Ninety-ninety rule
The first 90 percent of the code accounts for the first 90 percent of the development time. The remaining 10 percent of the code accounts for the other 90 percent of the development time. (wikipedia)
The last two months we haven't really added any new features to the website. We took the time to completely redesign it and basically started from scratch with the code but with a clear goal in mind. Improve the code so that the website can grow and work towards having the same functionality as we have today. For this we switched to Vue.js and typescript, we had to setup a new development environment and climb a steep learning curve. It was an enriching experience and looking back I think we can be satisfied and say the goals were met.
Keep the user logged in
We kept the security related features for last to be able to focus on them in a working surrounding. We already had the updated SteemConnect log in but credentials were not saved. This required logging in every time you visit the website and clearly that's not a pleasant experience. Now we are storing the SteemConnect token on the user's device in a cookie and as such we can keep the user logged in.
SteemConnect tokens handled securely
The users' security is a top priority. At the moment we allow users to log in to the SteemMakers website using SteemConnect. The SteemMakers app only requests to be able to verify your identity, it doesn't request to vote, comment, post, ... on your behalf. We start simple and grow from there. Previous security issues with other Steem apps have shown security is an important aspect. To be on the safe edge we chose to not store any information on our side. Currently we only use SteemConnect to verify the identity of our reviewers. We only have a list of their usernames on our system, we don't store any tokens under any form. The moment a reviewer uses one of the restricted APIs their token is sent in the header of the https request and our server verifies the identity with SteemConnect. The consequence is a certain delay but the win is that we don't have to worry about securing your tokens because we simply don't have them.
Article submission
The last step was to rework the article submission. As always the devil is in the details and it took some more time than expected. Since we moved to a single page application quite some things needed to be completely changed. The article validation, the keyword retrieval, the submission itself, the error message handling. Visually nothing much changed, but behind the scenes almost everything did. This is how the current submission looks:
Database security
Along the way we also solved an issue reported on Utopian. All database interfaces now use prepared statements to mitigate further issues like this.
What's next
We're doing some live testing now and some code cleanup but that shouldn't take too much of our attention. The last couple of weeks we have slowly been preparing for new features. We're working on a quality measure system and that requires quite some discussion and design work. Both phases are nearing the end and next will be the implementation. There are some other items on the list such as a theme redesign, a landing page, and some secrets...
Proof of work done
Repository: https://github.com/JefPatat/SteemMakers/tree/master/website
My github account: https://github.com/JefPatat
Relevant commits: several commits from June 6th to June 17th: https://github.com/JefPatat/SteemMakers/commits/master
