Research library

Blog

Security engineering notes, project documentation, backend architecture deep dives, and implementation records.

Entries

Docs

Articles

Minutes

175

25 results

175 min selected / latest May 28, 2026

May 28, 2026article

Building a Production-Grade Secure Authentication System: From JWT to Zero Trust

Authentication is no longer just a login system — it is the foundation of modern cybersecurity. In this deep engineering-focused guide, we explore how production-grade authentication systems are designed using JWT, OAuth2, RBAC, MFA, Zero Trust architecture, secure token rotation, API security, cloud IAM, and DevSecOps principles. Learn how real-world systems defend against token theft, session hijacking, XSS, CSRF, privilege escalation, and modern identity attacks at scale.

11 min read

Oct 15, 2025nextjs

Migrating from TanStack Start to Next.js App Router: An Architecture Post-Mortem

A deep dive into why we moved our entire CMS away from Vite SSR and TanStack Router, the performance implications of Server Components, and the hydration traps we had to fix.

14 min read

Sep 22, 2025security

Beyond JWTs: Designing a Stateful, High-Performance Session Architecture

Stateless JWTs are great until you need to instantly revoke a compromised session. Here's how to build a stateful, Redis-backed authentication system that handles 50k+ concurrent users with sub-millisecond validation.

12 min read

Aug 10, 2025database

Designing Scalable Analytics: From Postgres to ClickHouse

How we outgrew PostgreSQL for our blog's analytics engine, the pain of counting billions of rows, and how migrating to ClickHouse solved our aggregate query nightmares.

15 min read

Jul 2, 2025build-in-public

Why I Built My Own CMS Instead of Using Contentful or Sanity

Headless CMS platforms are powerful, but they abstract away the database, limit your architecture, and introduce vendor lock-in. Here is a build-in-public look at why writing a bespoke CMS on Supabase was the best engineering decision I made.

10 min read

Jun 18, 2025devops

Debugging SSR Runtime Crashes on Vercel: Node vs Edge

When your Next.js app works perfectly on localhost but throws 500s on Vercel. A deep dive into Node runtimes, the Edge network, and how to debug elusive server-side crashes.

11 min read

May 12, 2025react

Fixing Hydration Errors in Next.js: A Structural Approach

Hydration errors are the bane of Next.js developers. Stop fighting the warnings and learn the structural causes behind 'Text content did not match server-rendered HTML'.

6 min read

Apr 22, 2025security

Defending Against SSRF in Node.js Microservices

Server-Side Request Forgery is deadly. If your app fetches URLs provided by users, you are at risk. Here's how to lock down node-fetch and axios.

7 min read