Forem: Taufiqul Islam

How Software Engineers Can Stay Relevant in the Age of AI

Taufiqul Islam — Mon, 08 Dec 2025 05:59:56 +0000

Imagine waking up one day to find that the skills you’ve spent years mastering are suddenly being performed faster, cheaper, and more efficiently by AI. This isn’t science fiction - it’s the reality facing software engineers today.

In 2001, a professor told his students that software engineering was a golden ticket to job security. Fast forward to 2025, and the CEO of GitHub declared that the future of programming is natural language. The prediction came true - but not in the way anyone expected. AI is now capable of writing code, fixing bugs, and even generating entire projects from natural language prompts. Tools like GitHub Copilot and ChatGPT are changing the game, raising a critical question:
How can software engineers stay relevant in an era where AI is becoming a co-pilot- or even a competitor?⛔

Don’t be afraid, this isn’t the end of software engineering. It’s the beginning of a new chapter. Let’s explore how you can not only stay relevant but thrive in the age of AI.

🧠 1. AI’s Capabilities and Limitations: What You Need to Know

💪 What AI Can Do

Generate code fast: Can produce large, functional codebases within seconds.
Translate languages: Converts code between languages (e.g., Python ⇄ JavaScript).
Automate fixes & tasks: Helps with debugging, testing, repetitive work, and UI generation.

🙏 What AI Can’t Do

Understand the “why”: Lacks human intuition and real context.
Think strategically: Can’t handle long-term planning, trade-offs, or ethics well.
Communicate & collaborate: Cannot replace human empathy or teamwork.
Be fully reliable: May hallucinate or produce incorrect code; most AI code still needs human review.

📌 AI is like a brilliant junior developer, it can do a lot quickly, but it’s up to us to define the vision, validate the results, and ensure what we’re building is good for society.

🛠️ 2. The Evolving Role of Software Engineers: Beyond Coding

Software engineering has never been just about writing code. It’s about solving problems, understanding user needs, and making tough decisions.

In the AI era, the role of engineers is evolving:

Look at the image, and you’ll understand why engineers are still essential.

Understanding AI: Engineers don’t just prompt AI - they understand the models, data pipelines, and risks.
Building Better Software: Anyone can prototype a demo with AI, but engineers build scalable, maintainable, and secure systems.
Improving AI: Engineers fine-tune models, optimize performance, and make AI accessible to everyone.

📌 We’re not just building software anymore - we’re building the future of intelligence itself.

📚 3. How to Prepare for the Future: Foundations & Practical Steps

Master the Foundations

Data Structures and Algorithms: These are the bedrock of adaptability. Spend time mastering them.
Full-Stack Thinking: The days of specializing in just frontend or backend are fading. Future engineers must be versatile, bridging gaps between design, product management, and data.

Develop Soft Skills

Communication and Collaboration: AI can’t replace human connection. Engineers who can explain complex ideas and work well in teams will stand out.
Leadership: Engineers are becoming leaders - not just of teams, but of AI itself.

Embrace AI as a Creative Partner

Use AI to prototype, automate repetitive tasks, and explore generative tools.
Treat AI like a teammate discuss projects, delegate work, and iterate together.

Stay Adaptable

Tools change, but principles like critical thinking and problem-solving endure.
Focus on learning how to learn. Adaptability will define leadership in the AI era.

📌 In the future, engineers won’t just lead teams - they’ll lead AI too.

Final Thoughts: Are You an AI Zombie or an AI Master?

So, here’s the deal: AI isn’t just knocking on the door - it’s already inside, raiding your fridge and rearranging your code. The question is, are you using AI, or is AI using you?

Let’s talk numbers, because numbers don’t lie (unless they’re generated by AI, of course):

55% of developers are using tools like GitHub Copilot. If you’re not in that 55%, congratulations! You’re officially a manual laborer in a world of cyborgs. Enjoy your handwritten loops and debugging marathons.
Only 30% of those developers accept AI - generated code without changes. If you’re in that 30%, you’re in danger, my friend.

68% of developers (per Stack Overflow 2025) use AI tools daily, cutting repetitive tasks by 40%.

📌 The future isn’t about fearing AI - it’s about mastering it.

Share your thoughts: How are you adapting to AI in your work? Let’s discuss in the comments!
Stay curious: Follow tech blogs, attend webinars, and experiment with AI tools.
Keep learning: The best engineers never stop growing.

Next.js 15 Authentication with nextAuth.js , App Router and Middleware

Taufiqul Islam — Thu, 29 May 2025 15:07:21 +0000

Here's a comprehensive guide to setting up authentication in Next.js 15 using the App Router, middleware, and NextAuth.js.

Folder Structure
Here's a visual representation of the folder structure :

/src/
├── app/
│   ├── auth/
│   │   ├── login/
│   │   │   └── page.tsx
│   │   └── register/
│   │       └── page.tsx
│   ├── dashboard/
│   │   └── page.tsx
│   ├── api/
│   │   └── auth/
│   │       └── [...nextauth]/
│   │           └── route.ts
│   ├── provider.tsx
│   ├── layout.tsx
│   └── page.tsx
├── middleware/
│   └── middleware.ts
├── lib/
│   ├── auth.ts
│   └── next-auth.d.ts

🔐 1. Authentication Setup : /app/api/auth/[...nextauth]/route.ts

Sets up the API route for NextAuth using handlers imported from the central auth config (/lib/auth.ts).

import { GET, POST } from "@/lib/auth";
export { GET, POST };

⚙️ 2. Auth Configuration : /lib/auth.ts
Defines NextAuth options, including the credentials provider, JWT/session callbacks, token refresh logic, and error handling.

import NextAuth, { type NextAuthOptions } from "next-auth";
import Credentials from "next-auth/providers/credentials";

import { AxiosError } from "axios";
import { post } from "./api/handlers";

type LoginResponse = {
  accessToken: string;
  refreshToken: string;

  user: {
    _id: string;
    stdId: string;
    name: string;
    email: string;
    hallName: string;
    description: string;
    role: string;
  };
};

const authOptions: NextAuthOptions = {
  providers: [
    Credentials({
      name: "Credentials",
      credentials: {
        email: { label: "Email", type: "email" },
        password: { label: "Password", type: "password" },
      },
      authorize: async (credentials) => {
        if (credentials === null) throw new Error("Missing credentials");

        try {
          const response = await post<LoginResponse>(
            "/api/auth/login",
            {
              email: credentials?.email,
              password: credentials?.password,
            },
            {
              "Content-Type": "application/json",
            },
          );
          console.log("API Response:", response);

          if (response.accessToken) {
            // Return an object that matches your User interface
            return {
              id: response.user._id,
              email: response.user.email,
              name: response.user.name,
              accessToken: response.accessToken,
              refreshToken: response.refreshToken,
              user: response.user,
            };
          }
          return null;
        } catch (error) {
          if (error instanceof AxiosError) {
            throw new Error(error.response?.data?.message || "Login failed");
          }
          console.error("Authentication error:", error);
          throw new Error("Login failed");
        }
      },
    }),
  ],
  callbacks: {
    jwt: async ({ token, user }) => {
      if (user) {
        // Include both the required fields and your custom data
        token.id = user.id;
        token.email = user.email;
        token.name = user.name;
        token.accessToken = user.accessToken;
        token.refreshToken = user.refreshToken;
        token.user = user.user;
        token.accessTokenExpires = Math.floor(Date.now() / 1000) + 60;
      }
      // Check if the current time is past the access token's expiry time
      const now = Math.floor(Date.now() / 1000);
      if (token.accessTokenExpires && now > token.accessTokenExpires) {
        try {
          // Attempt to refresh the access token
          const response = await post<{ accessToken: string }>(
            "/api/auth/refresh-token",
            {
              refreshToken: token.refreshToken,
            },
            {
              "Content-Type": "application/json",
            },
          );

          // Update the token with the new access token
          token.accessToken = response.accessToken;
          token.accessTokenExpires = now + 60; // Set new expiry time (1 minute from now)
        } catch (error) {
          console.error("Error refreshing access token", error);
          // Handle refresh token error (e.g., redirect to login)
          return { ...token, error: "RefreshAccessTokenError" };
        }
      }

      return token;
    },
    session: ({ session, token }) => {
      if (token) {
        session.user = {
          ...session.user,
          // id: token.id,
          email: token.email,
          name: token.name,
        };
        (session as any).accessToken = token.accessToken;
        (session as any).user = token.user;
      }
      return session;
    },
    redirect: async ({ url, baseUrl }) => {
      // Redirect to login page if there's an error with the refresh token
      if (url === baseUrl) {
        return `${process.env.NEXT_PUBLIC_BASE_URL}/login`;
      }
      return url;
    },
    // authorized: async ({ auth }) => {
    //   return !!auth;
    // },
  },
  pages: {
    signIn: "/login",
    error: "/login",
  },
  session: {
    strategy: "jwt" as const,
  },
  debug: process.env.NODE_ENV === "development",
  secret:
    process.env.NEXTAUTH_SECRET,
};

const handler = NextAuth(authOptions);

export { handler as GET, handler as POST, authOptions };
export const auth = handler.auth;

📄 3. Type Definitions: /lib/next-auth.d.ts
Extends NextAuth types (Session, User, and JWT) to include custom user data like role, hallName, and refreshToken.

import NextAuth from "next-auth";

declare module "next-auth" {
  interface Session {
    accessToken: string;
    refreshToken: string;
    user: {
      _id: string;
      stdId: string;
      name: string | null | undefined;
      email: string | null | undefined;
      hallName: string;
      description: string;
      role: string;
    };
  }

  interface User {
    id: string;
    accessToken: string;
    refreshToken: string;
    user: {
      _id: string;
      stdId: string;
      name: string;
      email: string;
      hallName: string;
      description: string;
      role: string;
    };
  }
}

declare module "next-auth/jwt" {
  interface JWT {
    id?: string;
    email?: string | null;
    name?: string | null;
    accessToken?: string;
    refreshToken?: string;
    accessTokenExpires?: number;
    error?: string;
    user?: {
      _id: string;
      stdId: string;
      name: string;
      email: string;
      hallName: string;
      description: string;
      role: string;
    };
  }
}

🧱 4. Middleware : /middleware/middleware.ts
Protects private routes by checking if the user is authenticated; redirects to login if no valid token is found.

import { NextResponse } from "next/server";
import type { NextRequest } from "next/server";
import { getToken } from "next-auth/jwt";

export async function middleware(request: NextRequest) {
  const token = await getToken({ req: request });

  // Check if the user is trying to access a protected route
  if (!token && !request.nextUrl.pathname.startsWith("/auth/login")) {
    // Redirect to login page if there is no token
    return NextResponse.redirect(new URL("/auth/login", request.url));
  }

  return NextResponse.next();
}

export const config = {
  matcher: [
    "/((?!api|_next/static|_next/image|favicon.ico).*)",
    "/dashboard/:path*",
  ],
};

🧪 5. Session Provider : /app/provider.tsx
Wraps the app with SessionProvider so session data is accessible in all client components.

"use client";

import { SessionProvider } from "next-auth/react";
import React from "react";

interface AuthProviderProps {
  children: React.ReactNode;
}

const AuthProvider: React.FC<AuthProviderProps> = ({ children }) => {
  return <SessionProvider>{children}</SessionProvider>;
};

export default AuthProvider;

🌐 6. Root Layout : /app/layout.tsx
Includes global providers (Auth, React Query, UI layout) and sets up the app’s foundational structure with session support.

// app/layout.tsx
import type { Metadata } from "next";
import { Inter } from "next/font/google";
import "./globals.css";

import { SessionProvider } from "next-auth/react";
import { Toaster } from "react-hot-toast";
import ReactQueryProvider from "@/providers/QueryClientProvider";
import LayoutProvider from "@/providers/LayoutProvider";
import AuthProvider from "./provider";

const inter = Inter({ subsets: ["latin"] });

export const metadata: Metadata = {
  title: "title",
  description: "description",
};

export default async function RootLayout({
  children,
}: Readonly<{
  children: React.ReactNode;
}>) {
  // const session = await auth();

  return (
    <html lang="en" suppressHydrationWarning>
      <head>
        <title>E Delivery Client</title>
      </head>
      <body className={inter.className}>
        <AuthProvider>
          <ReactQueryProvider>
            <LayoutProvider>{children}</LayoutProvider>
          </ReactQueryProvider>
        </AuthProvider>
        <Toaster position="top-right" />
      </body>
    </html>
  );
}

🧠 Accessing Session Data

🧾 Client Component Example:
Uses useSession hook from NextAuth to get and display user session data in client-side components.

"use client";
import { useSession } from "next-auth/react";

export default function DashboardPage() {
  const { data: session, status } = useSession();

  return (
    <div>
      {session ? (
        <p>
          Logged in as name: {session.user.name} Email: {session.user.email}
        </p>
      ) : (
        <p>Not logged in</p>
      )}
    </div>
  );
}

🧾 Server Component Example
Fetches the session using auth() in server components, redirecting unauthenticated users to the login page.

import { auth } from "@/lib/auth";
import { redirect } from "next/navigation";

export default async function ProfilePage() {
  const session = await auth();

  if (!session) {
    redirect("/auth/login");
  }

  return (
    <div className="p-4">
      <h1 className="text-2xl font-bold">Profile</h1>
      <div className="mt-4 space-y-2">
        <p>
          <span className="font-semibold">Email:</span> {session.user.email}
        </p>       
      </div>
    </div>
  );
}

📌 Key Features

✅ Credentials Auth: Uses email & password login via a custom backend.
🔁 Token Refresh: Automatically refreshes JWT access tokens using refresh tokens.
🔒 Protected Routes: Middleware blocks access to routes if not logged in.
🛡️ Type Safety: Custom types improve safety and developer experience.
🔍 Session Access: Available in both server and client components.
🧱 Provider Pattern: Clean separation of logic using dedicated providers.

⚠️ Implementation Notes

Make sure to configure your environment variables properly, especially NEXTAUTH_SECRET
.env example :

NEXT_PUBLIC_BASE_URL=your base url
NODE_ENVL=development
NEXTAUTH_SECRET=hbbinmkbnnkvdfjvskvnkvDDVVfvmndjbvshbvhbrvv=

The middleware checks for authentication status on every route change

The session data includes both standard fields (email, name) and custom fields (role, hallName, etc.)

Error handling is implemented for both login and token refresh operations

This setup provides a solid foundation for authentication in Next.js 15 applications using the App Router, with proper type safety and route protection.

Strapi API with PostgreSQL – Quick Reference 🚀

Taufiqul Islam — Thu, 17 Oct 2024 11:11:05 +0000

Strapi is an open-source headless CMS (Content Management System) built to work with any frontend and any database. It provides developers with a flexible and customizable solution for building content-rich applications, giving them full control over the API, data model, and platform.

Why Strapi? 🏗️

Strapi sets itself apart from other CMS solutions in several ways:

Open-source and Self-hosted: Unlike most CMS platforms, Strapi allows you to self-host your instance, offering greater flexibility, control, and security.
Headless by Design: Strapi is built as a headless CMS, meaning the frontend and backend are decoupled, giving you the freedom to use any frontend technology—React, Vue, Angular, or even native mobile apps.
Customizable APIs: Strapi lets you customize the API for your specific needs, whether it’s REST or GraphQL, making it ideal for projects requiring complex data structures.
Database Agnostic: You can use Strapi with multiple databases like PostgreSQL, MongoDB, MySQL, or SQLite, offering seamless flexibility for different use cases.

This guide provides an overview of basic operations for managing products and images using Strapi, with PostgreSQL as the database. Ensure you have PostgreSQL and PgAdmin 4 installed if you're using PostgreSQL for your Strapi setup.

Prerequisites 🛠️

Install and set up Strapi following the official Strapi Quick Start guide.
Ensure you have PostgreSQL installed in your system.

REST API Overview 🌳

For complete details, refer to the Strapi REST API documentation.

Products Collection API

Assume a Products collection with fields:

Product_name: String (Name of the product)
img: Media (Image ID associated with the product)
state: Boolean (Indicating product status)

1. Get All Products

Retrieve all products with their associated data (including images).

Endpoint:

GET http://localhost:1337/api/products?populate=*

populate=* ensures all relational data, including images, are properly fetched.

2. Upload an Image

Upload an image to the Strapi server.

Endpoint:

POST http://localhost:1337/api/upload/

Request Body: (form-data)

key = files (value is the image file uploaded from your browser).

3. Get All Uploaded Images

Retrieve all uploaded image files.

Endpoint:

GET http://localhost:1337/api/upload/files

4. Add a New Product

Create a new product entry in the Products collection.

Endpoint:

POST http://localhost:1337/api/products

Request Body:

{
    "data": {
        "Product_name": "Samsung S4 old colored",
        "state": true,
        "img": 3 
    }
}

The "img": 3 field refers to the ID of the uploaded image, in this case, image ID 3.

5. Update a Product

Update a specific product using its documentId.

Endpoint:

PUT http://localhost:1337/api/products/:documentId

Request Body:

{
    "data": {
        "Product_name": "Samsung S4 old updated",
        "state": true,
        "img": 3 
    }
}

Here, you update the product name while keeping the image ID (3), which represents the already uploaded image.

📚 This document should serve as a quick reference for managing products and images in Strapi with PostgreSQL. For further customization or detailed configurations, consult the official Strapi documentation.