# PNPM
pnpm i && pnpm dev# NPM
npm i && npm run devSupabase hosts the PostgreSQL database, with Prisma managing its schema/making queries. NextAuth (Auth.js) is used for authentication status and protected routes, with credentials password login enabled for both email and username. Passwords are secured as follows: hash(password + pepper, salt)
- The salt is a random 16-byte buffer stored next to the hashed password in the database, used to protect against rainbow table attacks
- The pepper is a random 16-char alphanumeric string stored as an environment variable/deployment secret, used to protect against dictionary attacks
- The hash is NodeJS' native
crypto.scryptimplementation with the derived key stored as a 64-char string in the database, used to protect against brute-force attacks and plaintext vulnerabilities
The choice of GraphQL API is an unofficial wrapper around the TMDB API (The Movie Database, an IMDB alternative). The first 16 trending movies are queried via Apollo Client then filtered if they don't have a tagline.
The Prettier, ESLint and TypeScript configs work for me but would naturally be replaced by agreed-upon choices in a team.
Not common practice but something I wanted to try— the intent being to eliminate mental overhead of writing relative paths:
@prismaClientinstead ofapp/@modules/prismaClient$Modalinstead of potentially../../lib/components/Modal
They're prefixed with @ and $ to always be at the top of the file tree instead of mixed in somewhere with other directories, though they may look a little unfamiliar. Components also have their own directory to save having to always expand lib > components > to access such a high-traffic folder.
This is a known Chakra bug:
In some cases, when you switch to dark mode and refresh the page, you might experience a quick flash of light mode before it switches correctly. This is a known issue and we're looking to fix it.
https://chakra-ui.com/docs/styled-system/color-mode#color-mode-flash-issue
Warning: Extra attributes from the server: data-new-gr-c-s-check-loaded,data-gr-ext-installed
Warnings like the above are caused by extensions such as Grammarly, Bitwarden and LastPass modifying the DOM, resulting in a mismatch duration hydration. Disabling the extension will remove this dev-only warning.
To avoid separately maintaining a .env for Prisma while maintaining a .env.local for Supabase and Auth.js (Vercel actually recommends .env be public/committed), dotenv-cli is used to load all variables from just .env.local. As a result, the commands for running a Prisma migration, seed, push, pull or execute are:
pnpm migrate
pnpm seed
pnpm push
pnpm pull
pnpm executePrisma official recommendation
Normally commits would be more atomic but for blank projects the diffing is less useful, hence the larger commit changes.
- Changing/resetting password
- Changing email
- Filtering movies by genre or sorting by rating/date
- Constraints around job title (characters, length, etc)
- Indicators for some loading/submit states