The 2020 Next.js rewrite, now being merged into impress!
Matchu
2dbfaf1557
Yeah cool the login button seems to. work now? And subsequent requests serve user data correctly based on that, and let you edit stuff. I also tested the following attacks: - Using the wrong password indeed fails! lol basic one - Changing the userId or createdAt fields in the cookie causes the auth token to be rejected for an invalid signature. Tbh that's all that comes to mind… like, you either attack us by tricking the login itself into giving you a token when it shouldn't, or you attack us by tricking the subsequent requests into accepting a token when it shouldn't. Seems like we're covered? 😳🤞 Still need to add logout, but yeah, this is… looking surprisingly feature-parity with our Auth0 integration already lmao. Maybe it'll be ready to launch sooner than expected? |
||
|---|---|---|
| .github/workflows | ||
| .husky | ||
| .vscode | ||
| cypress | ||
| deploy | ||
| pages | ||
| public | ||
| scripts | ||
| src | ||
| .eslintrc.json | ||
| .gitignore | ||
| cypress.json | ||
| LICENSE.md | ||
| lint-staged.config.js | ||
| next-env.d.ts | ||
| next.config.js | ||
| package.json | ||
| README.md | ||
| tsconfig.json | ||
| vercel.json | ||
| yarn.lock | ||
Dress to Impress 2020
This is a rewrite of the Neopets customization app, Dress to Impress!
It's a React app, built with create-react-app, running on Vercel, JAMstack-style.
The motivating goals of the rewrite are:
- Mobile friendly, to match Neopets's move to mobile.
- Simple modern tech, to be more maintainable over time and decrease hosting costs.
If you want to contribute, please reach out to Matchu! This repository is almost shareable, but the main limitation is that we currently run even our development server against the production database, and those credentials are private. But we can change that if there's interest!
Architecture sketch
First, there's the core app, in this repository.
- React app: Runs on Vercel's CDN. Code in
src/app. - API functions: Run on Vercel's Serverless Functions. Code in
apiandsrc/server.
Then, there's our various data storage components.
- MySQL database: Runs on our Linode VPS, colocated with the old app.
- Amazon S3: Stores PNGs of pet/item appearance layers, converted from the Neopets SWFs. (Once Neopets releases HTML5-compatible assets for all their items, we can hopefully remove this!)
Finally, there's our third-party integrations.
- Auth0: For authentication. Data imported from our old OpenNeo ID auth database.
- Honeycomb: For observability & performance insights on the backend.
- Discord: For logging Support users' actions to a private Discord server.
- Neopets: We load pet data from them! And plenty of assets!
Notable old components not currently included in Impress 2020:
- Elasticsearch: Used for lightning-fast item search queries. So far, we're finding the MySQL queries to be fast enough in practice. Might consider using some kind of fulltext query engine if that doesn't scale with more users!
- Resque: Used to schedule background tasks for modeling and outfit thumbnails.
- Outfit thumbnail generation: Used for outfit thumbnails in the app. I'm wondering if there's a way to get away with not doing this, like just rendering the layers... but I suppose if we want a good social share experience, then we'll probably want this. Maybe we can generate them on the fly as API requests, instead of adding a data storage component?
- Memcache: Used to cache common HTML and JSON snippets. Not yet needing anything similar in Impress 2020!
- The entire old Rails app! No references to it in here, aside from some temporary URL links to features that aren't implemented here yet.