Writing

Next.js

Your Next.js Server Action is a public endpoint

A server action looks like a function call, but it compiles to a public POST endpoint anyone can hit with any arguments. Authenticate and validate inside it.

Read → Next.js

What actually ends up in your Next.js client bundle

NEXT_PUBLIC env vars and anything a client component imports ship to the browser. One import line can leak a secret. The server-only package makes it impossible.

Read → Security

Verify your Stripe webhooks, or anyone can grant themselves Pro

An unverified webhook endpoint is a public URL that upgrades accounts. Without signature verification, anyone can POST a fake checkout.session.completed and unlock your paid plan.

Read → Building

Cut the feature list before you build it

Shipping solo means the bottleneck is always you. The way to ship is not to work faster, it is to build less. Cut to the one thing that tests the bet.

Read → Scale

What a high-traffic checkout taught me about reliability

Years on a production e-commerce checkout came down to a few hard rules. Make every operation idempotent, never trust the network, and degrade instead of failing.

Read → Frontend

Redux that survives a complex checkout

A real checkout has more state than a tutorial admits. A few rules keep a large Redux store maintainable. Normalize it, read through selectors, and keep side effects out of components.

Read →