今日已更新 215 条资讯 | 累计 21081 条内容
关于我们

标签:#webdev

找到 1569 篇相关文章

AI 资讯

Is FastApi strong and secure for production?

I’m building a company monitoring app that reads Firebase data coming from multiple bus DMS devices and returns KPIs for a Svelte dashboard. Is FastAPI a good backend choice for this, especially for a secure, production-ready, scalable, and maintainable API? If not give me please alternatives . I also need a good FastAPI template or guide to start from, a secure way to connect it with Firebase, and the best way to package the app for both Windows and Android. What I need to use ? submitted by /u/Successful-Life8510 [link] [留言]

2026-06-05 原文 →
AI 资讯

How I Organize a Small Next.js Content Hub by Search Intent

When building a small content site, the framework is usually not the hardest part. The harder part is deciding what each page should be responsible for. A lot of sites start as a simple article list. That works for a while, but it becomes messy when visitors arrive with different search intents. Some users want to learn what something means. Some want download or setup information. Others are trying to fix a specific issue. Those users should not all land on the same generic page. The structure I use For a small Next.js content hub, I like to separate routes by intent: Homepage: broad entry point Learn hub: basic explanations and guides Learn detail pages: specific guide topics Download page: download or install intent Fix hub: troubleshooting entry point Fix detail pages: specific issue pages English and Japanese routes: language-specific entry points This structure is simple, but it keeps the site easier to maintain. Page role comes first Before writing a page, I define its role. A learn page answers what something is, how it works, and what a beginner should understand first. A download page answers where a user should get something, what should be checked before installing, and which platform or device matters. A fix page answers what is not working, what should be checked first, and whether the problem is related to permissions, notifications, device settings, or installation. The page role decides the title, description, internal links, and body structure. Why this helps SEO This approach helps avoid pages competing with each other. For example, a download page should not try to rank for every tutorial query. A troubleshooting page should not read like a general homepage. Each page can link to related pages, but the primary intent stays clear. That makes the site cleaner for both users and search engines. Metadata and sitemap discipline In a Next.js App Router project, I also like to keep metadata and sitemap updates close to the route change. For example: If

2026-06-05 原文 →
AI 资讯

AI API gateway fallback policy template for production apps

Fallback rules are where an AI API gateway becomes operationally valuable. The goal is not to blindly retry every failed LLM call. The goal is to choose the right backup model, provider, or budget path based on the workflow, customer tier, latency target, and risk of a lower-quality answer. A practical fallback policy should define: which failures are retryable; which workflows may downgrade models; which customers or API keys are allowed to use premium fallback routes; how budget caps change routing behavior; what metadata gets logged so the team can debug cost and quality later. 1. Classify traffic before routing Do not write one global fallback rule for every request. Start by classifying traffic: Critical user-facing : support chat, checkout assistance, customer-facing agent answers. Non-critical user-facing : summaries, title generation, enrichment, recommendations. Internal automation : triage, labeling, data cleanup, back-office agents. Batch jobs : long-running summarization, extraction, report generation. Experiments : tests, staging, evaluation, prompt tuning. Each class should have a different fallback budget and quality floor. 2. Decide what counts as a retryable failure Good retry candidates: upstream timeout; 429 rate limit; temporary 5xx provider error; network interruption; overloaded model endpoint; streaming connection drop before useful output. Poor retry candidates: invalid API key; malformed request payload; unsupported tool-call schema; content policy rejection; user quota exhausted; deterministic validation failure. Retrying non-retryable failures usually burns tokens and hides product bugs. 3. Example fallback policy matrix Traffic class Primary route First fallback Second fallback Hard stop Critical user-facing frontier model same-class model on second provider cheaper model with explicit uncertainty after 2 provider failures Non-critical user-facing balanced model cheaper model cached/default response after budget cap Internal automation lo

2026-06-05 原文 →
AI 资讯

AI code is slop no matter what

I keep seeing shit all over about companies producing 95% of their code using AI. I see people saying they now write 100k lines of code a day. I am seeing this everywhere and as a CTO and solo eng, this has given me major fomo. For the past few months I have been working on everything I can to get to this level. I tried Ralph loop, goals, compound engineering, and my own mixture of things. No matter what I just keep finding that slop is coming out the other end and my time to review and fix (by prompting or by manually fixing) is 1. feeling like a pretty huge time sink and 2. sucks way worse than just using my brain to write to code. it is much less rewarding/ fun fixing retarded code than it is writing something elegant myself. I know AI is a huge productivity booster when I can use it for internal tools, scripts, prototypes, and boiler plate or highly defined work. other than that, it seems like it is kind of a time sink, especially for production and legacy apps. You guys experiencing this too? seriously, is the shit about crazy good ai output out there real and if so, how do I attain it? my tech advisor thinks it’s total BS and even said Google engineering is pulling back their AI use in coding some submitted by /u/l300TS [link] [留言]

2026-06-05 原文 →
AI 资讯

I’m Blown Away by Kamal

My Previous Deployment Choices Since I mostly do web development using Ruby on Rails, these were my go-to options for deployment: PaaS like Heroku, Render, or Railway Serverless setups (Cloud Run + NeonDB) Honestly, I didn’t have any major complaints. PaaS costs a bit more, but in return, you get a clean UI and dead-simple workflows like GitHub integration. If the cost bothered me, I’d just go serverless. For my personal servers—where huge traffic isn't exactly a concern—going serverless meant the app would just sleep when inactive, allowing me to run services for around 50 yen a month. Compared to the headache of clicking through complex AWS or GCP dashboards to piece things together based on architecture diagrams, it was a walk in the park. I was perfectly content. Seriously. Kamal Became the Default in Rails 8 Everything changed when Rails 8 dropped. I heard they adopted Kamal as the official deployment tool. Kamal — Deploy web apps anywhere From bare metal to cloud VMs using Docker, deploy web apps anywhere with zero downtime. kamal-deploy.org Kamal? Is deploying really going to get any easier? I mean, I’m doing completely fine right now, though... That’s what I thought. But once I gave it a shot, it felt like being struck by lightning. This is an absolute game-changer. All you have to do is run rails new , throw your server's IP address into deploy.yml , and run kamal setup . That’s it—your app is deployed. For every release after that, it's just kamal deploy . I couldn't believe how simple the deployment workflow was. # deploy.yml service : my-app image : my-user/my-app servers : web : - 192.0.2.1 # Just swap in your VPS IP address here proxy : ssl : true host : app.example.com # Set up your domain here Sure, you have to bring your own server, but Kamal prides itself on being able to deploy absolutely anywhere. I rented a couple of VPS instances from Hetzner for about $10 a month each to host SuperRails and LazyCafe . From what I looked into, you can't really

2026-06-05 原文 →
开发者

Non-profit I'm interning for asked me to revamp/improve their website - I have very minimal skills

Im a freshman college student, for a credit, I have to intern at an NGO and do community outreaches The one that I'm fixed to join asked me to revamp their website, understandable since I'm an engineering student, except i only have minimal knowledge. I'm interning for a month and would really like to learn this into a learning lesson but as of now, im extremely overwhelmed and have no idea where to start. All I've done is very basic HTML, CSS and JAVASCRIPT, nothing practical on an actual website. I would really really appreciate any help with how to approach this challenge. All help would be appreciated, thank you submitted by /u/Internal_Sector_1802 [link] [留言]

2026-06-05 原文 →
AI 资讯

Web Security: OWASP Top 10 and How to Fix Them (2026)

Web Security: OWASP Top 10 and How to Fix Them (2026) Security isn't a feature you add later — it's built into every layer. Here's how the top 10 vulnerabilities work and how to prevent them. #1 Broken Access Control // ❌ Vulnerable: User can access anyone's data app . get ( ' /api/users/:id ' , ( req , res ) => { const user = await db . users . findById ( req . params . id ); res . json ( user ); // No check if requester owns this data! }); // ✅ Secure: Always verify ownership app . get ( ' /api/users/:id ' , async ( req , res ) => { // Check: Is the logged-in user requesting their OWN data? if ( req . params . id !== req . user . id && req . user . role !== ' admin ' ) { return res . status ( 403 ). json ({ error : ' Access denied ' }); } const user = await db . users . findById ( req . params . id ); res . json ( user ); }); // ✅ Better: Use middleware for all protected routes const requireOwnership = ( resourceType ) => async ( req , res , next ) => { const resource = await db [ resourceType ]. findById ( req . params . id ); if ( ! resource ) return res . status ( 404 ). json ({ error : ' Not found ' }); if ( resource . userId !== req . user . id && req . user . role !== ' admin ' ) { return res . status ( 403 ). json ({ error : ' Access denied ' }); } req . resource = resource ; // Attach for route handler next (); }; app . get ( ' /api/posts/:id ' , auth , requireOwnership ( ' posts ' ), ( req , res ) => { res . json ( req . resource ); }); #2 Cryptographic Failures // ❌ Storing passwords in plain text or weak hashing const password = " password123 " ; db . users . insert ({ email , password }); // NEVER DO THIS! // ✅ Proper password hashing with bcrypt const bcrypt = require ( ' bcrypt ' ); const SALT_ROUNDS = 12 ; // Higher = slower = more secure (12 is good balance) async function hashPassword ( password ) { return bcrypt . hash ( password , SALT_ROUNDS ); } async function comparePassword ( password , hash ) { return bcrypt . compare ( password , hash ); /

2026-06-05 原文 →
AI 资讯

Web Security Basics: Every Developer Must Know (2026)

Web Security: OWASP Top 10 and How to Fix Them (2026) Security isn't a feature you add later — it's built into every layer. Here's how the top 10 vulnerabilities work and how to prevent them. #1 Broken Access Control // ❌ Vulnerable: User can access anyone's data app . get ( ' /api/users/:id ' , ( req , res ) => { const user = await db . users . findById ( req . params . id ); res . json ( user ); // No check if requester owns this data! }); // ✅ Secure: Always verify ownership app . get ( ' /api/users/:id ' , async ( req , res ) => { // Check: Is the logged-in user requesting their OWN data? if ( req . params . id !== req . user . id && req . user . role !== ' admin ' ) { return res . status ( 403 ). json ({ error : ' Access denied ' }); } const user = await db . users . findById ( req . params . id ); res . json ( user ); }); // ✅ Better: Use middleware for all protected routes const requireOwnership = ( resourceType ) => async ( req , res , next ) => { const resource = await db [ resourceType ]. findById ( req . params . id ); if ( ! resource ) return res . status ( 404 ). json ({ error : ' Not found ' }); if ( resource . userId !== req . user . id && req . user . role !== ' admin ' ) { return res . status ( 403 ). json ({ error : ' Access denied ' }); } req . resource = resource ; // Attach for route handler next (); }; app . get ( ' /api/posts/:id ' , auth , requireOwnership ( ' posts ' ), ( req , res ) => { res . json ( req . resource ); }); #2 Cryptographic Failures // ❌ Storing passwords in plain text or weak hashing const password = " password123 " ; db . users . insert ({ email , password }); // NEVER DO THIS! // ✅ Proper password hashing with bcrypt const bcrypt = require ( ' bcrypt ' ); const SALT_ROUNDS = 12 ; // Higher = slower = more secure (12 is good balance) async function hashPassword ( password ) { return bcrypt . hash ( password , SALT_ROUNDS ); } async function comparePassword ( password , hash ) { return bcrypt . compare ( password , hash ); /

2026-06-05 原文 →
开发者

PDF hub complete + Office conversions now live — 61 tools across the site

Big update. The PDF hub is fully built out and a whole set of Office conversion tools just shipped. PDF hub complete (18 tools): Merge, split, compress, rotate, reorder, extract pages, remove pages, watermark, page numbers, protect, unlock, extract images, and more. Office ↔ PDF (6 tools): Word to PDF Excel to PDF PowerPoint to PDF PDF to Word PDF to Excel PDF to PowerPoint Office ↔ Office (3 tools, fully browser-side, no file upload): Word to Excel Excel to Word PowerPoint to Word Other recent updates: WordPress plugin updated to include the new PDF tools Chrome extension v1.1.0 updated with PDF support 1.6K pages now indexed on Google across 25 languages That brings the site to 61 free tools across three hubs (Image, PDF, Office), no signup required.

2026-06-05 原文 →
AI 资讯

Building a Real-Time Chat Feature with Django Channels and React

Building a Real-Time Chat Feature with Django Channels and React Real-time features have become table stakes for modern web applications. Whether it is a customer support widget, a collaborative tool, or a social platform, users expect instant communication without page refreshes. In this article, I will walk through how we built a production-ready real-time chat feature using Django Channels and React at UCDREAMS. Why Django Channels? Django is traditionally synchronous. It handles one request at a time per worker. This works fine for standard HTTP requests, but WebSocket connections require persistent, bidirectional communication. Django Channels extends Django to handle WebSockets, background tasks, and asynchronous protocols alongside traditional HTTP. The beauty of Channels is that it does not replace Django. It layers on top, letting you keep your existing models, ORM, authentication, and admin panel while adding real-time capabilities. For a team already invested in Django, this is a massive advantage over introducing an entirely separate real-time server. Setting Up the Backend Start by installing Django Channels and a channel layer. Redis is the recommended backend for production use: channels == 4.0 . 0 channels - redis == 4.2 . 0 daphne == 4.0 . 0 Configure your Django settings: INSTALLED_APPS = [ ... " channels " , ] ASGI_APPLICATION = " your_project.asgi.application " CHANNEL_LAYERS = { " default " : { " BACKEND " : " channels_redis.core.RedisChannelLayer " , " CONFIG " : { " hosts " : [( " 127.0.0.1 " , 6379 )], }, }, } Building the WebSocket Consumer The consumer handles WebSocket connections: import json from channels.generic.websocket import AsyncWebsocketConsumer class ChatConsumer ( AsyncWebsocketConsumer ): async def connect ( self ): self . room_name = self . scope [ " url_route " ][ " kwargs " ][ " room_name " ] self . room_group_name = f " chat_ { self . room_name } " await self . channel_layer . group_add ( self . room_group_name , self . cha

2026-06-05 原文 →
AI 资讯

How would you handle 80+ color palettes + granular customization without overwhelming users?

I've been working on a map poster editor as a side project. You pick a location, choose a style and color palette, and export a print-quality map. The tricky part is that each palette controls 15+ individual colors (road hierarchy from motorway down to service roads, water, terrain, buildings, text, etc.) and there are 80+ palettes organized into three categories. Current flow in screenshots: Full editor, style controls in the left sidebar Entry point with active palette preview + Browse and Fine Tune buttons Category picker (Terrain / Urban / Balanced), these are basically folders describing what the palette emphasizes Palette grid within a category, around 10 per category with swatch thumbnails Fine Tune panel with every individual hex color, grouped by section (Base, Roads, Water & Land, Buildings, Terrain) The tension is that casual users want "pick a palette, done" in one or two clicks. But power users want to tweak individual road colors or swap the water tone. Right now these are two completely separate flows and I'm not sure either one is great. Things bugging me: Two-click drill-down (category then palette) before anything changes. Is that necessary organization or just unnecessary friction? Fine Tune is hidden behind a button. People who find it love it, but is it too buried? 15+ hex inputs grouped by label. It works but feels intimidating. Are there better patterns for this? The preview problem. Right now palettes show diagonal color swatches, which are compact but pretty abstract. A mini-map preview showing each palette applied would be way more useful, but then I'd basically be replacing a clean card grid with a wall of tiny maps that are probably too small to actually read. Would a hover preview work? A single shared preview pane that updates as you browse? Or are swatches actually fine and I'm just overthinking this? If you landed on this editor cold and wanted to change the color scheme, what would you expect to see? What would you change? React + Ma

2026-06-05 原文 →
AI 资讯

Best & Cheap way to track trending TikToks, Reels, and Shorts?

Does anyone know a cheaper way to track trending TikToks, Instagram Reels, and YouTube Shorts? I’ve already looked at Apify and Virlo, but they seem too expensive for what I need right now. I’m mainly trying to find viral formats, hashtags, sounds, creators, and short-form trends without spending a lot on scraping tools. Are there any cheaper tools, APIs, open-source projects, or manual/automated workflows people recommend? submitted by /u/InternalGrab3189 [link] [留言]

2026-06-05 原文 →
开源项目

VS Code- Security Practices around VSCode Extensions.

VSCode extensions were how Github were breached earlier this year. What are people doing around VSCode security best practices around extensions. Approved Extensions Only Disable Auto update Is there anything else like minimum age or settings like that can be done? submitted by /u/ruddet [link] [留言]

2026-06-05 原文 →
AI 资讯

Alternatives to Google Places Photos API?

I currently have a website which heavily relies on the Google Places Photo API. Users can scroll through a bunch of POIs for planning trips, as well as various other things. This can mean that each user could 50+ unique photos. I understand that it’s against ToS to cache these photos and reuse them. The API costs are too high to maintain a scalable solution, but no real competitors come close to the quality of Google. At this current rate I’ll probably have to cap my users on the amount the amount of requests they can make. Is there some work around that I’m missing? Thanks submitted by /u/TWJ32 [link] [留言]

2026-06-05 原文 →
AI 资讯

How does YJS actually handle client ID reuse?

From what I hear, the client IDs are randomly assigned, and people claim that the birthday paradox prevents endless piles of new client IDs piling up in the state vector, but I don't understand how this is possible. The design seems like it would either guarantee a collision eventually, for someone in the world, if the number of random bits is small, or it would indefinitely bloat the state vector up to billions of entries (If it's large). If you have 32 bits of state, and a billion entries, more than half of new random client IDs should be unused, right? Would they not then add another entry to the state vector? Is there some undocumented cleanup method that actually can remove old client IDs? Do they just rely on most applications recreating the whole thing periodically? submitted by /u/EternityForest [link] [留言]

2026-06-05 原文 →
AI 资讯

Should AI Help Write the Tests, or Change What You Test?

You just merged an AI-assisted feature branch, the code review looks clean, and the app works in your local smoke test. Now comes the real question: do you add another traditional browser test, let an AI tool generate the coverage, or spend the time improving the observability around the existing suite? That decision is where a lot of teams get stuck. AI-assisted development changes more than coding speed. It changes the shape of bugs, the pace of UI churn, the expectations for review, and the amount of test maintenance you can tolerate. If you treat AI testing as a magic replacement for your current process, you will probably add noise. If you ignore it entirely, you miss a chance to reduce repetitive work and catch gaps earlier. The real choice is not AI vs non-AI The useful decision is usually this, should AI help create and maintain tests, should it assist human review, or should it stay out of the critical path and only support investigation? That splits into three practical modes: 1. AI assists development, but humans own test strategy This is the safest default. AI can help draft test cases, suggest assertions, summarize failing traces, or propose missing edge cases, but the team still decides what belongs in the suite. If your product has regulated flows, complex permissions, or revenue-critical paths, that ownership matters more than any automation shortcut. 2. AI generates or heals tests inside a human-defined framework This is useful when the team already knows what it wants to cover, but not every selector, fixture, or assertion has to be hand-written. AI can reduce repetitive maintenance, especially for UI-heavy apps that change often. The hidden cost is that you still need a way to judge whether the generated test reflects product intent or just mirrors the current page state. 3. AI becomes part of the evaluation and triage loop Here the value is not test creation, it is speed of diagnosis. AI can summarize logs, cluster failures, or explain a flaky pa

2026-06-05 原文 →