Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Yesterday I had a user reachout via email because his account became inaccessible when he updated it.
This was something I didn't realize could happen... so it was fun recreating this scenario locally.
Basically he somehow bypassed the lowercase requirement for the updateUsername endpoint. So in the DB, his name was uppercase. And the SQL query was searching for his exact username without doing LIKE (by design).
It was failing on that getProfile endpoint and showing a Whoops screen. 😬 Should be a 404 screen, I know. I'm working on it.
Since then, I added Sentry logging to the backend and frontend.
And this showed me there were endpoints still being triggered nightly to remove stale data. (I forgot to remove). And these endpoints were getting 401's. I'm thinking who TF is triggering these endpoints. I soon realized those specific endpoints needed keys that expired monthly. 🤦♂️
rant
long night
prod issues