Skip to content

Instantly share code, notes, and snippets.

View lotgyero's full-sized avatar

Loty Gero lotgyero

73 followers · 722 following
View GitHub Profile
@nckroy
nckroy / eran-hammer-oauth2-rant-20120726.md
Created January 21, 2021 00:15
OAuth 2.0 and the Road to Hell

(Scraped from the Internet Wayback Machine. Original content by Eran Hammer / hueniverse.com July 26, 2012)

OAuth 2.0 and the Road to Hell

They say the road to hell is paved with good intentions. Well, that’s OAuth 2.0.

Last month I reached the painful conclusion that I can no longer be associated with the OAuth 2.0 standard. I resigned my role as lead author and editor, withdraw my name from the specification, and left the working group. Removing my name from a document I have painstakingly labored over for three years and over two dozen drafts was not easy. Deciding to move on from an effort I have led for over five years was agonizing.

There wasn’t a single problem or incident I can point to in order to explain such an extreme move. This is a case of death by a thousand cuts, and as the work was winding down, I’ve found myself reflecting more and more on what we actually accomplished. At the end, I reached the conclusion that OAuth 2.0 is a bad

@apechkin
apechkin / Refresh_access_token_module_Axios_Interceptor.ts
Last active September 12, 2022 17:03
Механизм обновления access токена, если одновременно пришло более одного запроса с ошибкой Token Error
protected onResponseSuccess = async <T>(response: AxiosResponse): Promise<T> => {
const config = response?.config || {}
if (this.subject.getState() === 'pending') {
let observer = null
await new Promise<void>((resolve) => {
observer = new Observer(resolve)
this.subject.attach(observer)
})
this.subject.detach(observer)
const configWithToken = this.updateConfigToken(config)
@dancheskus
dancheskus / Certbot и nginx, как обратный прокси в Docker.md
Last active May 5, 2025 09:38

Более удобной и актуальной версией является эта статья с использованием traefik

https://gist.github.com/dancheskus/365e9bc49a73908302af19882a86ce52

Certbot и nginx, как обратный прокси в Docker (пример с 2 react проектами)

В результате будет 2 react проекта на 1 сервере доступных по разным ссылкам

@lananovikova10
lananovikova10 / teamleadconf.md
Last active June 5, 2024 11:38
additional materials from teamlead conf

Тут живут драконы. Матрица навыков как инструмент тимлида

Другие варианты матриц для команд разработки

@davidgilbertson
davidgilbertson / color-log.js
Created January 6, 2018 05:28
function logColor(color, args) {
console.log(`%c ${args.join(' ')}`, `color: ${color}`);
}
const log = {
aliceblue: (...args) => { logColor('aliceblue', args)},
antiquewhite: (...args) => { logColor('antiquewhite', args)},
aqua: (...args) => { logColor('aqua', args)},
aquamarine: (...args) => { logColor('aquamarine', args)},
azure: (...args) => { logColor('azure', args)},
@justincbagley
justincbagley / How_to_Convert_Markdown_to_PDF.md
Last active March 27, 2025 03:38
How To Convert Markdown to PDF

How to convert markdown to PDF:

This post reviews several methods for converting a Markdown (.md) formatted file to PDF, from UNIX or Linux machines.

Using Pandoc:

$ pandoc How_I_got_svg-resizer_working_on_Mac_OSX.md -s -o test1.pdf
@zmts
zmts / tokens.md
Last active April 27, 2025 21:01
Про токены, JSON Web Tokens (JWT), аутентификацию и авторизацию. Token-Based Authentication

Про токены, JSON Web Tokens (JWT), аутентификацию и авторизацию. Token-Based Authentication

Last major update: 25.08.2020

  • Что такое авторизация/аутентификация
  • Где хранить токены
  • Как ставить куки ?
  • Процесс логина
  • Процесс рефреш токенов
  • Кража токенов/Механизм контроля токенов
@egorsmkv
egorsmkv / metrials-go.md
Last active May 3, 2025 08:42
Материалы по Go (golang): мануалы, статьи, книги и ссылки на сообщества

Материалы по Go (golang)

На русском языке

Мануалы и туториалы

  • [Введение в программирование на Go][1]
  • [Маленькая книга о Go][3]
  • [Эффективный Go][2]
  • Есть еще [Краткий пересказ Effective Go на русском языке][4], но 2009 года
@jagrosh
jagrosh / Github Webhook Tutorial.md
Last active May 2, 2025 21:10
Simple Github -> Discord webhook

Step 1 - Make a Discord Webhook

  1. Find the Discord channel in which you would like to send commits and other updates

  2. In the settings for that channel, find the Webhooks option and create a new webhook. Note: Do NOT give this URL out to the public. Anyone or service can post messages to this channel, without even needing to be in the server. Keep it safe! WebhookDiscord

Step 2 - Set up the webhook on Github

  1. Navigate to your repository on Github, and open the Settings Settings
@Rich-Harris
Rich-Harris / footgun.md
Last active March 9, 2025 06:13
Top-level `await` is a footgun

Edit — February 2019

This gist had a far larger impact than I imagined it would, and apparently people are still finding it, so a quick update:

  • TC39 is currently moving forward with a slightly different version of TLA, referred to as 'variant B', in which a module with TLA doesn't block sibling execution. This vastly reduces the danger of parallelizable work happening in serial and thereby delaying startup, which was the concern that motivated me to write this gist
  • In the wild, we're seeing (async main(){...}()) as a substitute for TLA. This completely eliminates the blocking problem (yay!) but it's less powerful, and harder to statically analyse (boo). In other words the lack of TLA is causing real problems
  • Therefore, a version of TLA that solves the original issue is a valuable addition to the language, and I'm in full support of the current proposal, which you can read here.

I'll leave the rest of this document unedited, for archaeological