惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

月光博客
月光博客
Cyberwarzone
Cyberwarzone
L
LINUX DO - 最新话题
N
News and Events Feed by Topic
T
Troy Hunt's Blog
Help Net Security
Help Net Security
S
Security @ Cisco Blogs
Google DeepMind News
Google DeepMind News
Security Archives - TechRepublic
Security Archives - TechRepublic
M
MIT News - Artificial intelligence
G
Google Developers Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
V2EX - 技术
V2EX - 技术
Y
Y Combinator Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
大猫的无限游戏
大猫的无限游戏
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Microsoft Security Blog
Microsoft Security Blog
Cisco Talos Blog
Cisco Talos Blog
T
Threatpost
Recent Commits to openclaw:main
Recent Commits to openclaw:main
S
SegmentFault 最新的问题
I
InfoQ
H
Hacker News: Front Page
D
Docker
Scott Helme
Scott Helme
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Blog — PlanetScale
Blog — PlanetScale
人人都是产品经理
人人都是产品经理
博客园 - 叶小钗
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
N
Netflix TechBlog - Medium
AWS News Blog
AWS News Blog
Know Your Adversary
Know Your Adversary
博客园 - 【当耐特】
T
Tor Project blog
U
Unit 42
H
Heimdal Security Blog
Microsoft Azure Blog
Microsoft Azure Blog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
P
Privacy & Cybersecurity Law Blog
PCI Perspectives
PCI Perspectives
美团技术团队
O
OpenAI News
T
Tailwind CSS Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
B
Blog
GbyAI
GbyAI
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
MyScale Blog
MyScale Blog

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
I Built a Full-Stack E-Commerce Website Entirely with AI. Here's What Actually Happened
kathan · 2026-05-04 · via DEV Community

Everyone is talking about AI replacing developers. I wanted to test that claim with a real project — not a tutorial, not a todo app, but a production-grade full-stack application with real business requirements. The result is Craftura Fine Furniture: a complete furniture manufacturing website with B2B and B2C ordering, an admin panel, analytics dashboard, CMS, SEO, dark/light mode, email notifications, and WhatsApp integration. Built with Next.js 14, Prisma ORM, and SQLite.

This is the honest account of that experience. What AI built brilliantly. Where it fell short. The bugs it introduced that only a developer could catch. And the final cost comparison that will surprise you.

The Project Scope — What Was Actually Built
Before evaluating AI's contribution, it is worth being specific about what Craftura actually contains. This was not a simple storefront. The final application has:

Customer-facing: Product browsing with search and category filters, product detail pages with image galleries, an inquiry cart (multi-item, B2B-style), order tracking with animated status progression, order self-cancellation, a project gallery with masonry layout and lightbox, a bulk orders page for B2B quote requests, WhatsApp integration on every key action, and dark/light mode persisted across sessions.

Admin panel: Analytics dashboard with charts (bar, donut, trend line), manufacturing cost report, repeat customer detection, revenue forecast widget, data export to CSV and Excel, product CRUD with drag-and-drop image upload, category management, order status management, inquiry management, gallery management, and a CMS for editing site content and toggling navigation items on and off.

Technical: 9 Prisma database models, JWT authentication with middleware route protection, Nodemailer email notifications, dynamic sitemap.xml, robots.txt, JSON-LD structured data, per-page Open Graph metadata, and PostgreSQL-ready schema migration in 2 line changes.

That is a serious amount of software. Let me tell you how AI contributed to building it.

How AI Actually Helps — The Real Workflow
The workflow was not "tell AI what to build and deploy what it gives you." That is a fantasy. The real workflow was iterative — describe a requirement, review the output, test it, identify what was wrong, correct it, and move on. Think of AI as an extremely fast junior developer who writes code instantly but needs careful supervision.

Where AI genuinely accelerated development:

Boilerplate and structure — setting up the Next.js 14 App Router structure, configuring Prisma with the initial schema, wiring up Tailwind CSS, creating the base layout components. Work that would have taken half a day manually was done in minutes.

Repetitive CRUD operations — once the pattern for one API route was established (say, products), AI generated the equivalent for categories, orders, inquiries, and gallery items in seconds. Clean, consistent, following the same patterns.

Boilerplate-heavy features — the email notification templates, the WhatsApp link builder, the JWT auth utilities, the Prisma client singleton — all of these are well-understood patterns that AI executes reliably.

// Example: AI generated this Prisma schema from a plain description
// "I need products with multiple images, categories, B2B/B2C ordering,
// and a gallery with featured items"

model Product {
  id          String         @id @default(cuid())
  name        String
  slug        String         @unique
  description String?
  price       Float?
  minOrderQty Int            @default(1)
  isFeatured  Boolean        @default(false)
  isActive    Boolean        @default(true)
  categoryId  String
  category    Category       @relation(fields: [categoryId], references: [id])
  images      ProductImage[]
  orderItems  OrderItem[]
  createdAt   DateTime       @default(now())
  updatedAt   DateTime       @updatedAt
}

model Order {
  id           String      @id @default(cuid())
  orderNumber  String      @unique
  customerName String
  email        String
  phone        String?
  orderType    String      @default("B2C") // B2C | B2B
  status       String      @default("PENDING")
  // PENDING → CONFIRMED → IN_PRODUCTION → DELIVERED | CANCELLED
  totalAmount  Float?
  notes        String?
  items        OrderItem[]
  createdAt    DateTime    @default(now())
  updatedAt    DateTime    @updatedAt
}

// AI generated all 9 models correctly from plain English descriptions
// This saved approximately 2-3 hours of schema design

Enter fullscreen mode Exit fullscreen mode

What AI Got Wrong — The Bugs Only a Developer Catches
This is the section most AI enthusiasm articles skip. AI makes mistakes. On Craftura, here are the real issues that appeared — and why non-technical users would never have caught them.

Bug 1: The Middleware Import That Broke Everything
AI generated the admin route protection middleware by importing a server-side utility (the JWT verification function) that internally uses next/headers. Next.js 14 middleware runs in the Edge Runtime — it cannot import Node.js APIs or anything that chains into them. The result was a cryptic runtime error that had nothing to do with authentication logic and everything to do with the execution environment.

// WRONG — what AI initially generated
// This crashes because verifyToken uses next/headers internally
import { verifyToken } from '@/lib/auth' // ← chains into next/headers

export async function middleware(request: NextRequest) {
  const token = request.cookies.get('admin-token')?.value
  const user  = await verifyToken(token) // ← crashes in Edge Runtime
  if (!user) return NextResponse.redirect(new URL('/admin/login', request.url))
}

// CORRECT — after identifying and fixing the issue
// Manually decode JWT in middleware without importing server utilities
import { jwtVerify } from 'jose'

export async function middleware(request: NextRequest) {
  const token  = request.cookies.get('admin-token')?.value
  if (!token) return NextResponse.redirect(new URL('/admin/login', request.url))

  try {
    const secret = new TextEncoder().encode(process.env.JWT_SECRET)
    await jwtVerify(token, secret)
    return NextResponse.next()
  } catch {
    return NextResponse.redirect(new URL('/admin/login', request.url))
  }
}

// This fix required understanding Next.js Edge Runtime constraints
// A non-developer would have no idea why the original code failed

Enter fullscreen mode Exit fullscreen mode

Bug 2: The Infinite Redirect Loop
The middleware AI generated also caused an infinite redirect loop because it matched too broadly — intercepting even the login page itself and redirecting unauthenticated users to login, which then matched again, which redirected again. A browser hard refresh would spin forever. The fix required understanding how Next.js middleware matchers work and explicitly excluding the login route from protection.

// WRONG — matches /admin/login too, causes infinite redirect loop
export const config = {
  matcher: ['/admin/:path*']
}

// CORRECT — explicitly exclude the login page
export const config = {
  matcher: [
    '/admin/:path*',
    '/((?!admin/login|api/auth|_next/static|_next/image|favicon.ico).*)'
  ]
}

// Or more precisely — protect specific admin paths only:
export const config = {
  matcher: [
    '/admin',
    '/admin/analytics/:path*',
    '/admin/products/:path*',
    '/admin/orders/:path*',
    '/admin/categories/:path*',
    '/admin/inquiries/:path*',
    '/admin/gallery/:path*',
    '/admin/content/:path*',
  ]
}

Enter fullscreen mode Exit fullscreen mode

Bug 3: The Analytics Charts Without a Library
The analytics dashboard required charts — bar charts for order volume over time, a donut chart for B2B/B2C split, a trend line for revenue. AI's first attempt imported Chart.js. When asked to build without any external library (to avoid bundle size overhead), it generated pure SVG charts. These looked correct but had a calculation error in the SVG coordinate mapping that caused bars to render at wrong heights when values were not evenly distributed. Finding this required reading the SVG path math and understanding how SVG viewBox coordinates work — not something a non-developer would spot visually until a client pointed out that the chart showed wrong numbers.

The Accuracy Question — What Can You Trust?
After building Craftura, my honest assessment of AI accuracy breaks down into three tiers:

High accuracy (trust but verify):
Database schema design, API route structure, Prisma queries, Tailwind CSS styling, TypeScript type definitions, email templates, environment variable setup. AI handles these reliably. Review them but expect them to work.

Medium accuracy (always test thoroughly):
Authentication flows, form validation, client-side state management, Next.js App Router patterns. AI gets these mostly right but introduces subtle issues — especially around Next.js-specific constraints like Edge Runtime, server vs client components, and caching behaviour. Always test end-to-end.

Lower accuracy (expect to rewrite):
Complex business logic, data visualisation calculations, performance optimisation, security hardening. AI gives you a starting point but the logic will often have edge cases or calculation errors. Plan to spend real development time on these.

The Cost Comparison — What This Would Have Cost
Let me be specific. Craftura has approximately 50+ files of production TypeScript code across the app, components, lib, prisma, and API directories. This includes 17+ pages, 20+ API routes, 9 database models, and a full admin panel.

Estimated development time breakdown:

Without AI assistance (senior developer estimate):
Database schema + Prisma setup: 1 day
Customer-facing pages (8 pages): 4–5 days
Admin panel (10 pages): 5–6 days
API routes (20+ endpoints): 3–4 days
Authentication + middleware: 1 day
Email + WhatsApp integration: 1 day
SEO + metadata + JSON-LD: 1 day
Analytics dashboard with charts: 2–3 days
Testing + debugging: 3–4 days
Total: approximately 21–26 days

With AI assistance (what actually happened):
AI generation + review + iteration: approximately 8–10 days

Time saved: roughly 60–65%

At a senior developer rate of $55–70/hr, 15 saved days represents $6,600–$8,400 in development cost. The AI subscription cost for the same period: under $50.

Why Technical Knowledge is Still Non-Negotiable
This is the part I want to be honest about — because the "anyone can build anything with AI" narrative is genuinely misleading and setting people up for problems.

On Craftura alone, catching and fixing the real issues required knowing:

Next.js Edge Runtime constraints — understanding that middleware cannot use Node.js APIs and why, then knowing how to use jose instead of a custom JWT utility

HTTP security principles — recognising that the default admin password and JWT secret should never appear in a public repository, even in example files

Database design — reviewing the generated Prisma schema and understanding whether the relationships, indexes, and cascade rules were appropriate for the actual access patterns

SVG coordinate systems — reading the chart math and identifying where the viewBox calculation was wrong

Next.js caching behaviour — knowing when to add revalidate or cache: 'no-store' to API calls that return real-time data like order statuses

None of these are things a non-developer would know to look for. AI would have happily shipped all of them. The middleware bug in particular would have meant the admin panel appeared to work but was not actually protected — any path traversal would have exposed the admin to unauthenticated access.

The Right Mental Model for AI-Assisted Development
After building Craftura, here is how I think about AI as a development tool:

AI is a force multiplier, not a replacement. A senior developer with AI assistance can do the work of 2–3 developers. A non-developer with AI assistance will produce code that appears to work but contains security vulnerabilities, logic errors, and architectural problems that they cannot identify.

The value is in the review, not the generation. Anyone can generate code with AI. The skill is knowing what to ask for, reading what comes back, identifying what is wrong, and knowing how to fix it. That skill requires the same technical foundation it always did.

AI accelerates the known, not the unknown. For established patterns — CRUD APIs, authentication, form handling, database queries — AI is extraordinarily fast and accurate. For novel problems, complex business logic, or framework-specific edge cases, AI is a starting point that needs significant developer input.

The cost saving is real, but so is the responsibility. Craftura was built significantly faster and cheaper with AI. But it was also built correctly because a developer reviewed everything. The cost saving disappears rapidly if you have to fix production bugs that a code review would have caught.

What I Would Do Differently
If I were to build Craftura again with AI assistance, I would change three things:

  1. Define the architecture first, then generate. I would write a complete technical specification — database schema, API contract, component hierarchy — before generating any code. AI follows a good spec precisely. Asking it to figure out the architecture as it goes produces inconsistencies.

  2. Generate one module at a time and test before proceeding. I would not generate the full admin panel and then start testing. I would generate one route, test it completely, then generate the next. Bugs compound when you generate everything first and test later.

  3. Keep a context file for long sessions. I actually did this for Craftura — the .ai/ folder in the repository contains session context files that I gave to the AI at the start of each development session so it had the full architecture, schema, and patterns in context. This was one of the biggest productivity improvements — the AI produced consistent, pattern-following code because it knew the existing codebase.