up the bot but nvm im just dumb

One message removed from a suspended account.

ima just remove all mentions of the database and pray that it will work

generally best to make sure you understand the error message before making a choice on what to do

pls work pls work

YESSSS

One message removed from a suspended account.

One message removed from a suspended account.

ok

One message removed from a suspended account.

thanks

im just dumb so i am happy even if somebody tells me the solution lol

One message removed from a suspended account.

anyway atleast my bot aint broken now

btw is this risky to keep or should i try to remove it?

probably using discordjs, latest version has 3 moderate vulnerabilities

so is it safe?

and yes im using js

discordjs suggests they don't affect bots, but its up to you to determine if its okay for you, or if you want to fix them.

oh ok then idgaf

the old android fastboot/recovery logo is very cursed

moderate is probably stuff like denial of service so thats the worst that can happen

but not trivial to exploit

if it's only 3 I'd try to solve it

those things tend to snowball fast if you ignore

yeah chances are there are no breaking changes so everything should still work

Erm what the skibidi sigma, severity of vulnerabilities should be considered if they are severe enough to pop up, however I don’t see anything possibly able to be exploited from a Discord bot unless it’s connected to a db which may be exposed or a web server

i'm curious, if you use github actions, how do you test it? because sometimes it won't work the first time it got created, so fix and fixes are being made. if we want to fix it, a commit need to be made and actions will re-run. that'll clutter commit with "fix: workflow" etc

I need this info too.

I make a lot of commits with very angry commit messages

make another branch then delete it after

https://github.com/nektos/act

Just be sure to not publish some things by mistake

cc @solemn latch

cool

interesting… thank you guys! 🙏

ill try them

I would argue it's better to make a publish branch so you can just merge from main -> publish and then build from there tbh

Anything CI/CD related is beyond me

especially when it coems to actions

Props to you guys who know how it works

When it comes to access management, especially when related to role based access management, how do you guys handle it from an api standpoint to protect resources?

My idea was, my auth server allows me to designate roles, which is attached to user info when they introspect to verify the access token. I can then check the roles based off the required roles for the resource being requested. I'd use some sort of enum on my api, since I also want to be able to give access to resources if they are of a higher role, like a moderator or developer.

Something like
if granted_role >= required_role then give access else return unauthorized

I'd need to make some wrappers to parse the introspected data into proper format, and make sure the roles are typed properly so I can do the whole greather than or equal to check

Are you using asp.net identity? You can use the Authorize attribute on each controller endpoint afaik

How so?

https://learn.microsoft.com/en-us/aspnet/core/security/authorization/simple?view=aspnetcore-9.0

Also no im not

Ah nvm then

Not for the backend

The backend receives an access token in the Authorization header

Its easier just to parse it myself

What backend are you using?

Im still using aspnet

Use identity with it

It’ll save you a ton of time

Why?

Doing auth by hand is a PITA

Im not implementing a full auth in the backend

the frontend is where most of the auth is

You can set up a middleware to parse the auth token

the backend only handles giving out resources if they are authorized based off an access token

Also your frontend should never ever handle auth

It should store an access token that is given to it and associate it with every request, but other than that, your backend should never trust your frontend

Thats how 90% of people do it

At least when they are doing SSR

Correct

Which is why it takes the access token given and introspects

It will only ever give out resources if the token is validated via the introspect endpoint

Otherwise its 403

OAuth2 grants an auth token -> frontend stores the auth token -> sends it with each request -> backend finds the user that this token is associated with and it’s roles (or you can use JWT claims if that’s how you’re doing it)

Correct

Which is what im already proposing doing

Since the JWT is signed with a secret key from the server, the client can’t maliciously fake the data

Right

Ok I misunderstood what you were saying

You said frontend handles the auth

Well technically yes

I was under the impression that was your only layer of security there

Its initiated on the frontend, but its done server side in nextjs

Yeah then the backend is handling auth

I guess yea

I consider anything nextjs related frontend 💀

Frontend handling auth would mean like “If the roles don’t match, I don’t allow them to make a request to endpoint [x]”

My aspnet api will take the access token and introspect it before allowing any resource to be given out

But resources are also role based

And why not use asp.net identity? It handles stuff like role based auth for you

Because I don't see a viable way to do it with how we currently do things

Right now the process is

Login on nextjs app -> server side of the app will redirect to auth page -> get redirected back to the nextjs app on successful login -> tokens saved to localStorage

Why so many steps? You’re running two different servers?

We have the nextjs app and then the aspnet api

And why is it a nextjs app and not just plain react

Nextjs is a server

null recommended using nextjs

You don’t need nextjs unless you plan on doing SSR or something like that

Ima keep it a buck with you, frontend is not my specialty

so idk what we need

Im a backend nerd

Im right there with you. Also using nextjs for frontend with a rust backend

I simply went nextjs because easy route stuff

Yeah same and the css / js bundler

yup

Nextjs is server side rendering/api backend. Use something like React Router if you want routes

Yeah I'm a bit silly

Bro at this rate we ain't doin shit

I think you CAN do a static site gen with nextjs, but it’s not what it’s intended for fully

I dont even want to swap rn

I don't know if we need nextjs fully or not yet

since I barely know what SSR is

SSR is when your client makes a request to the server, and the server renders the HTML before sending it back to the client

See idk if we need that or not

Im not a frontend guy so I can't make the call

This is different from a SPA like base React because the client makes a request, and the server responds with all of the javascript that then gets run on the browser to render the HTML

SSR is good for SEO because it renders entirely server side and the client needs to do basically no work

But most web crawlers now can handle SPAs for indexing

Oh really? Only reason I used nextjs was so that it would be crawlable

Probably switching to just regular old react then as I've never gotten nextjs self hosting working right on my server

Not all web crawlers will run the js but major indexers like Google will absolutely do it

Google is the only one that really matters

its what 90% of the world uses

💀

Google and Bing imo

I think ddg gets their results via bing if I don't have stupid

Otherwise it’ll be annoying to run two servers if you don’t need SSR

Right

but I still dont know if we need SSR

I'll have to talk to null

Which is a conversation im not excited about since we've swapped frontend stuff like 5 times now

SSR is primarily for SEO or to reduce load times on large pages/slow computers

I mean

chances are we may make use of it

especially for a marketplace app

For most apps an SPA + REST API is more than enough

You’ll also have to host this nextjs server :^)

@wheat mesa if im am using React + my aspnet backend

How do you recommend I handle auth?

I know using the Identity package

but the only time I ever used it was but once and even that was handled in blazor SSR

I think I have an idea on how to use it but im not certain

you fully rely on the backend

Would my frontend just make a call to a backend endpoint that handles calling ChallengeAsync or whatever

that would then redirect to my auth provider?

Personally I always implement auth horribly

I also do so

So valid

but for a project at this scale I really have to fucking try hard

😭

Money involved = security needs to be TIGHT

i stopped understand after reading ChallengeAsync, as i havent used aspnet that hardcore

Well

Theres like 40 fucking ways to log someone in with Identity

ChallengeAsync is one of em

cuz ur always developing with a hacky version of localhost 👀

Dang

shots fired

It's because me and him are working on a project where he does the backend, but he hosts on a url and frontend is localhost rn so we had to do it a really hacky way to get it working

Lmao

just develop on prod and the cookie issues go away

cors?

Idk if it's any help, but the way I did auth on one of my recent projects with a separate backend, the server had a cookie that was shared, and I had a middleware which checked said cookie, and then I also had a auth provider with a "useAuth" hook

Well, thats not really the case for me persay

Which requested the user data and cached it and had a refreshUser function

A cookie will be used

Oops wrong reply my bad

Well shucks

Every day I get closer and closer to throwing my pc out the window

So valid

This project has been going on for a year and sadly we aren't even close to getting naything viably working

We've had so many bumps

nextjs is totally fine, i use it. but that may need a lot cpu + ram juice when it starts to gain a lot of visitors

Don't forget Rome wasn't built in a year

My strategy is just don't gain visitors, I should probably stop talking I'm not being helpful lmao

Thanks discord, I requested my data and its empty 🙂

They gave me an empty zip file

💀

you sure it's not corrupted while downloading?

Well it downloads fine

but extracting it wont because its "empty"

It says it has 9kb of data in it

💀

Discord just magically stores no data for you

They sold it already

Well shucks

I want my 9cents

Clicking the link actually does nothing

I have to click "Open in new tab" for it to download anything

oh yeah that might be a problem

Opening the link in incognito downloads a 231mb file

Theres all my juicy data

anyways

I guess I will just figure it out

So far any with I've made have been decently solid afaik Passwords are always encrypted and all that

My last full auth system I used supabase

Hmm thinking of a good way to have secure websocket server and client.

The server will be an asp.net app with an open port for incoming websocket connections.

The client will then connect to the server with a secret auth key that is hashed on the server so only that specific key and ip can connect and only the client knows it.

Maybe the client could also request some kind of session id to use or something.

This also means that clients can also be air gapped or firewall blocked on incoming connections without any issue.

The asp.net app (server) will be able to send websocket events to the client so it can manage docker containers on that client.

Currently using C# https://github.com/chronoxor/NetCoreServer

so client make requests to server via websocket?

i have yet see any site with that method

tho, that’s theoretically capable of doing requests, but ig it’ll inefficient(?)

Clients connects to the server so that the server can control the client basically.
Sort of like a device management system that enrolls.

Would make the client more secure and lightweight and the server itself only has the hashed version of the key that only the client knows but the server can verify and also better management of what ips can connect to the server too.

damn i didn't know netcore was chill like that

you dont know a lot of things

but its okay

here we dont judge

we teach :3

for some reason we live in a world where some people have completely shifted away from the nature of having a web page almost be completely ready on page load to loading a js file which will then load the entire page (react)

SSR is a thing

people just forget

is there any difference between INT and INTEGER in sqlite?
❌ id INT PRIMARY KEY AUTOINCREMENT NOT NULL
✅ id INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL
error is [SQLITE_ERROR] SQL error or missing database (AUTOINCREMENT is only allowed on an INTEGER PRIMARY KEY)

I don't think INT actually is a data type in SQLite

it's not

i am aware but a significant amount of pages still roll with client side only react

its also reduced load on the server so thats a nice thing about it

i think discord might be one of them

but then they do have a desktop client with electron so its reasonable

and its not the app that actually needs good SEO

funnily enough, there is if we're talking about primary keys

if you define INTEGER PRIMARY KEY it'll replace implicit id_seq column

but if you INT PRIMARY KEY it'll keep the other

and well, autoincrement is finicky

ah, so it's something internal

yep, sqlite has a lot of weird rules

for example you should not make an autoincrement pk unless you have a very specific need for it

since all tables inherently have id_seq

oh

yea cause you can use CURRENT_ROW or some shit right

cant remember the exact expression

Either way autoincrement is normally advised against

so i should make id (pk) either varchar or int and generate them by ourselves?

i see

It really depends on your use case. 99% of the time SSR is overkill. If you have a client app that is somewhat complex, SSR might be a better option, but there is trade offs to consider. Working with SSR can suck for numerous reasons (such as timezones, I have personal experience in this hellhole), and it also costs the host more. If you are building a startup or even just an app that you don’t want to pay for hosting for, SPAs are the better way to go. They get you 90% of the same functionality for a lot less of a hassle

the problem with SPA is that its a hellhole for SEO

each thing has its own hellhole xD

static html > *

SPAs aren’t bad for SEO anymore

Google and the major web crawlers support most SPAs

can confirm this is no longer an issue tbh

if you build it with some framework that does all the heavy lifting yeah

you can also use the id_seq as you'd with an id column

never thought of this actually

oh, so that’ll override the internal id_seq so i can use pk and auto increment together? or it’s still a bad practice and keep generating my own id?

I mean if you wanna be hella convoluted and need the creation order for some reason just encode a jwt or some other token that you can decode to get the sequence lol

use base64 if you have to lmao

in sqlite specifically ur supposed to use the id_seq

interesting

i use sqlite because it’s light and for my quick 2 hours project so i don’t know much about it. thank you guys for the explanation 🙏

how

sqlite internally has a rowid column as well

you can manually disable it for a table as long as you have a primary key

rowid?

By default, every row in SQLite has a special column, usually called the "rowid", that uniquely identifies that row within the table. However if the phrase "WITHOUT ROWID" is added to the end of a CREATE TABLE statement, then the special "rowid" column is omitted. There are sometimes space and performance advantages to omitting the rowid.

A WITHOUT ROWID table is a table that uses a Clustered Index as the primary key.

huh weird

what about id_seq?

that one puzzles me

never heard about id_seq

is it another name for rowid?

In an ordinary table, "INTEGER PRIMARY KEY" means that the column is an alias for the rowid.

this

its for postgres i believe

yeah thats rowid

ngl this is actually kinda smart

yeah i guess

rowid is an sqlite specific thing

You overcomplicate timezones too much kek it's actually quite easy.
Get users timezone hour offset ( -1 or +3 ) then just adjust the dates for it 😉

anyone that says this has never worked with a timezone-sensitive project

:^)

fact

@solemn latch

That's not the issue, the issue comes with the fact that you have to then include the timezone info within each request you make to the backend

It's a PITA to integrate into an application that uses SSR but didn't account for this to begin with

Not to mention dealing with localizing input data that the user sends (e.g., should this date field be in the user's timezone or someone else's, or the server's?), then converting it back to show to the user based on their info

Even the bot devs are falling for these dumb scams kek

dev is an overstatement

Wtf

90% of people with the funny green role either used ai to make a bot or just spent 30 minutes copying someone else's bot on github or a tutorial

def

i have a question since i am having a hard time creating/ coding a bot for our server.. and i was trying to find a bot that is similar to the one that is already existing but that bot is no longer active.. is there any bot that is Wild Rift related?

You can search on top.gg, that's what this site is for

thats the thing. there are no other bots that is similar to that one and the one that is up is not working so yea

In that case, this sounds like the perfect option to make your own bot. If there is no public bot like it, we won't create it

we get it star boy

i just use intl+date api in browsers and it all just falls into place

do u have any tips on how to start.. i already have a bot created but i cant find a good tutorial vid that can help me code

Depends on the language/library you use

Most of the popular libraries rather have a "guide" that will lead you through the basics of creating a bot on discord but you have to learn the rest with the help of documentation and practice

Thanks!

yeah try doing that when you need to support something obscure as BC dates using solar apparent time (ie sundial time) and the julian calendar

thats why i called you star boy

im and old boy

what the fuck have you built where you need that

A website in the 100BC?

historical astronomy/astrology

lmao

ah fair

got this cursed shit working 🙏 https://github.com/0x7d8/bad-lang-2

    let a = 0
    let b = 1
    let temp = 0

    if (#eq(n, 0)) {
        return a
    }

    let i = 2
    loop {
        if (#gt(i, n)) {
            break
        }

        temp = a
        a = b
        b = math#eval(string#format("{} + {}", temp, b))

        i = math#eval(string#format("{} + 1", i))
    }

    return b
}

let users = []

fn add_user(name) {
    array#push(users, name)
}

io#println(users)

add_user("Arnaud")

io#println(array#get(users, 0))```

your life would be a lot easier if you went through the standard process of compilation

raw src code -> tokens -> AST -> eval/other IRs

well, yes

however this was a blind try for fun, didnt google anything for this project

its decent I think

rust wants its independence back from that stolen loop {}

🙏

thats cool though

Why the heck is there # in the code

it's not that unreasonable of a decision considering how widely used it is in documentation

the hanging #gt and #eq is a little cursed though

very interesting concept of a language not having arithmetic operators and requiring you to eval them lol

hey guys, i have a regular typewriter effect for my text.
Though my text is very long, and adding a max-width just cuts my message of...

 .intro-text {
    font-size: 18px;
    color: #333;
    text-align: center;
    margin-bottom: 30px;
    max-width: 450px; 
    white-space: nowrap;
    overflow: hidden;
    border-right: 4px solid #333;
    animation: typing 5s steps(50) 1s forwards, blink 0.75s step-end infinite;
}```

how would i make the text wrap down instead of just cutting off at the max-width

word-wrap: wrap or smth

go into inspect element and type wrap into styles to see what pops

nowrap means dont break right? 👀

yeah, you're specifying dont wrap in the css right now

LMAO https://x.com/MattIPv4/status/1891623057304727779

LOL

yes, it'll just go forever out of boundaries

classic github engineering

zig 0.14 was supposed to release today

wait, if this happens, what else does org settings affect globally

:^)

In my JS jank adventures I've been on, my npm module to hot reload JS files recently added the ability to reload all class instances' methods of classes specially marked as reloadable. This is already quite jank and has some draw backs like you cannot reload the constructor/add missing properties that would come from the constructor. You also cannot make it so that deep class hierarchies can also be reloaded. Classes must directly extend a special class that makes the magic happen.

A co dev also found an incredibly cursed way of making it work.

class ThisCanReload extends sync.reloadClassMethods(() => ThisCanReload) {
  constructor() {}
  magic() { console.log("1"); }
}

The return value of a function can be a constructor function and extends has no complaints about it. In this case, the function returns the base ReloadableClass. The callback with the return value of the class is to get a reference to the class that's doing the extending to update stored instances' prototypes. Finally had an excuse to also make use of WeakRef so that the old class prototypes can get garbage collected. There was a challenge though and it's that you can't iterate over a WeakSet, so we opted for a regular Set and used this cool thing called a FinalizationRegistry that runs a callback when something gets garbage collected so we can clean up entries of the Set.

There's also a thing where it can "remember" variables you want it to with a key (scope locked to files for security). If you don't pass a key manually, it reads the source file calling the function to get the variable name. How it does it is kinda brilliant, but not always possible to extract the variable name. Useful for having Maps or Sets you add to you don't wanna rebuild or store elsewhere

Forgot to include a link for people to tell me how cursed the code is
https://github.com/AmandaDiscord/Heatsync
is also on npm as heatsync

you're cursed

🔥 faster than python```root@remotedev:~/projects/0x7d8/bad-lang-2# time python3 testing/fib.py

real 0m2.975s
user 0m2.975s
sys 0m0.001s
root@remotedev:~/projects/0x7d8/bad-lang-2# time node testing/fib.js

real 0m0.084s
user 0m0.074s
sys 0m0.013s
root@remotedev:~/projects/0x7d8/bad-lang-2# time cargo run -r
Finished release profile [optimized] target(s) in 0.00s
warning: the following packages contain code that will be rejected by a future version of Rust: nom v1.2.4
note: to see what the problems were, use the option --future-incompat-report, or run cargo report future-incompatibilities --id 1
Running target/release/bad-lang-2

real 0m0.470s
user 0m0.465s
sys 0m0.005s
root@remotedev:~/projects/0x7d8/bad-lang-2# ```

🤯

im sorry but anything is faster than python

facts 🗣️ 🔥

Ye

What about my fish?

fish faster than snake

ez

but its a plushy

Put it on a plane, faster than snake

unless theres snakes on a plane

but that would never happen

Time to import snakes from around the world

it is the year of the snake after all

https://g.co/kgs/Jb9oA9m

my old fav movie

great movie

@radiant kraken i recomend you give it a watch

i don't have hbo max

Netflix VPN

wdym?

Its geoblocked in indo, but you can use VPN to watch it from other country

i dont have vpn

https://help.netflix.com/en/node/114701

netflix allow it

Bro there is alot of free vpn

free vpn = scam

What about Opera, Google vpn, express vpn, nordvpn, surfshark vpn

they have free ver

Free VPNs do exist, it’s just that you are paying with your data privacy instead of money

tbh https://protonvpn.com/

i wonder how vpns went from this mostly corporate, niche thing to access private networks remotely to a million dollar industry under the guise of "privacy"

This makes it harder for websites, advertisers, and even your internet service provider (ISP) to track where you are and what you do online.
i hate this argument because you are basically shifting the trust model from your ISP to your VPN, not like it matters anyways

nordvpn had probably the worst advertising campaign

spreading fake and unrelated information and unnecessarily trying to scare people off

probably the funniest one is when they advertise their encryption as "military-grade". it's just aes...

Thats military grade encryption right there

it's funny when products are sold as military-grade

that just means they're the cheapest shit on the market that somewhat works

"Military grade" means overpaying for an inferior product

😉

What to do if I cant open top.gg on my safari browser send me a dm if u can help

Whats even funnier

is because its a publically accessibly encryption method

its even less likely that the military use it

nah tbh it's used a lot

but it's not really something special

all https websites use it

ok

One message removed from a suspended account.

ok

ok

-# ok

ok

-# ok

ok

this u?

thats @solemn latch

Don't taze me 😦

It hurts

It feels good when I get that kill

yes

and awp double kills

this also feels good ngl

no ace tho

last clip is my fav one so far

let me find my op clip

My best op kill

lol wtf

Finaly found my tazer clip

We should duo sometimes

no

im not that good

perma silver 3 on office

and perma gold nova 2 on wingman

me when dev channel

we have arround the same rank

who's excited for components v2?!

🧐

i mean look what you can do with it

wtf

https://deploy-preview-1381--dpp-dev.netlify.app/components.gif

i mean how cool is that

we still get embeds and stuff, but we also get this!

What, it's so cool

ohhh

i need more info on that

Ah yes announcing who's ready for a secret experiment that only about 20-30 people know xD

https://tenor.com/bMTmaNE8fC3.gif

Now we have 10 more people knowing about it

LOL

This server has more than 10 people in it

lies

This channel is Tim's basement, it can't hold more than 10 people (don't ask how I know)

https://github.com/Lulalaby/discord-api-docs/blob/comp_v2/docs/interactions/Message_Components.md

really? only 30 people have access to a server to play with it, but we are all lib developers making sure the libs are ready for it

its far from secret 😄

https://deploy-preview-1381--dpp-dev.netlify.app/components_v2.html

this is the D++ example for it