> Custom OAuth implementation with user registration/login
Please don't. At 2 minute glance you are allowing empty state (csrf) and bearer tokens in query string[0], not checking if token is expired or not[1], storing secrets in plain text / not salting[2], missing PKCE Validation, debug mode always on, redirect URL only checking if includes (127.0.0.1.evil.com works)[3] so much...
Please, please, please don't recommend this for any production usage.
I've been about it as "throwaway software." Why bother searching for someone else's mediocre LLM generated software when I can just as easily (and hopefully as cheaply) generate the same thing, but it just works for me
Kindle has been doing this for years and has really made me a loyal customer to them. Always surprised the penny pinchers at Amazon haven't killed it yet.
The demos I see for these types of tools are always some toy project and doesn't reflect day to day work I do at all. Do you have any example PRs on larger more complex projects that have been written with codebuff and how much of that was human interactive?
The real problem I want someone to solve is helping me with the real niche/challenging portion of a PR, ex: new tiptap extension that can do notebook code eval, migrate legacy auth service off auth0, record and replay API GET requests and replay a % of them as unit tests, etc.
So many of these tools get stuck trying to help me "start" rather than help me "finish" or unblock the current problem I'm at.