Django JWT Tradeoffs: Statelessness and Logout

finally deployed a micro web app end-to-end...joining the build party a little late but here now...here's how it went: - defined the logic, guidelines, and expected output - generated initial python code through claude - pushed to vs code, set up the full repo - integrated openai api call for output generation (why openai? - have free credits) - used codex to code, iterate, test (it's free rn...claude pro credits burn fast) - tested backend, logic, output - built the frontend once the logic worked - pushed to github - synced with railway to host and live where i got stuck: - code kept looping - added timeout logic - linkedin api calls were choking the system - removed them - parallel web searches ending in loop from one bad thread - switched to sequential what's next: - swap raw web search for an llm-driven research call - plug in a database layer - end goal: a system that generates personalized, research-backed outbound cadences per account this could have been a skill, but i wanted the end-to-end build experience and create a public, shareable link. happy to hear how i can make the system or stack better.

Just finished implementing JWT authentication from scratch for a full-stack auto shop management app. Here's what I learned building it end to end: 🔐 Backend (Python / Flask) → JWT tokens are signed with a secret key — if you initialize JWTManager more than once across your blueprints, token verification breaks silently → @jwt_required() automatically rejects invalid/expired tokens before your route function even runs — no need to manually check the identity inside → Never return different error messages for 'wrong password' vs 'email not found' — that tells attackers which emails exist in your database → db.session.rollback() on failed transactions isn't optional — without it you leave hanging sessions that corrupt future requests ⚛️ Frontend (React / Flux) → localStorage persists across server restarts — always initialize your store with localStorage.getItem('token') || null or you'll lose the token on every page refresh → A 422 UNPROCESSABLE ENTITY from Flask-JWT means the token arrived malformed — 401 means it didn't arrive at all. Two very different problems → Checking if a token *exists* and checking if it's *valid* are not the same thing. Always decode the payload and compare payload.exp * 1000 against Date.now() → You can calculate the exact remaining time from the token itself and use setTimeout to clean localStorage automatically when it expires Security details that actually matter: ✅ Hash passwords with bcrypt before storing — never save plain text ✅ Never send the password back in API responses, not even the original ✅ Protect sensitive routes on BOTH frontend and backend — client-side auth is UX, server-side auth is security ✅ One JWTManager instance only — ever The stack: Flask + SQLAlchemy + Flask-JWT-Extended + React + Flux #JWT #WebDevelopment #Flask #React #FullStack #Python #Authentication #Security

Day 5 of my Django journey — and this is where things got real. Until yesterday, I was building features you can see. Today, I focused on something you usually don’t see… but every app depends on: 👉 APIs. 💡 What I built: Time Capsule Backend + Web App A system where users can: ⏳ Lock messages until a future date 🔐 Access only their own data (authentication) 📬 Get email when the capsule unlocks 🔗 Share capsules using unique links But the interesting part? I didn’t just build pages — I tested everything like a backend developer using Postman. ✔ Created API endpoints ✔ Sent POST/GET requests manually ✔ Handled authentication tokens ✔ Debugged real API errors (401, auth issues 😅) That moment when your API works in Postman >>> 😌🔥 This project made me realize: Backend development is not just about writing code — it’s about designing systems that other apps can talk to. From CRUD apps → API-driven thinking That shift is 🔥 Still a lot to learn, but this felt like a big step forward. GITHUB LINK =>https://lnkd.in/gCpjMEed #Django #Python #BackendDevelopment #APIs #Postman #LearningInPublic #WebDevelopment

Claude Series 49 — Plugin Marketplace: The App Store for Claude Code You don't build a browser from scratch every time you need an extension. Same logic applies here. The Claude Code plugin marketplace is live. Anthropic's official catalog is available the moment you open Claude Code — no setup required. Browse it: /plugin Go to the Discover tab. Everything in the official marketplace is already there. Install anything in one command: /plugin install <n>@claude-plugins-official What's in the official catalog right now: LSP plugins for 12 languages — TypeScript, Python, Go, Rust, Java and more Security linter — hooks into every file edit, flags vulnerabilities as Claude writes PR review toolkit — six specialised agents, one pull request, confidence-scored output Feature dev scaffold — exploration → architecture → implementation with quality gates Commit commands — stage, commit, branch, PR without leaving your session Frontend design — activates UI/UX patterns when Claude builds interfaces Need a team marketplace? Point Claude at any Git repo: /plugin marketplace add your-org/claude-plugins Every developer on your team gets the same catalog. Admins can lock it down via managed-settings.json — block installs, enforce an allowlist, hide unapproved plugins entirely. Community marketplaces are exploding too. Over 400 plugins exist across public repos right now. The official marketplace is the floor, not the ceiling. Before: Teammates had different skills, different hooks, different MCP configs. Nobody knew what anyone else had. After: One marketplace. One install command. Entire team on the same stack. #ClaudeCode #Anthropic #AIEngineering #GenerativeAI #DevTools #DeveloperExperience

Genie - The AI Dev Tool for Existing Projects 🚀 I'm incredibly proud to share what I've been building: Genie — a "Lovable for existing projects." Current AI dev tools are amazing, but they focus on building from scratch (Lovable, v0) or autocompleting in your IDE (Cursor). Genie connects to your existing repo, understands the full context, and proposes production-ready changes. Describe what you want, review the diff, approve, and deploy. 🧠 The Hardest Challenge: The AI Engine Building this meant orchestrating complex agentic loops with massive context windows, dynamic streaming UI states, and real-time SSE so the AI can explore the codebase before streaming a solution. ✨ Key Features: 🛡️ Zero-Destruction Pipeline: AI proposes drafts via inline diffs. Code is never altered without explicit approval. ⚡ Real-Time Previews: Instant ephemeral containers supporting Next.js, Node, Django, PHP, etc. ⏪ Version History: Full timeline with 1-click file rollback. 🔌 Connect Any Repo: GitHub, GitLab, or ZIP. 🚀 1-Click Deploy: Push to Vercel, Railway, or create auto-PRs. 🛠️ Built End-to-End: • Frontend: Next.js 16, React 19, TS 5, Tailwind 4. • Backend: Django REST, PostgreSQL, Redis. • Infra & Integrations: Docker, Vercel, Railway, Fly, Supabase, Anthropic, Stripe, Cloudflare R2, Brevo, Resend. There's a Free plan with daily credits. Try it on and let me know what you think! 👉 Try it here: https://geniedev.app #buildinpublic #ai #nextjs #django #typescript #saas #softwareengineering

You've seen /api/v1/ in URLs a hundred times. But have you ever wondered what's actually happening behind that version number? 🤔 Let me show you what actually happens. The problem: Your backend ships /api/users/ - returns full_name in response. 3 months later, product team says - "split it into first_name and last_name." You make the change. Suddenly every mobile app, every third party integration that was reading full_name - crashes. That's a real production incident. What versioning actually does behind the scenes: When a request hits /api/v1/users/ - your backend routes it to the old serializer, old logic, old response structure. Untouched. When a request hits /api/v2/users/ - new serializer, new structure, new behavior. Same database. Same models. Two different views of the same data. The real magic is in the router: # Django DRF example urlpatterns = [ path('api/v1/', include('app.urls_v1')), path('api/v2/', include('app.urls_v2')), ] Old clients stay on v1. New clients onboard on v2. Nobody breaks. 🎯 And when do you retire v1? You announce a sunset date. Give clients 3-6 months to migrate. Then you deprecate. That's the contract. That's the promise. API versioning isn't just a dev practice. It's how teams ship fast — without breaking what already works. Ever dealt with a breaking API change in production? 👇 #Python #Backend #Django #APIDesign #SoftwareEngineering #BackendDevelopment

API versioning is less about endpoints and more about backward compatibility guarantees. Every change is a contract decision. Handling multiple versions at the routing layer while keeping the same data model is what enables teams to ship fast without breaking existing integrations. This is something every backend engineer learns the hard way in production.

It's 2026. We shouldn't still be hand-coding skeleton loaders 🤦♂️ Here's a quick intro in case this is your first time hearing about them: • In an ideal world, data would be available instantly for users • We don't live in that world, so we need to show something while data loads • That "something" is called a skeleton loader • Skeleton loaders mimic the structure of the eventual content So yes, they're a necessary evil: every time you build a data-fetching component, you often end up building another one just to represent its loading state. Here's the problem with how we currently handle them: - Every data-fetching component needs a matching skeleton component - If your app has 100 components, that's 100 extra (non-core) components 😤 - Any update to the main component means updating the skeleton too or they drift out of sync 😭 I'm running into this firsthand while building a product. For every component using React <Suspense> and TanStack Query's suspense mode, I still have to create a separate skeleton component. And more often than not, they fall out of sync. Yes, I've tried copying components and asking AI to generate skeletons. It works fairly well, but the maintenance burden is still there. So I've started exploring alternatives that can generate skeletons dynamically from existing components: - auto-skeleton-react - React Skeletonify - skeleton-loading-react - boneyard-js Haven't tried them yet, but I'll share what I learn along the way. If you've found a better approach, I'd love to hear it 👇 #SoftwareEngineering #FrontendDevelopment #ReactJS #JavaScript #WebDevelopment #DeveloperExperience #DevTools #Programming #TechCommunity #UIEngineering

⚔️ "I'm learning to protect my data from race conditions in Django." I used to think concurrency was a "production-only" problem. Then I learned about race conditions. Example: Two users decrement "remaining slots" at the same time. Both read 10, subtract 1, save 9. Actual count should be 8. That's a race condition—no error, just wrong data. Now I use database-level atomic operations (F() expressions, select_for_update) so only one request modifies the count at a time. It's not just about "does it work once?" It's about staying correct when multiple users hit it at once. Backends aren't just features, they're trustworthy data. 👉 What invisible backend problem almost broke your app silently? #WebDevelopment #Django #BackendDevelopment #RESTAPI #LearningInPublic

Today: setting up Render and linking your project. Go to Render and create a new Web Service Connect your GitHub account Select your repo Add placeholder files to your repo Create: • index.html → your frontend • backend.py → your backend (we’ll use Python) Upload these to your repo on the main branch This ensures your main branch is created and ready Choose the main branch in Render This is important. Anything pushed to this branch will automatically: • Build • Deploy • Go live on your web URL No manual steps. No need to touch the code. Go back to Claude Make sure your session is connected to: • Your repo • The main branch Claude is now working directly inside your live project. That’s the setup. From this point on: You prompt → Claude writes code → pushes to GitHub → Render deploys automatically. This is where it clicks. Tomorrow, we start prompting and build the first version of your app. If you want help building or getting stuck at any step: 📩 info@recogitate.co.uk #VibeCoding, #AIDevTools, #BuildInPublic, #NoCodeMovement, #StartupTools