@betpawa dont put games where we. Can't cash out. Its f' ing annoying. I would rather the truth than lie to me.
We grown men not some randoms, so we prefer you give us games where we can do some cash out rather you tell us its something thats its something that don't work.
@oelma__ Most of these replies forget humans will always be humans. You cant prevent that, the best idea is stay alone cause "rules are meant to be broken". Trust me everybody who came up with what the world is now live inwanted the same thing but shit just happened. We are fucked up....
Login endpoints?
Not brute-forced.
Signup?
Not botted.
Password reset?
Not spammed.
Verification flows?
Not abusable.
rate-limit like a paranoid senior engineer that’s been burned before.
Every route now goes through a military-grade entry pipeline:
rate limit → token verify → permission check → async handler → controller
If your backend doesn’t have this, it’s already leaking.
Building a health-care e-commerce has forced me to rethink what “production-ready” actually means.
Not just writing code.
Not just making it work.
But engineering a backend like it’s going to be attacked, scaled, and audited from day one.
Challenges:
→ Cookie clear options silently failing
→ MongoDB handlers duplicating on reconnect
→ Rate limits resetting on server restart
Foundation is solid.
Building in Uganda. On a Samsung.
#buildinpublic#developer#Uganda
What got done:
→ Startup validation that rejects weak secrets
→ Tiered cookie security for auth tokens
→ CORS with HTTPS enforcement
→ Rate limiting per user ID not just IP
→ MongoDB retry with exponential backoff