Automated Code Review Tools for Developers

Manual code reviews are essential, but they can be time-consuming and prone to human oversight. Automated tools like Qodo/Coderabbit, DeepScan, DeepSource, SonarQube, and Semgrep help developers catch bugs early, enforce coding standards, and maintain high-quality codebases.

Why Use Automated Code Review Tools?

• Save time: Automate repetitive checks so reviewers can focus on design and architecture.
• Improve quality: Catch subtle bugs and vulnerabilities before they reach production.
• Consistency: Enforce coding standards across teams and projects.
• Security: Detect insecure patterns and prevent vulnerabilities.

Qodo / Coderabbit

AI-powered assistants that integrate directly into pull requests. They provide human-like review comments on readability, maintainability, and potential issues. Example: spotting unnecessary complexity in a function and suggesting a cleaner approach.

DeepScan

Specializes in JavaScript and TypeScript. It detects runtime errors and code quality issues that traditional linters might miss. Example: identifying a potential null reference in a React component.

DeepSource

A continuous analysis platform supporting multiple languages. It finds bugs, performance issues, and security vulnerabilities. Example: flagging inefficient database queries or unsafe string concatenations.

SonarQube

A widely used platform for tracking bugs, vulnerabilities, and code smells. It provides dashboards to monitor maintainability and technical debt. Example: highlighting duplicated code across modules.

Semgrep

A lightweight static analysis tool that allows custom rules. Popular for security scanning. Example: writing a rule to detect unsafe use of eval() in JavaScript.

Read More

How to Use Cloudflare SSL Certificate with Plesk Hosting

Many website owners see a "Not Secure" warning when they first move DNS to Cloudflare. Cloudflare provides a free Universal SSL certificate for visitors connecting to your site, but you also need a certificate on your origin server (like Plesk) to complete the handshake.

Step 1: Generate Origin Certificate in Cloudflare

In Cloudflare dashboard, go to SSL/TLS → Origin Server and click Create Certificate. Cloudflare will give you two text blocks: the Origin Certificate and the Private Key. These are only valid between Cloudflare and your server.

Step 2: Install Certificate in Plesk

• Log in to Plesk and navigate to Websites & Domains → SSL/TLS Certificates.
• Create a new certificate entry and paste the Private Key into the "Private key" field.
• Paste the Origin Certificate into the "Certificate (*.crt)" field.
• Leave the "CA certificate (*-ca.crt)" field empty (Cloudflare does not provide a CA chain).
• Save and assign this certificate to your domain under Hosting Settings.

Step 3: Configure Cloudflare SSL Mode

In Cloudflare → SSL/TLS → Overview, set the mode to Full (Strict). This ensures Cloudflare will only connect to your server if the certificate is valid.

Step 4: Redirect All Traffic to HTTPS

Enable Always Use HTTPS and Automatic HTTPS Rewrites in Cloudflare. This forces visitors to use the secure version of your site and fixes mixed content issues.

Result

After these steps, visiting https://yourdomain.com will load securely without handshake errors. Cloudflare protects the edge, and your Plesk server is secured with the Origin Certificate.

Read More

Custom JSON Health Check Responses in ASP.NET Core

When building modern APIs, health checks are a common way to expose the status of your application. By default, ASP.NET Core health checks return a very minimal response (often just HTTP status codes). But what if you want to return a clean JSON payload that can easily be consumed by monitoring systems?

Step 1: Create a Custom JSON Response Writer

ASP.NET Core’s HealthCheckOptions allows us to plug in a custom ResponseWriter. Here’s one that outputs a JSON response containing the health status:

private async Task JsonResponseWriter(HttpContext context, HealthReport report)
{
    context.Response.ContentType = "application/json";
    await JsonSerializer.SerializeAsync(
        context.Response.Body,
        new { Status = report.Status.ToString() },
        new JsonSerializerOptions 
        { 
            PropertyNamingPolicy = JsonNamingPolicy.CamelCase 
        }
    );
}

What this does:

• Sets the response type to application/json.

• Serializes an anonymous object containing the health check Status.

• Uses camelCase naming to keep JSON consistent with API conventions.

---

Step 2: Hook the Writer into Health Checks

Now, wire up the health check middleware in your pipeline:

app.UseHealthChecks("/health", new HealthCheckOptions 
{ 
    ResponseWriter = JsonResponseWriter 
});

Explanation:

• Requests to /health will trigger your health checks.

• Instead of the default plain-text response, your JsonResponseWriter will return JSON like:

{
  "status": "Healthy"
}

---

Step 3: Configure Global JSON Options

To keep your entire API’s JSON responses consistent, configure the JsonSerializerOptions in Startup.cs (or Program.cs for minimal hosting):

services.AddControllers()
    .AddJsonOptions(options =>
    {
        options.JsonSerializerOptions.IgnoreNullValues = true;
        options.JsonSerializerOptions.WriteIndented = true;
    });

• IgnoreNullValues = true → Null properties won’t clutter your responses.

• WriteIndented = true → JSON output is more readable (great for debugging).

With this setup:

• Hitting /health gives a clean JSON response.

• All controllers return JSON using consistent formatting.

• Monitoring tools can easily parse your app’s health status.

Example response:

{
  "status": "Healthy"
}

---

Conclusion

By adding a custom ResponseWriter and configuring global JSON options, you can make your ASP.NET Core health checks more API-friendly. This approach is simple, clean, and integrates seamlessly into modern monitoring setups like Kubernetes, Prometheus, or cloud load balancers.

Read More

Fixing Google Analytics Integration in a Next.js App

When I tried to add Google Analytics to my React/Next.js project, I used the GoogleTagManager React component with my GA4 tag ID:

    
<GoogleTagManager gtmId="G-XXXXXXXXXX" />
    
  

The build succeeded, but Analytics showed “No data received in past 48 hours.”

The Problem

Using the GoogleTagManager component with a GA4 ID (G-XXXXXXXXXX) only created a preload link in the <head>:

    
<link rel="preload" href="https://www.googletagmanager.com/gtm.js?id=G-XXXXXXXXXX" as="script"/>
    
  

This preload line fetched the script but did not initialize GA4 tracking. As a result, Google Analytics never received events.

The Solution

Instead of relying on the preload link, I injected the full GA4 snippet using Next.js’s next/script. This ensures the script loads after hydration and initializes correctly.

Sample Code

    
import Script from "next/script";

export default function Layout({ children }) {
  return (
    <html lang="en">
      <head>
        {/* Load GA4 script */}
        <Script
          src="https://www.googletagmanager.com/gtag/js?id=G-XXXXXXXXXX"
          strategy="afterInteractive"
        />

        {/* Initialize GA4 */}
        <Script id="ga4-init" strategy="afterInteractive">
          {`
            window.dataLayer = window.dataLayer || [];
            function gtag(){dataLayer.push(arguments);}
            gtag('js', new Date());
            gtag('config', 'G-XXXXXXXXXX');
          `}
        </Script>
      </head>
      <body>{children}</body>
    </html>
  );
}
    
  

Replace G-XXXXXXXXXX with your own GA4 Measurement ID.

Key Takeaways

• The GoogleTagManager React component with a GA4 ID only creates a preload link — it doesn’t initialize Analytics.
• GA4 requires the full gtag.js snippet with initialization code.
• Use next/script in Next.js for safe script injection.
• Verify events in Analytics → Realtime after deployment.

👉 This adjustment solved the issue and got my Analytics dashboard flowing with data again.

Read More

PowerShell Script to Create and Bind a Self-Signed SSL Certificate

The script creates a new self-signed certificate, generates a unique App ID, and binds it to port 5555 — automatically.

Copy and run this in PowerShell (Run as Administrator):

# Get computer hostname
$hostname = hostname
Write-Host "Hostname: $hostname"

# Create a self-signed cert for localhost + hostname (valid 1 year)
$cert = New-SelfSignedCertificate -DnsName "localhost", $hostname `
  -CertStoreLocation "Cert:\LocalMachine\My" `
  -NotAfter (Get-Date).AddYears(1)
$thumb = $cert.Thumbprint
Write-Host "Cert Thumbprint: $thumb"

# Create new Application ID (GUID)
$appid = "{" + ([guid]::NewGuid().ToString()) + "}"
Write-Host "App ID: $appid"

# Bind certificate to all interfaces on port 5555
$ipport = "0.0.0.0:5555"
netsh http add sslcert ipport=$ipport certhash=$thumb appid=$appid

Write-Host "✅ Done! SSL binding created on port 5555."

🔍 Why This Helps

When hosting a local web API or service (e.g., on Kestrel or IIS Express), HTTPS often fails due to:

• Missing or expired self-signed certificates

• Old bindings blocking the port

• Manual setup errors

This script fixes all of it in one run — clean, fast, repeatable.

---

🧹 Optional: Clean Old Bindings

If you want to clear any previous SSL settings before running the script:

netsh http delete sslcert ipport=0.0.0.0:5555
netsh http delete sslcert ipport=localhost:5555
netsh http delete sslcert ipport=192.168.1.25:5555

Ignore “file not found” messages — that just means no old bindings exist.

---

✅ Verify

After running the script, check:

netsh http show sslcert

You should see your new certificate bound to port 5555.

Read More

Firebase Storage: A Simple Guide to CORS Configuration

Cross-Origin Resource Sharing (CORS) is a critical part of web development, especially when working with cloud storage solutions like Firebase Storage. This post will walk you through a simple, yet powerful, CORS configuration to get your Firebase Storage bucket talking to your web app.

What's CORS and Why Does It Matter?

CORS is a security feature built into modern web browsers. It's a mechanism that allows a web page to request resources from a different domain than the one that served the web page. Imagine you have your website at `www.mywebsite.com` and you're trying to display an image stored in your Firebase Storage bucket at `my-project.appspot.com`. Without a proper CORS policy, your browser would block the request, seeing it as a potential security risk.

Configuring Your `cors.json`

To configure your CORS policy for a Firebase Storage bucket, you need to create a JSON file. 

[
  {
    "origin": ["*"],
    "method": ["GET", "HEAD", "PUT", "POST", "DELETE"],
    "responseHeader": [
      "Content-Type",
      "Access-Control-Allow-Origin"
    ],
    "maxAgeSeconds": 3600
  }
]

origin: This is the most crucial part. The `*` acts as a wildcard, allowing any domain to access your resources. While convenient for development and public assets, for production, it's best practice to replace `*` with your specific domain, e.g., `["https://www.yourdomain.com"]`, for enhanced security.

method: This specifies the HTTP methods (like `GET`, `POST`, `PUT`, `DELETE`) that are allowed. By including all of them, you're granting full control to your allowed origins. This is helpful if you need to perform actions beyond just fetching data, like uploading or deleting files.

responseHeader: These are the headers that the browser is allowed to access. Content-Type is a standard one, and Access-Control-Allow-Origin is the header that confirms the origin is allowed, which is essential for CORS to work correctly.

maxAgeSeconds: This tells the browser how long it can cache the CORS preflight response for. The value 3600 means one hour, which helps reduce the number of preflight requests for the same resource, making your application a bit faster.

Applying the Policy with gsutil

Once your cors.json file is ready, you need to apply it to your Firebase Storage bucket. You've already done this with the `gsutil` command in the Firebase Studio terminal:

studio-45:~/studio{main}$ gsutil cors set cors.json gs://studio-45-e8723.firebasestorage.app
Setting CORS on gs://studio-45-e8723.firebasestorage.app/...

  * gsutil cors set: This is the command to set a new CORS configuration.

  * cors.json: This is the path to your configuration file.

  * gs://studio-45-e8723.firebasestorage.app: This is the URI for your specific Firebase Storage bucket.

After running this command, your Firebase Storage bucket will now be configured with the CORS policy you defined. This means your web application, running on any origin, can now access the files in your bucket using the specified methods and headers\!

Read More

Connect Firebase Project & Workspace in Firebase Studio

It’s a common setup mistake: you create a Firebase project, then a Firebase Studio workspace but they’re not connected. 

• A Firebase project in the Firebase Console
• A Firebase workspace in Firebase Studio

🛠️ The Fix: Link Your Workspace to the Firebase Project

1. Open the Firebase Studio Terminal

In Firebase Studio, navigate to your workspace and open the terminal window. This is where you’ll run CLI commands.

2. Run firebase init

firebase init

This command starts the setup wizard. You’ll be prompted to:

• Grant access to Google Cloud resources
  

• Select a Google Cloud project
  Choose the correct Firebase project from the list — this links your workspace to it.

• Choose Firebase features
  Continue with terminal window. Pick the services you plan to use (e.g. Firestore, Functions, Hosting).

This step creates two key files in your workspace:

• .firebaserc — maps your workspace to the selected Firebase project
• firebase.json — configures Firebase services

3. Verify the Connection

Run:

firebase projects:list

Your selected project should appear with a * next to it, indicating it’s active.

studio-77:~/studio{main}$ firebase projects:list
✔ Preparing the list of your Firebase projects

┌──────────────────────┬──────────────────────────┬────────────────┬──────────────────────┐
│ Project Display Name │ Project ID               │ Project Number │ Resource Location ID │
├──────────────────────┼──────────────────────────┼────────────────┼──────────────────────┤
│ Asset                │ asset-90d38 (current)    │ XXXXXXXXXXXX   │ [Not specified]      │
├──────────────────────┼──────────────────────────┼────────────────┼──────────────────────┤

---

✅ Result

Your Firebase Studio workspace is now properly connected to your Firebase project. All CLI commands will target the correct environment, and you can deploy, emulate, or manage resources without errors.

---

🧠 Pro Tip

If you work across multiple Firebase projects, use:

firebase use --add

This lets you assign aliases and switch between them easily:

firebase use dev
firebase use prod

---

Firebase init output (Web app hosting option)

✔ Please select an option: Use an existing project
✔ Select a default Firebase project for this directory: asset-90d38 (asset)
i  Using project asset-90d38 (asset)

=== App Hosting Setup
i  This command links your local project to Firebase App Hosting. You will be able to deploy your web app with `firebase deploy` after setup.
✔ Please select an option Create a new backend
i  === Set up your backend
✔ Select a primary region to host your backend:
 us-central1
✔  Location set to us-central1.

✔ Provide a name for your backend [1-30 characters] asset-backend
✔  Name set to asset-backend

✔  Created a new Firebase web app named "asset-backend"
✔ Successfully created backend!
        projects/asset-90d38/locations/us-central1/backends/asset-backend

i  === Deploy local source setup
✔ Specify your app''s root directory relative to your firebase.json directory /
✔  Wrote configuration info to firebase.json
i  Writing default settings to apphosting.yaml...
✔ File /home/user/studio/apphosting.yaml already exists. Overwrite? Yes
✔  Wrote /home/user/studio/apphosting.yaml
✔  Firebase initialization complete!

✔  Wrote configuration info to firebase.json
✔  Wrote project information to .firebaserc

✔  Firebase initialization complete!

Sync Firebase Workspace & Project

studio-77:~/studio{main}$ firebase use --add
✔ Which project do you want to add? asset-90d38
✔ What alias do you want to use for this project? (e.g. staging) asset-dev

Created alias asset-dev for asset-90d38.
Now using alias asset-dev (asset-90d38)

studio-77:~/studio{main}$ firebase use asset-dev
Updating Studio Workspace active project to match Firebase CLI 'asset-90d38'
Now using alias asset-dev (asset-90d38)

Read More

[Tips] Database NULL to Zero

Oracle	SELECT NVL(col, 0 ) FROM mytable
SQL Server	SELECT ISNULL(col, 0 ) FROM mytable
MySQL	SELECT IFNULL(col, 0) AS column_name FROM mytable

Read More

AI means everyone can now be a programmer(?)

Is it that easy?

Assuming you are not a developer and want to create an app to take screenshots on macOS.

You started to ask questions to AI and installed developer tools. Now you are ready for development.

Gemini

How to take a screenshot on macos xcode using swift?



You paste the code to XCode and see an error!


Ask Gemini to provide another solution.

The code you provided in swift didn't work. Suggest another swift way to capture a screenshot.

Gemini gives an apology and suggests another solution.



Let's see in XCode.



Can you see a strange code that contains Arabic letters?

guard let contentFilter = SCC محتوى الشاشة(sharingMode: .none) else { return nil }

You want to switch to ChatGPT to accomplish this easy task with the same prompt. 👇

ChatGPT

You paste the code provided by ChatGPT. Again, there is a problem in the code!



context.makeCurrent() didn't work. Is there any other way?



You pasted this code, and it worked! After a few trials, now think you are a programmer.

What will you do if you see CGDisplayCreateImage(_:) is deprecated?

So you keep asking for alternative ways, and you learn that there is a shiny framework named ScreenCaptureKit.

I recommend trying to ask both Gemini and ChatGPT to take a screenshot using ScreenCaptureKit. I tried, on several attempts, AI suggested wrong code each time.

Then you will decide how easy programming is!

Read More

How to stream image from generic handler

This article provides an example of streaming images from a generic handler in .NET.

If you store your images in a database table as byte[] then you can utilize a handler to display them in a data grid.

The process involves sending a request to the handler (.ashx) page, retrieving the image, and then displaying it.

In the given example, we have a grid that stores IDs in one column and displays the corresponding images in another column using an asp:ImageField.

Create a generic handler that streams image. In this example ImageField requests image from getFaceImage.ashx by DataImageUrlField parameter in DataImageUrlFormatString format

public void ProcessRequest(HttpContext context)
{
    int id;

    if (context.Request.QueryString["id"] != null)
    {
        id = Convert.ToInt32(context.Request.QueryString["id"]);

        if (id > 0)
        {
            context.Response.ContentType = "image/jpeg";

            Stream strm = new MemoryStream();
            GetImage(id).Save(strm, ImageFormat.Jpeg);
            strm.Position = 0;

            byte[] buffer = new byte[4096];
            int byteSeq = strm.Read(buffer, 0, 4096);
            while (byteSeq > 0)
            {
                context.Response.OutputStream.Write(buffer, 0, byteSeq);
                byteSeq = strm.Read(buffer, 0, 4096);
            }
        }
    }
    else
        return;
}

public Image GetImage(int id)
{
    //Make appropriate calls for image according to id
    //...

    //return the image
    return new Bitmap("");
}

Read More