client->local proxy->server->local proxy->client 

first attempt: rust 
build a simple proxy server that only modifies header
encountered unknown requests that caused errors, 
debugging it requires serious effort, and since rust isn't my comfort zone,
drop it 

second attempt: python 
mitmproxy(socks5) 
works fine til /tokenLogin 
after hits /forbidDomain, all connection stops 

mitmproxy(http)
can't intercept anything at all, 
likely an issue with the proxifier, but couldn't find an open source http proxifier 

mitmproxy(transparent) 
works but cert issues in other requests
if I could hook the client and modify system proxy settings based on client status ...
nah maybe just releasing the proxy after sending /tokenLogin might work 
but still need to build http proxifier myself which is a hassle

third attempt: fiddlerscript(jscript.net) 
provide users a script to modify headers and configure fiddler themselves 
best result with minimal effort
but jscript.net is too niche and needs hard obfuscation 

conclusion:
ideal approach would be to build my own http proxifier that enables/disables proxying based on request modifications
however it requires too much effort for such a minor use case
let's just stick with the fiddler for now .

hsm - hsmserver - kmsserver - web
senior seems to want to implement with Spring, but i hate java shit
how about utilizing existing management tool(next.js) instead - isn't that why we build it for scalability in the first place?

makes more sense to:
keep hsm's native api calls backend-only
route web-facing apis through next.js
would be better for both maintenance and security

can't do much since there's no docs, comments or at least README - just raw code dumped everywhere, even build files are scatterd all over making it untouchable
i understand he developed solo without assuming future developers coming but -
does this native api actually supports pkcs11, jce, simple applications all? feel like there was one more though

> world is forcing https even on my little homeserver
> CORS errors fugging everywhere, expected
> need to make my charm api back from the dead
> server has run out of storage, it's time to use cloudflare worker

https -[BLOCKED_BY_CORS]> cloudflare worker -[BLOCKED_BY_CF]> direct IP flask backend
hell .

CORS got tamed eventually, but CF worker was still shitting all around
nip.io was pretty good idea, but nah it did not vibe with my env
let's throw it for a while, i'm the only one dealing with all these stresses .

> was 3 months back
> now i'm a bit familiar with serverless, thanks to corp's grind
> got stronger. can wrestle this now
> ditched CF, went serverless with vercel

few futile attempts later, yeah, made it work. my idea wasn't wrong from the start
the worst shit is just owncast itself. don't even need it anymore - already swapped all buggy thing to my own solution

laziness is always a problem .
anyway i learned how to use gitlens properly through this bullshittery

> spent whole damn weekend grinding on this project 
> CO-WORKERS just straight-up rejected the whole shit
yeah. fuck you .
fuck you all .
fuck you notion .