talantbekov123
commented
2 years ago Summary:
You've done a really good job! Glad to say that your project has been accepted.
Backend
Performance Criteria
- [x] The repository contains all the necessary infrastructure files:
- [x] A package.json file.
- [x] An .editorconfig file.
- [x] An .eslintrc file, which extends the airbnb-base configuration, and devDependencies required for the linter.
- [x] A .gitignore file.
- [x] Additionally, an exception for
_idis added in .eslintrc. The following rules are forbidden:eslint-disable,eslint-disable-line, andeslint-disable-next-line
- [x] No linting errors.
- [x] The scripts section of the package.json file contains the following:
- [x] An
npm run startcommand that starts the server onlocalhost:3000. - [x] An
npm run devcommand that starts the server onlocalhost:3000with hot reloading.
- [x] An
- [x] When all dependencies are installed, the application starts with npm run dev without errors.
- [x] The following routes function as described:
- [x] A request to
GET /users/mereturns information about the user (email and name). - [x]
GET /articlesreturns all articles saved by the user. - [x]
POST /articlescreates an article with the data passed inside the request body. - [x]
DELETE /articles/articleIddeletes the saved article using_id. - [x]
POST /signupcreates a user with the data passed inside the request body. - [x]
POST /signinreturns a JWT when the correct email and password are passed in the request body.
- [x] A request to
- [x] All routes are protected with authorization, except for
/signinand/signup. - [x] User routes and article routes are described in separate files.
- [x] API errors are handled:
- [x] If something is wrong with the request, the server returns a response with an error message and a corresponding status.
- [x] Asynchronous handlers end with a
catch()block. - [x] The API does not return standard database or Node.js errors.
- [x] In production mode, the database address is taken from
process.env. - [x] Safe password storage has been implemented:
- [x] Passwords are stored in an encrypted format.
- [x] The API does not return a password hash to the client.
- [x] Data is validated before being added to the database.
- [x] Users can't delete saved cards from other user profiles.
- [x] The server can be accessed via HTTPS using the domain specified in README.md.
- [x] Storing the private key for creating a JWT is implemented correctly:
- [x] For the production build, it is stored in an
.envfile, and this file should not be added to Git. - [x] In development mode (
process.env.NODE_ENV !== 'production'), the code runs and works fine and an error won't occur if there is no.envfile present.
- [x] For the production build, it is stored in an
Best Practices
- [x] Asynchronous operations are implemented using promises or async/await.
- [x] Requests are validated before being passed to the controller. The body and (where applicable) headers and parameters are checked against the corresponding schemas. If a request doesn't match the schema, the processing is not passed to the controller and the client receives a validation error.
- [x] Logging is set up:
- [x] All requests and responses are logged to the
request.logfile. - [x] All errors are logged to the
error.logfile. - [x] Log files aren't added to the git repository.
- [x] All requests and responses are logged to the
- [x] Errors are handled by a centralized handler.
- [x] Centralized error handling is described inside a separate module.
- [x] In case of an error, the API returns a response status that matches the error type.
- [x] The server can be accessed via HTTPS using the domain specified in
README.md. - [x] The application API is located on a domain with a name of the following format: name.zone/api (not just name.zone).
- [x] Correct: news-explorer.tk/api
- [x] Incorrect: news-explorer.tk
- [x] All routes are connected to the
index.jsfile, which is located in theroutesfolder, andapp.jscontains one main route handled by routes.
Recommendations
- [x] For API errors, classes have been created to extend the Error constructor.
- [x] The Helmet module is used to set security-related headers.
- [x] Configuration and constants are stored in separate files:
- [x] The Mongo server address and the private key for the JWT in development mode are stored inside a separate configuration file.
- [x] Application constants (response and error messages) are stored inside a separate file with constants.
- [x] A rate limiter is set up: the number of requests from a single IP address is limited to a particular value in a given amount of time.
- [x] The rate limiter is configured in a separate file and imported into app.js.
- [x] The API is hosted on a separate subdomain, e.g. api.news-explorer.tk.
Summary:
You've done a really good job! There are a couple of things that need to be done before your project can be accepted. Please take a look, I attached screenshots below comments where applicable. Hope they will be easy to fix.
Note: I may attach only one screen, but you need to find all similar cases inside the project and fix them to receive points.
Create pull request and send link to pull request, I can not accept project without a pull request.
Backend
Performance Criteria
_idis added in .eslintrc. The following rules are forbidden:eslint-disable,eslint-disable-line, andeslint-disable-next-linenpm run startcommand that starts the server onlocalhost:3000.npm run devcommand that starts the server onlocalhost:3000with hot reloading.GET /users/mereturns information about the user (email and name).GET /articlesreturns all articles saved by the user.POST /articlescreates an article with the data passed inside the request body.https://snipboard.io/ocyMeH.jpg when creating an article, the owner should be received from token passed in auth (req.user = payload;).
DELETE /articles/articleIddeletes the saved article using_id.POST /signupcreates a user with the data passed inside the request body.https://snipboard.io/fGItAK.jpg When creating a user with an email that already exists in the database, you must return an error with the status code 409 (Conflict) instead of 500. You can catch the error by using err.name = MongoError and err.code = 11000.
POST /signinreturns a JWT when the correct email and password are passed in the request body./signinand/signup.catch()block.https://snipboard.io/fGItAK.jpg
process.env.https://snipboard.io/xoDBVj.jpg
.envfile, and this file should not be added to Git.process.env.NODE_ENV !== 'production'), the code runs and works fine and an error won't occur if there is no.envfile present.Best Practices
https://snipboard.io/Uuh9Nl.jpg limiter подключен перед логгером запросов. Запросы, отклоненные лимитером, не будут добавлены в лог запросов. Необходимо первым в цепочке подключить логгер, а затем limiter
request.logfile.error.logfile.README.md.index.jsfile, which is located in theroutesfolder, andapp.jscontains one main route handled by routes.https://snipboard.io/Z7hsGB.jpg
Recommendations
https://snipboard.io/xoDBVj.jpg
https://snipboard.io/QMLf0q.jpg
Number of points: 64