Predeployment checklist for your web app authauthorization so users only access what theyre supposed to input validation and sanitization so bad data and attacks do not slip through CORS so only approved origins can talk to your API rate limiting so spam does not crush your backend expiring password reset links so old emails cannot become account takeovers frontend error handling so users see clean fallback states instead of crashes database indexes so your key queries stay fast logging so you can see what broke in production alerts so you hear about issues before your users do and rollback so one bad deploy does not turn into a full incident Ofc there is more but that is a good place to start coding programming softwareengineer systemdesign

Bro, is there anything I should double check before I launch my new website? Yeah, I have a quick checklist for you. First, authorization. When a user's logged in, can they only access their own data and nothing else? Yeah, we have this in place. Once a user's logged in, they're only able to access resources that they're authorized to access. Anything else will fail. Second, are you validating and sanitizing all user inputs? Yes, I know about SQL injection and cross-site scripting. All forms and user input are sanitized and validated before making any kind of query to our database or being executed in any capacity. Is your CORS policy configured? Yes, we have CORS set up. Only requests from our domain will be served by our API. Great, do you have rate limiting on all your API endpoints? Of course we have rate limiting. The last thing I want is an unexpected bill from one of my users sending a million requests per minute. Do your password reset links expire? Of course, password reset links expire after 30 minutes. Nice, do you catch any unexpected errors in the front end? Yep, we have different screens for different types of errors and one catch-all to make sure that the users never see a raw stack trace. Do you have indexing set up on your most common database operations? We have indexing on our most commonly queried fields, but nothing else. We don't wanna increase write overhead if we don't have to. Do you have logging so you can debug stuff in prod? We have some basic logging, but not too much. It gets expensive really quickly. Do you have alerts so you can be immediately notified if something breaks? Yes, we built alerts. I can't believe I have to go on-call for my own personal project. Are you able to roll back if a deployment goes wrong? Yeah, we're following a blue-green deployment strategy so we can quickly roll back to a prior version if needed. Nice, man, just follow me for more tips and you should be good to go.