
Four Ways a Refresh Token Request Fails — Only One Means Trouble
A refresh token system where every token is single-use and belongs to a token family. Invalid, expired, and revoked are routine. Reuse means a stolen ...

A refresh token system where every token is single-use and belongs to a token family. Invalid, expired, and revoked are routine. Reuse means a stolen ...

IP-based throttling and account-based lockout solve different problems and neither substitutes for the other. Built and tested in NestJS: the exact re...

A from-scratch background job pipeline in NestJS using BullMQ and Redis, demonstrated on an async LLM draft-generation endpoint — covering retry/backo...

A from-scratch implementation of TOTP-based two-factor authentication in NestJS, covering secret generation, QR code enrollment, partial vs. full JWTs...



Object-Relational Mappers (ORMs) are excellent for standard CRUD operations, relationship management, and schema migrations. But when you transition f...

When building modern web applications, handling file uploads efficiently and cost-effectively is a top priority. While storing files on a local disk i...