Hey Loura!

Mon, 13 Apr 2026 15:34:59 -0400

My poor memory strikes again. I was talking with my sister that I would love, love, love to go see Les Misérables some day on stage when my husband speaks up and tells me he took me to see it already 🤔😆 Woops.

Wed, 08 Apr 2026 10:27:04 -0400

Two years later and my other kid needs cookies. At least this time my child checked in the morning well ahead of the lab 😆

March 8th - April 4th Practice Log

Tue, 07 Apr 2026 09:06:23 -0400

Tai Chi

Tai Chi and Kung Fu Practice Log

March 8th - April 4th

Stats

28 days logged
approx. 42 hours practiced (class + personal)
approx. 4.1 hours standing meditation
20 forms tai chi & kung fu

“When the opponent does not move, you will not move; when the opponent slightly moves, you move first.”

— Yáng Bān-Hóu · on Pushing Hands

Personal Practice Focus

01: Opening the Hip Joint I included daily kua opening exercises, researched the anatomy of the hip, and explored releasing into the hip socket during move transitions.

02: Standing Meditation I worked up from 6-8 minute sessions to 20 min sessions over the month. By April I needed to do less posture corrections.

03: Explosive Power Most moves in Taijiquan have an element of explosive power to them. I drilled silk reeling and fajin expression in my weekly rotation.

04: Sensitivity and Structure Regular weekly pushing hands practice in class and deep form corrections in 64 Guan Ping Yang Form.

Fri, 27 Mar 2026 09:53:30 -0400

Now that I got my pkm tool to where I want it, my next project is going to be a CMS that lets me build a website like a sticker book.

Wed, 25 Mar 2026 10:42:54 -0400

I feeling the digital mess of my files across devices pretty strongly today. The urge to toss everything in an archive folder and zip it… is strong. But I'll still know there is a mess of files within it. Don't get me started on digital photos. It's my blog too. It feels messy and disordered right now, not theme-wise (though I kinda want to switch back to my rpg one) but the micro posts and the long posts all together. I've outgrown some categories. I struggle because I both want everything in one place but also organized and consistent. Arg… I guess it's just one of those days.

Sun, 22 Mar 2026 13:18:10 -0400

I’m required to use Claude at work so I’ve been testing it out. My favorite so far: A PWA quine PKM system. Took what I liked from Logseq (outline - simplified) and single file architecture (Tiddlywiki). I also added in sync to Micro.blog’s private notes with chunking. Came together in a day.

Thu, 05 Mar 2026 14:29:31 -0400

I’ve had kid(s) for a decade and a half now, and I’m still surprised how early registration opens up for things… like summer camp. Guess I know what I’m researching this evening.

Thu, 05 Mar 2026 12:18:37 -0400

Read as text

Using AI at Work

Well, the time finally came. My boss wants me to start using AI in my workflow. In anticipation I've been playing around with Claude Code the last couple of weeks. It's improved since the last time I tried it out.

Maybe that's why I'm feeling drawn to this handwriting mood with my blog. Something a bit more me that isn't a quick prompt into existence.

Shrug

Tue, 03 Mar 2026 11:29:02 -0400

Read as text

I got up this morning around 3am because… my brain sucks sometimes. Anyway, it was cloudy then and its still cloudy now. Oh well…

♥ Loura

Mon, 02 Mar 2026 22:15:00 -0400

Read as text

My kid fell in love with the local agricultural school during a summer camp session. This year our state switched all technical schools to be lottery based. We filled out the application and today was the day. We waited…

No luck. I have a very sad kid.

Handwriting a blog

Sun, 01 Mar 2026 22:15:00 -0400

Read as text

One of the nice things about going to my kids swim meet is that I have time to let my mind wander.

A few years ago, I came across a website called "Handwritten. blog." Sadly, it is no longer hosted but you can still see some of it on the internet archive [1].

Maybe it was because I was reading on my e-ink tablet. Or perhaps I'm just tired of my current blog design again. But why not give it a shot?

One thing is obvious, editing posts will be a nightmare. Usually I take my time and will rewrite a blog post a few times. Not gonna happen if I'm writing these out long hand. So yeah… a little unpolished it is.

♥ Loura

Links
[1] Internet Archive

Mon, 23 Feb 2026 19:31:12 -0400

Our town reported 25in of snow for today’s blizzard. Though I feel like we got more. Not the best day for a shear pin to break on the snow blower. So we got to hand shovel the way too long driveway.

Sat, 31 Jan 2026 17:28:44 -0400

I purchased a variety of green teas to try for the new year. As a way to take quiet moments and enjoy some health benefits. Today’s selection: premium dragon well long jing. It has a nice smell and its quite mellow.

Fri, 30 Jan 2026 19:12:26 -0400

I downloaded the hobonichi app to see if I liked it more than day one. It is cuter which may help me stick, but I like the encrypted option of day one and with day one I can use the android share sheet and get thoughts like these into Micro.blog. I’m going to give each a month and then decide.

App Defaults 2026

Fri, 30 Jan 2026 09:46:42 -0400

Quite a few changes from my last update in 2023:

📧 Email Client (Web): Fastmail

📧 Email Client (Android): e/os default mail app (K-9 Mail fork)

🕸️ Website: Micro.blog & Namecheap

📝✅ Notes + Todos: Index cards, Micro.blog private notes (both notes and todos), and Logseq (for work notes)

📔 Journal: Hobonichi 5 year, trying out Day one

📸 Photo Management: Ente

🗓️ Calendar (Web): Fastmail

🗓️ Calendar (Android): e/os default calendar app

🎁 Cloud file storage (unencrypted): Fastmail

🎁 Cloud file storage (encrypted): 1password

👽 Contacts: e/os default Android app

🌐 Browser: Brave (hoping for Kagi browser soon)

🔎 Search Engine: Kagi

💬 Chat: e/os default + Signal

🔖 Bookmarks: Micro.blog

💵 Budgeting: self-hosted dumb budget app

💵 Personal Finance: Micro.blog private notes (self aggregated data)

📰 News: Allsides

🔐 Password Management: 1password

🎨 Photo Editing: Paint.Net

👩‍💻 Code Editor: Visual Studio Code or Visual Studio

📚 Books: Self-hosted - audiobookshelf + physical copies

Wed, 28 Jan 2026 22:36:49 -0400

I had a good time attending a virtual Homebrew Website Club meeting this evening while I worked on my blog redesign. I was inspired by a codepen I came across for a journal with flipping pages done with CSS. The design only shows for desktop and its still a work in progress, but I’m having a blast.

Tue, 27 Jan 2026 21:37:52 -0400

I didn’t realize day one now had a web app and an android app. I’m going to have to check it out.

Fri, 23 Jan 2026 13:35:24 -0400

Planting bamboo along a driveway is fun! Ignore that it’s impassable mess when covered in snow. Every winter storm we need to keep shaking the snow off to keep it from freezing to the ground. Maybe this is why the previous owner left 🤣 (they planted it).

Sun, 11 Jan 2026 13:19:06 -0400

I forgot how loud an indoor water park can get. The kids are having fun though 😄

Thu, 01 Jan 2026 13:40:31 -0400

We’ve been sick with the flu the last two weeks so I’ve done zero prep for the new year. But waking up to a fresh dusting of snow was nice.

Fri, 26 Dec 2025 13:33:04 -0400

I had a lovely holiday and I’m on vacation until the new year. I’m going to spend time catching up on my five year journal and planning out the next five years. There are college plans for one kid, figuring out high school plans for another and finishing up my “homeschooling the kids” journey.

Supabase, Deno and Server Side Rendering

Mon, 22 Dec 2025 11:16:37 -0400

A project I’m currently working on is using Supabase for its database and authentication layer. And so far so good. That is until I wanted to move all the calls to the Supabase API server side for server side rendering (SSR). Now, they do have lots of documentation and tutorials out there and a bunch of third party tutorials all over the web. But nothing quite fit what I was trying to do. I’m using Deno, for server side JavaScript, and I figured with Supabase’s SSR package it would be a pretty easy to implement. You know what they say about assumptions 😆

Since I’m not using any additional framework, their tutorial documentation wasn’t all that helpful. But it did give me enough of a sense of what I needed to do. Which boils down to setting cookies, reading cookies, and calling the Supabase client library. Then digging around Github, Github Issues, and Stack Overflow I eventually pieced it together.

So, to maybe save someone else (or an AI scraper) some time in the future. Here is I tied up Supabase SSR with Deno and no additional framework:

Putting it all together

Logging in a user

I’ve saved some key info in enviromental variables, namely Deno.env.get("SUPABASE_URL") and Deno.env.get("SUPABASE_ANON_KEY")
I’m importing the supabase client with the following statement at the top of my main.js file: import { createClient } from "jsr:@supabase/supabase-js@2"
I have a login page with a simple HTML form that does a POST request to an endpoint and then calls the createClient to determine if the credentials are correct and we have a valid user logging in. This method also creates three cookies with the request. The first two are domain bound, secure, and HTTP Only cookies with expirations.
1. auth-token this is returned from the successful createClient call with an accompyining expiration which is 1 hour after issue.
2. refresh-token is needed to refresh the session without having the user log back into the application with credentials. If you need it to stick around longer, adjust the MaxAge
3. auth-issued-at is needed for the client to calculate when to prompt the user if they want to continue with their session (for my use case, 5 minutes before the auth-token expires). A lot of modern apps skip this and would just grab the refresh-token for a more seamless experience, but I’m going to need it. Also this cookie is not HTTP only, since I need to access the value on the client.

Here is the code so far (simplified)

import { createClient } from "jsr:@supabase/supabase-js@2";
const _domain = 'my-awesome-app.com';

Deno.serve(async (req) => {
    if (new URLPattern({ pathname: "/sign-in" }).exec(req.url)) {
        if (req.method === "POST") {
            const value = await req.formData();
            const email = value.get('email');
            const password = value.get('password');
            supabase = createClient(Deno.env.get("SUPABASE_URL"), Deno.env.get("SUPABASE_ANON_KEY"));
            const { data, error } = await supabase.auth.signInWithPassword({ email, password });
            if (error || data.session == null || data.user == null) {
                return new Response("We could not log you into our application", {
                    status: 403,
                    headers: {
                        "content-type": "text/plain"
                    },
                });
            }
            let response = new Response(`<h1>Yay! Go to your <a href="/dashboard">dashboard</a></h1>`, {
                status: 200,
                headers: {
                    "content-type": "text/html",
                },
            });
            response.headers.append("set-cookie", `auth-token=${data.session.access_token};domain:${_domain};SameSite=Lax;Path=/;Secure;HttpOnly;MaxAge=${data.session.expires_in}`);
            response.headers.append("set-cookie", `refresh-token=${data.session.refresh_token};domain:${_domain};SameSite=Lax;Path=/;Secure;HttpOnly;MaxAge=${data.session.expires_in}`);
            response.headers.append("set-cookie", `auth-issued-at=${Date.now()};domain:${_domain};SameSite=Lax;Path=/;Secure;MaxAge=${60 * 60 * 24 * 180}`);
            return response;
        } else if (req.method === "GET") {
            const signInTemplate = new TextDecoder().decode(await Deno.readFile("layouts/sign-in.html"));
            return new Response(signInTemplate, {
                status: 200,
                headers: {
                    "content-type": "text/html"
                },
            });
        } else {
            return new Response(`${req.method} is not supported`, { status: 405 });
        }
    }
});

Reading the saved cookies on the server

Cookies are passed along with each request from the browser. I use a simple function that takes in the request, finds the cookie I ask for and then passes back the value.

// req is the request object from Deno.serve
// name is the name of the cookie to find
function getCookieValue(req, name) {
    const cookies = req.headers.get("cookie") ? req.headers.get("cookie").split('; ') : [];
    let cookieValue = cookies.filter(cookie => cookie.includes(`${name}=`));
    cookieValue = cookieValue.length > 0 ? cookieValue[0].split('=')[1] : '';
    return cookieValue;
}

Protecting endpoints

Create a user-aware Supabase client. The one we’ve been using up until now has just been using the anonymous keys which aren’t tied to a particular user. However, the database has been set up with a bunch of Row-Level Security (RLS) Policies that do care who the user is. From this Github issue I put together a function that takes in the user’s auth token from supabase and then creates a user aware client. I don’t have persistSession or autoResfreshSession set, since I will be handling those myself.
Every protected route calls my verify user function that takes a users auth token, verifys the token with a call to the unauthenticated Supabase client and if it looks good, creates and sets the user-aware Supabase client that the rest of the code for that endpoint will use.
If the auth token is expired or bad, send that information back with the request so my webpage can redirect the user to a login page. (NOTE, some may just grab the refresh token now and use it, depends on business requirements)

let _supabase = null;

//https://github.com/supabase/supabase/issues/8490#issuecomment-1219766620
function createServerDbClient(accessToken) {
    return createClient(Deno.env.get("SUPABASE_URL"), Deno.env.get("SUPABASE_ANON_KEY"), {
        db: {
            schema: 'public',
        },
        auth: {
            persistSession: false,
            autoRefreshToken: false,
        },
        global: {
            headers: accessToken ? {
            Authorization: `Bearer ${accessToken}`,
            } : null,
        },
    });
}

// called before any protected endpoint and result checked.
// req is the request object from Deno.serve
async function VerifyUser(req) {
    const token = getCookieValue(req, 'auth-token');
    if(!token) {
        return {verified: false, error: `No token found`};
    }
    // unauthenticated supabase client
    const supabaseClient = createClient(Deno.env.get("SUPABASE_URL"), Deno.env.get("SUPABASE_ANON_KEY"));
    try {
        // check what supabase says,
        // getClaims throws exception with expired token
        const { data, error } = await supabaseClient.auth.getClaims(token);
        if (error) {
            return {verified: false, error: error};
        }
    } catch {
        return {verified: false, error: 'Supabase client exception thrown'};
    }
    // looks good, let the user through and set the supabase client for use
    _supabase = createServerDbClient(token);
    return {verified: true, error: null};
}

This will work… for an hour

Calls to my protected endpoint will work for an hour before that auth token expires. So, I needed to check on the webpage when the token is going to expire so I can alert the user. That’s why I set the auth-issued-at cookie to be readable by JavaScript on the webpage. The basic plan is to figure out the current time, the time the auth code was issued and how long it has left. For my purposes, I do the following:

Longer that 5 minutes left? Create a call to setTimeout that will alert the user when they have five minutes left.
Less than 5 minutes? Alert the user.
Expired? Send the user to the login page.

The alert is a modal that lets the user choose to continue working (i.e. refresh the session) or to log them out. Assuming they want to continue then I call the endpoint to refresh the session. But there is the case to consider that the alert was up and received no input for longer than the time to expire. In that case I show another alert on any interaction that the session expired and kick them back to the login page.

Using the refresh token

I protect the refresh endpoint just like I do other protected endpoints, I make sure the user has a valid and unexpired token before letting a call go through. This is a business requirement I have, others for a more seamless workflow may allow a refresh token to be used after a session has already expired.

The trickest part was figuring out what endpoint to call. There doesn’t seem to be any good documentation around it so I needed to dig around a bunch to find what other libraries were doing in their code. But once the sleuthing was done it was pretty straight forward.

// verify the user can access restricted content
const verify = await VerifyUser(req);
if(!verify.verified) {
  return new Response(`Please log back in: ${verify.error}`, {
    status: 404,
    headers: {
      "content-type": "text/html"
    },
  });
}    

// user requested to refresh the session
  if(new URLPattern({ pathname: "/refresh_session" }).exec(req.url)) {
    if (req.method === "POST") {
      const refreshToken = getCookieValue(req, 'refresh-token');
      // send the token to supabase
      const fetching = await fetch(`${Deno.env.get("SUPABASE_URL")}/auth/v1/token?grant_type=refresh_token`, {
        method: 'POST',
        headers: {
          'Content-Type': 'application/json',
          'apikey': Deno.env.get("SUPABASE_ANON_KEY")
        },
        body: JSON.stringify({
          refresh_token: refreshToken,
        })
      });
      const data = await fetching.json();

    // if we don't get a new token, then the refresh failed
    if(!data.access_token) {
      return new Response('Refresh failed', {
        status: 403,
        headers: {
          "content-type": "text/html",
        },
      });
    }

    // everything worked, refresh the cookies
      let response = new Response('Processed', {
        status: 200,
        headers: {
          "content-type": "text/html",
        },
      }); 

      response.headers.append("set-cookie",`auth-token=${data.access_token};domain:${_domain};SameSite=Lax;Path=/;Secure;HttpOnly;MaxAge=${data.expires_in}`);
      response.headers.append("set-cookie",`refresh-token=${data.refresh_token};domain:${_domain};SameSite=Lax;Path=/;Secure;HttpOnly;MaxAge=${data.expires_in}`);
      response.headers.append("set-cookie",`auth-issued-at=${Date.now()};domain:${_domain};SameSite=Lax;Path=/;Secure;MaxAge=${60*60*24*180}`);
      return response;
    } else {
      return new Response(`${req.method} is not supported`, { status: 405 });
    }
  }

And done!

Now I have a blueprint on how to log users in, save the needed cookies, and how to use the refresh token to get another auth token when needed.

Wed, 19 Nov 2025 08:44:37 -0400

Work has been so demoralizing the last couple of weeks (well, for years but it has really ramped up). Sigh. I think I might use some vacation time and try to reset my mindset.

Tue, 18 Nov 2025 19:43:30 -0400

So my son dropped his phone (again*100) and the screen is totally busted. Good thing its a Fairphone. Replacement is ordered and I’ll teach him how to install it 😎

Tue, 18 Nov 2025 09:45:58 -0400

My kung fu brother and I had our second tournament! I did four tai chi events, 24 movement, 42 movement, short yang fan and yang broadsword. Taking a very serious photo is a tradition at my school 😁