6. Do you need passwords?
• Secure storage
• Secure validation
• Password reset
• Phishing attacks
@ForbesLindesay
7. Do you need passwords?
• Passwordless - send user’s an e-mail/SMS with a one time code
• OAuth - rely on a third party service (Google, Twitter, Facebook, Apple)
@ForbesLindesay
40. function take(oldState, options, now) {
const {tokenCount, timestamp} =
oldState
? updateBucketState(oldState, options, now)
: {tokenCount: options.bucketCapacity, timestamp: now};
if (tokenCount > 0 && now >= timestamp) {
// if there is a token available and the timestamp is in the past
// take the token and leave the timestamp un-changed
return {tokenCount: tokenCount - 1, timestamp};
}
// update the timestamp to a time when a token will be available, leaving
// the token count at 0
return {tokenCount, timestamp: timestamp + options.interval};
}
41. async function takeToken(key, options) {
const now = Date.now();
const oldState = await db.getRateLimitState(key);
const newState = take(oldState, options, now);
// N.B. replaceRateLimitState should throw if current state
// doesn't match oldState to avoid concurrent token usage
await db.replaceRateLimitState(key, newState, oldState);
if ((newState.timestamp - now) > 0) {
await new Promise(r => setTimeout(r, newState.timestamp - now));
}
}
44. Exponential Delay
• Timestamp of last attempt
• Number of attempts
Token Bucket
• Timestamp when token count
was last updated
• Number of tokens in bucket
@ForbesLindesay
64. Open-source at Threads
Please follow @threads_eng on Twitter for updates on open-source, etc.
We have confirmed one of the top open source contributors @gajus to talk about
his journey in open-source at JavaScript Open-source Meetup on 17/09
Please join at
https://www.meetup.com/JavaScript-Open-source-Meetup/ or https://thrds.biz/
meetup