Yesterday I had a user reachout via email because his account became inaccessible when he updated it.

This was something I didn't realize could happen... so it was fun recreating this scenario locally.

Basically he somehow bypassed the lowercase requirement for the updateUsername endpoint. So in the DB, his name was uppercase. And the SQL query was searching for his exact username without doing LIKE (by design).

It was failing on that getProfile endpoint and showing a Whoops screen. 😬 Should be a 404 screen, I know. I'm working on it.

Since then, I added Sentry logging to the backend and frontend.

And this showed me there were endpoints still being triggered nightly to remove stale data. (I forgot to remove). And these endpoints were getting 401's. I'm thinking who TF is triggering these endpoints. I soon realized those specific endpoints needed keys that expired monthly. 🤦‍♂️