Guides & Documentation
Codebase Security & Scale Auditing.
Check if your Claude/Cursor prototype is production-ready using these standard audit guidelines.
auth
Auditing Next-Auth JWT Expiry
AI code generation often defaults to session JWT tokens with unlimited lifetimes, causing critical session hijacking security flaws. Run this command to audit session tokens:
import { authOptions } from "@/app/api/auth/[...nextauth]/route";
import { getServerSession } from "next-auth";
export async function verifySessionExpiry() {
const session = await getServerSession(authOptions);
if (session && new Date(session.expires) < new Date()) {
throw new Error("Session token expired. Force logout required.");
}
return session;
}database
Query Analysis for Missing Indexes
Unindexed relational tables will degrade and crash under concurrent user load. Run this SQL query on your PostgreSQL instance to list the top 5 slowest queries that lack indexes:
SELECT
schemaname, relname, seq_scan, seq_tup_read, idx_scan, idx_tup_fetch
FROM
pg_stat_user_tables
WHERE
seq_scan > 0
ORDER BY
seq_tup_read DESC LIMIT 5;payments
Validating Stripe Webhook Signatures
F Founders building billing logic with Cursor often skip webhook signature verification, which lets malicious users simulate charge payments. Always secure webhook endpoints with verification:
const stripe = require('stripe')(process.env.STRIPE_SECRET_KEY);
const endpointSecret = process.env.STRIPE_WEBHOOK_SECRET;
function verifyWebhook(payload, signature) {
try {
const event = stripe.webhooks.constructEvent(payload, signature, endpointSecret);
return event;
} catch (err) {
throw new Error(`Webhook Signature Verification Failed: ${err.message}`);
}
}