passkeys will also come in handy @web dev cody

bro can you help me

Sebo!

@@giantseaturtle I guess my previous reply didn't go through due to including a link. I'm going to start with admin or not authorization. According to the zsa docs on chaining procedures, it looks like I can just chain a zsa procedure onto the authenticatedAction procedure and check there whether the user is admin or not. Will probably just use an additional column in the users table for an admin boolean. I'm sure different roles and levels of authorization will be more complicated, but I'm starting small with all of this because I'm new to literally everything: next, react, ts, zod etc

It’s a little chaotic 🤣

😘

ShadCN is just tailwind, won't matter. The others yes.

Shadcn Is not a package, it's a library on top of Radix which is maintained by a bigger team so in that case it doesn't impact too much if shadcn gets discontinued it is just a great set of component wrapper with variants. Drizzle popularity has increased really fast, even Astro is using for astro:db I guess. So maybe the will expand. I don't know too much about Lucia in terms of their dev team, but auth is something we can setup ourselves if Lucia gets discontinued we can find another great options nor our self implementation.

lucia is simple enough to refactor away from honestly, drizzle is a bit more complex and I would say there is a bit of risk there especially since it's still "beta" and maintained by someone in an active country at war

I’ll need to try to compare them. Next safe actions recently released version 7 which I’ll need to try

@@WebDevCody Sounds like a great little video idea. David Gray just did one on next-safe-actions

Depends on how you’re hosting. Honestly just setup a one function in memory rate limiter if hosting in a vps

@@WebDevCody I'm talking more about rate-limiting the emails sent per day using resend. The costs can get pretty high pretty quick with resend.

@@torreydev yeah I mean you need to add some type of limiter based on ip or the email the user is trying to use. I’ll add one to this template

@@WebDevCody Even then, a malicious user could use multiple IPs and user clients to bypass that. For now I have just limited my sites using resend to only by able to send 100 emails per day, then it gets locked out. Just seems risky overall and it is lame to have another service where I need to worry about racking up a huge bill or hitting limits and losing functionality to my site.

How do you expect me to help you if you don’t even paste the errors

it's using drizzle with sqlite (turso if you want a prod database)

Keep public profile info separated for security reasons

@@WebDevCody thanks, this make sense. Still not sure about getUserAttributes usage. I see you only put id there. Is it ok to put all other stuff there?

idk haven't tried it

@@WebDevCody Gah. That means I’ll have to give it a shot.

full tutorial please

come on bro i need full tutorial I want to learn

make a pr, help me out