During Fall Term, I took a course named “Professional Practice” which features ethic in Computer Science. It taught me lots of valuable lesson especially in regards to privacy. Which is the reason why I came up with this project; web-based E2EE storage solution where server cannot know what user have stored that grantees maximal ownership of their files.
I’ll try to finish the beta version of this project in 7 days (because that’s when my next term begins :( ) and will release it to the public.
For disclaimer, I’ll also mention, that this is my first project where I fully utilize LLM for coding; Now, before anyone make a judgement, I want to bring my point. LLM assisted-coding (or colloquially, vibe-coding) was something I looked down upon so I didn’t really bother using them much. But after some times, as a person dedicated in tech sector, I shouldn’t just ignore certain technology because of my bias; I should at least give them a try. So this is me trying.
For the past 4-ish days of actively using cursor, I realized a significant boost in productivity. In the past (pre chatGPT era), I had to look up multiple stackoverflow post just to get the boiler plate code of certain library I want to be using.. However, LLM does this instantly, saving tons of times that would’ve been spent on searching otherwise. Now, as a responsible programmer, it is still crucial to understand my own codebase. So I still spend some amount of times, studying my code, and look up the documents. I spend equal amount of time on studying my code, it’s just that now I don’t have to spend much times on googling. I think that is significant improvement in efficiency.
However, it’s not all smooth and easy with LLM, there are some challenges too. Since I’m trying to deploy my project on AWS, there are lots of dev-ops involved. And LLM is only helpful for researching in devops, they don’t auto-implement the infrastructure I need (it would be cool if they did in the future! some kind of visual editor where I can vibe code AWS infrastructure). So there are some struggles out there.
Ok, I think I’m digressing. I’ll show you what I’ve made so far and my challenges.
At the start, the following of 4 was done very smoothly
- Making Login Page
- Session Management using Next-Auth-js
- Basic DB setup for storing user info and their file location
- Uploading file
For downloading file however, the experience was … quite a journey. At first, I wanted to go easy and just make S3 publicly available for everyone. But then that didn’t really make sense for a storage service. So I steered towards CloudFront signed-cookie where I can grant access to authorized user for certain amount of time. Ok, I just needed to set the cookie of CloudFront’s domain to signed cookie then we’re good to go… except… I was using localhost for my server and CloudFront’s had its domain (let’s say cf.com ). I kept trying to set cookie of cf.com from the localhsot; it just didn’t work and I had no idea why. I spent many excruciating hours into this until I finally came across with Mozila Document, Set-Cookie’s Domain attribute which states
Domain= Optional
Defines the host to which the cookie will be sent.
Only the current domain can be set as the value, or a domain of a higher order, unless it is a public suffix. Setting the domain will make the cookie available to it, as well as to all its subdomains.
This implied I cannot set cookie of domainB from domainA even if I include domainB in Domain attribute. Ok, then, I just gotta use the same domain cool. So I went to Route53, and decided to purchase a domain, deploy my website on that custom domain and then link CloundFront distribution to the subdomain. Purchasing Domain was quite simple, .click was offered for only $3 per year. However, problem occurred when trying to deploy the Nextjs app to amplify. I noticed amplify is not reflecting environment variable even though I listed them in management console.
I spent another few hours wondering why this is all happening. And then I saw this message in the management console
“…at the build time”, ok so does that mean those environment variable is not available during a runtime? It confuses me because that’s not the impression I got when I was reading through their documents about amplify environment variable where they said
Environment variables are key-value pairs that you can add to your application’s settings to make them available to Amplify Hosting.
I thought “by available to Amplify Hosting” they meant available during runtime. In retrospect, I shouldn’t have assumed anything and should’ve thoroughly check what I’ll be using. I ended up just looked up the stackoverflow post about it and getting it out of the way by editing their build script. (And there were few more instance like this where I spent another another few hours due to mis-configuration..)
After getting this out of the way, I was just exhausted from all the deployment I’ve done and realized I was not making much of a progress in terms of development. So I pivoted, and decided to develop first then think about deployment. And that’s currently where I’m sitting at.
Throughout the past 4~5 days, I think most of my time was spent on the matter like this where either I make wrong assumption about the given information or didn’t inspect thoroughly of what I was doing.
(Oh yeah and about that signed cookie, I just ended up using signed url. This way, I can just pass my signature in the url then redirect. Now that I think about it, anyone with the url can still access the link (albeit for limited time) so I guess I need to figure out how to combat that.
Blog 
Leave a comment