youfoundron

While a lot of Node.js guides recommend using JWT as an alternative to session cookies (sometimes even mistakenly calling it "more secure than cookies"), this is a terrible idea. JWTs are absolutely not a secure way to deal with user authentication/sessions, and this article goes into more detail about that.

Secure user authentication requires the use of session cookies.

Cookies are small key/value pairs that are usually sent by a server, and stored on the client (often a browser). The client then sends this key/value pair back with every request, in a HTTP header. This way, unique clients can be identified between requests, and client-side settings can be stored and used by the server.

Session cookies are cookies containing a unique session ID that is generated by the server. This session ID is used by the server to identify the client whenever it makes a request, and to associate session data with that request.

*S

Stop using JWTs!

TLDR: JWTs should not be used for keeping your user logged in. They are not designed for this purpose, they are not secure, and there is a much better tool which is designed for it: regular cookie sessions.

If you've got a bit of time to watch a presentation on it, I highly recommend this talk: https://www.youtube.com/watch?v=pYeekwv3vC4 (Note that other topics are largely skimmed over, such as CSRF protection. You should learn about other topics from other sources. Also note that "valid" usecases for JWTs at the end of the video can also be easily handled by other, better, and more secure tools. Specifically, PASETO.)

A related topic: Don't use localStorage (or sessionStorage) for authentication credentials, including JWT tokens: https://www.rdegges.com/2018/please-stop-using-local-storage/

The reason to avoid JWTs comes down to a couple different points:

The JWT specification is specifically designed only for very short-live tokens (~5 minute or less). Sessions

Contrived assumptions:

USD value of 1 Ether = USD value of 1 Zcash
Wrapped Service Fee is a fixed 10%
Contract execution cost (gas) is 0.1 ETH
Zcash transaction execution cost is free

Wrapping Flow

Starting state, Wrapped.com has put 1 ETH in the vault to pay for gas

Pour-Over Instructions

You Will Need:

Chemex, Chemex filters, scale, kettle, timer

Coffee:

42 grams (4 ¹/₂ small handfuls)
Ground like cane sugar.

Hot Water:

700 grams at 200°F (a few minutes off boil)
Makes about two mugs.

InvestorTypesToken.sol Explained

Draft

Keybase proof

I hereby claim:

I am youfoundron on github.
I am youfoundron (https://keybase.io/youfoundron) on keybase.
I have a public key ASBI-xWkqXWXdT8KB9Nnove3rLfCgCFlXm4TyU12087Q1Ao

To claim this, I am signing this object:

	// Tailwind colors for Flexoki theme by Steph Ango. https://stephango.com/flexoki

	const colors = {
	base: {
	black: '#100F0F',
	950: '#1C1B1A',
	900: '#282726',
	850: '#343331',
	800: '#403E3C',
	700: '#575653',

	pragma solidity 0.4.24;

	import './SimpleRestrictedToken.sol';

	contract MyRestrictedToken is SimpleRestrictedToken {
	string public name;
	string public symbol;
	uint public decimals;
	uint public totalSupply;

	## Overview
	The simplest structure of a token sale consists of a sale contract and token contract.

	The sale contract is responsible for such logic including but not limited to:
	- the duration of the sale (typically in blocks)
	- the addresses allowed to participate in the sale
	- the exchange rate of ether to tokens, often as a factor of time
	- the ether reserve and hard cap amounts

	The token contract is responsible for such logic including but not limited to: