Developer builds cross-PWA login handoff using browser-native HMAC-SHA256, no backend needed

·1 views

A developer built a backend-free identity-passing system between two separate Progressive Web Apps running on different Firebase projects. The solution uses the browser's built-in Web Crypto API to generate an HMAC-SHA256 signed token embedded in a URL query parameter. When an operator clicks the Onboarding button, the sender app signs a payload containing the user's name, department, and timestamp with a shared secret, then opens the destination app with the token appended. The receiving app independently recomputes the signature and rejects the token if it doesn't match or is older than five minutes. Because both apps are internal tools, storing the shared secret on the client side was deemed an acceptable security trade-off.

Read the full story at DEV Community

This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)

New Claude-based tool 'text-lens' analyzes writing without rewriting or suggesting edits

A developer has built a Claude-powered writing tool called /text-lens, designed to reflect what a piece of writing is doing rather than rewrite or improve it for the author. Unlike tools such as Grammarly or Sudowrite, text-lens does not suggest replacements or generate new content; instead, it identifies specific moments in a text and explains what a reader experiences there. The tool first determines the genre of the submitted text — poem, argument, narrative, etc. — before applying a tailored analytical lens, since different text types have fundamentally different structural concerns. Analysis is governed by 11 internal rules intended to prevent the AI from shifting into a tutoring or ghostwriting role. The underlying premise is that writers struggle not from a lack of skill but from a perceptual limitation: they read what they intended to write, not what is actually on the page.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

Developer shares layered security guide after accidentally leaking database password on GitHub

A developer building a personal side-project discovered their database password had been hard-coded and committed to a public GitHub repository, prompting an urgent cleanup of the codebase. The incident led them to research and combine three core security practices: storing secrets in environment variables or cloud secret managers instead of source code, using Let's Encrypt with Certbot for automated TLS certificate management, and configuring firewalls to deny all traffic by default except explicitly required ports. Rather than treating these as separate tasks, the developer reframed them as interconnected layers of a unified defense strategy. The resulting guide includes before-and-after code examples in Python and Nginx to illustrate each fix in practical terms. The key takeaway is that even hobby projects carry real security risks and benefit from the same foundational protections used in production systems.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

Developer Builds Free Adaptive IQ Test Using ML and Next.js 14

A developer built and launched IQ Platform, a free adaptive cognitive assessment tool, after growing frustrated with the static nature of most online IQ tests. Unlike standard tests that present identical questions to all users, the platform calibrates question difficulty based on a user's age, education level, and occupation. It covers six cognitive domains — numerical, verbal, pattern, logical, memory, and spatial — with questions rated on a difficulty scale from 1 to 5. Scoring is handled by a custom machine learning regression model built without external ML libraries, running entirely on the client side with no backend or database. Session history is stored via localStorage, preventing users from encountering repeated questions across multiple attempts.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

Developer Builds Minimal 'mintOS' Using C, Assembly, GRUB, and QEMU

A developer has published a hands-on guide detailing how to build a basic custom operating system called mintOS from scratch. The project uses C and x86 assembly to write a kernel that displays text on screen via VGA text-mode memory at address 0xB8000. GRUB serves as the bootloader, reading a grub.cfg configuration file to load the compiled kernel binary into RAM at startup. Supporting tools include GCC for compiling C code, a linker script to arrange the kernel in memory, and QEMU to emulate and test the OS virtually. The result is a minimal bootable OS that prints a static message, demonstrating the full boot chain from BIOS/UEFI through GRUB to the running kernel.

0 comments Read more at DEV Community