A passion for the web and clean code.

A profile picture of author Paul Heasley

about the author Paul Heasley

I’m an Engineering Manager with a passion for web development and a focus on delivering great user experiences with clean, engaging UI's through concise, maintainable code.

Contact Me

Apollo Server 4 Serverless GraphQL Upload

posted on 20 March 2023 in programming

Apollo Server 4 changed the way we integrate with Serverless functions, the apollo-server-lambda project is no longer part of the core package, being replaced with @as-integrations/aws-lambda. With this change it’s no longer obvious how we can use Express middleware like graphql-upload for serverless functions, but it is still possible using the @vendia/serverless-express project. This article will focus on AWS Lambda integrations, but the solution should be just as relevant for any of the cloud providers (using the appropriate apollo-server-integrations package).

Read Article

React OAuth2 Authentication with Cloudentity

posted on 27 July 2022 in programming

In this tutorial we’re going to run through creating a react app that authenticates with a OAuth2 authorization server, in this case we’ll use Cloudentity. Cloudentity is an authentication and authorization provider that specialises in hyper-scalability. We’ll implement login using the Resource Owner Password Grant, and demonstrate authenticating API calls.

Read Article

Using GraphQL Scalars With Code Generator

posted on 18 August 2021 in programming

Here’s one that might be obvious for GraphQL veterans, but I wasted some time Googling for an answer that didn’t seem clear. I’m trying to use GraphQL Code Generator with a schema that was using GraphQL Scalars and received the error:

Failed to load schema from ./src/schema/**/*.ts:
Unknown type: "Date".
Read Article

Introducing Trade Monitor - a free stock notification service

posted on 21 February 2021 in programming

As a novice investor the first thing I wanted was a way to setup alerts when stocks hit certain thresholds. It’s sounds really simple and I’m sure there’s a service out there for it, but I struggled to find a simple, free one. So I built one.

Read Article

Duplicate Celery logs in a Flask app

posted on 30 September 2020 in programming

Celery and Flask go together like tacos and Tuesdays, so I was surprised to run into some incompatibility in the way they setup and use loggers which caused Celery to dump duplicate logs. Perhaps it was just the way I had structured my project, using a Flask application factory and Celery tasks in a tasks folder, but that seems pretty standard. Or maybe it’s how I’m setting the log level? But I digress.

Read Article

Using OWASP ZAP to test for CORS origin reflection exploits

posted on 15 June 2020 in infosec

Cross-Origin Resource Sharing (CORS) protects a user from having sensitive information leaked from one site to another. If the browser allowed any cross-domain XHR requests, sites would be able to steal information from other sites that you are logged into by making authenticated requests to them via JavaScript (the target site’s cookies will be sent with the request). But CORS can be easily misconfigured and result in vulnerabilities in your site, one particular misconfiguration is CORS origin reflection, where the Origin request header is processed through a whitelist (or regular expression) on the server and if allowed, is returned in an Access-Control-Allow-Origin: response header. Poor regex can result in allowing unintended domains through.

In this post I’ll walk you through using OWASP ZAP to manually test a list of domain names passed as origins to a webserver, and evaluating whether they are reflected in the allowed CORS domains.

Read Article

WTForms SelectField with Custom Option Attributes

posted on 14 May 2020 in programming

I was surprised to run into this problem in my Flask app, I needed to pass a custom attribute to one of the options in a select list provided by WTForms (in my case I wanted to set the first option as disabled), but it turns out that this is a common problem with lots of work arounds.

Here’s a nice clean solution to pass those custom attributes, keeping the built-in SelectField, but using a custom widget which supports providing attributes for any of the options via a keyed dictionary.

Read Article

Simple, Cost Effective ECS Service Communication

posted on 07 February 2020 in programming

3 Docker containers want to communicate with each other. They live on a single host with no scaling, it should be a trivial problem right? If you’re hosting them on AWS ECS you can use ECS Service Discovery, but for this simple scenario it’s costly and overly complex. Here’s a cheaper, simpler way.

Read Article

Notepad++ TextFX 0.25 x64

posted on 01 May 2019 in programming

There’s plenty of messages about why you shouldn’t need TextFX for Notepad++ anymore, but if you’re feeling nostalgic I’ve got you covered, here’s the binary for x64 bit systems compiled from the sources.

Read Article

Using CSS Modules with Angular, TypeScript and Bootstrap

posted on 21 February 2018 in programming

CSS is simultaneously both the simplest and hardest programming language at once. What could be simpler than selectors, properties and values? And yet how quickly can CSS become an overwhelming mess, paralyzing unsuspecting developers who are too afraid to change a style because it’s hard to find and test all it’s usages, so they just add another style to the mess.

CSS Modules aims to alleviate a lot of these problems by scoping styles to a specific component, so other page styles won’t conflict with your component and your styles won’t leak onto other areas of the page.

Read Article