Closed Faouzijedidi1 closed 3 months ago
The latest updates on your projects. Learn more about Vercel for Git ↗︎
Name | Status | Preview | Updated (UTC) |
---|---|---|---|
mr-market | ✅ Ready (Inspect) | Visit Preview | Mar 27, 2024 3:11am |
This PR is being deployed to Railway 🚅
Mr.Market: ◻️ REMOVED
PR Description updated to latest commit (https://github.com/Hu-Fi/Mr.Market/commit/e8ec8910d317978b71ee51db88d34e11cf1d50e6)
⏱️ Estimated effort to review [1-5] | 2, because the PR introduces a new feature with a moderate amount of code across three files. The changes are straightforward, involving the addition of a new controller and minor refactoring in an existing file. The logic seems simple, and the code modifications are not extensive. |
🧪 Relevant tests | No |
🔍 Possible issues | Possible Bug: The `UserController` lacks method-level security checks. While the controller is secured with `JwtAuthGuard` at the class level, individual methods might require additional permissions or roles checks depending on the application's security requirements. |
🔒 Security concerns | No |
relevant file | server/src/modules/mixin/user/user.controller.ts |
suggestion | Consider implementing role-based access control (RBAC) for different endpoints within the `UserController`. For instance, you might want to restrict certain actions to admin users only. This can be achieved by using NestJS's built-in `@Roles` decorator or a custom decorator that suits your application's needs. [important] |
relevant line | @UseGuards(JwtAuthGuard) |
relevant file | server/src/common/helpers/checks/spotChecks.ts |
suggestion | It's good practice to ensure that the values being checked against the enums/maps are sanitized and validated to prevent potential issues such as type mismatches or injection attacks. Consider adding a validation layer if not already present. [medium] |
relevant line | const validSpotOrderTypes: SpotOrderType[] = Object.keys(SPOT_ORDER_TYPE_MAP); |
Category | Suggestions |
Enhancement |
Improve type safety with
___
**Consider using |
Implement pagination or limit the number of users returned.___ **To enhance the security and flexibility of thegetAllUsers method, consider implementing pagination or limiting the number of users returned in a single request. This can help prevent potential performance issues with large datasets and improve the overall security posture.** [server/src/modules/mixin/user/user.controller.ts [12-13]](https://github.com/Hu-Fi/Mr.Market/pull/99/files#diff-7677daa10234c32f3ef3eafbbe760e7f277c6ed48e2687e7c7e03a0627479997R12-R13) ```diff -async getAllUsers(): Promise | |
Best practice |
Use
___
**To ensure that the |
Avoid exporting controllers in modules.___ **To ensure that theUserController is only accessible to modules that explicitly import the UserModule , consider removing the UserController from the exports array. Controllers should typically not be exported as they are meant to be route handlers rather than shared services.** [server/src/modules/mixin/user/user.module.ts [13]](https://github.com/Hu-Fi/Mr.Market/pull/99/files#diff-479d7662ba28d250dba344a4a66f1a92f97f4e415ca919b7fd4120d65253e8c0R13-R13) ```diff -controllers: [UserController], +controllers: [UserController], // No need to export controllers ``` | |
Specify explicit HTTP status codes in controller responses.___ **To improve the readability and maintainability of the routes, consider using explicit HTTPstatus codes in the controller's response decorators. For example, specifying @HttpCode(HttpStatus.OK) for the getAllUsers method can make the intended response status clear.** [server/src/modules/mixin/user/user.controller.ts [11-13]](https://github.com/Hu-Fi/Mr.Market/pull/99/files#diff-7677daa10234c32f3ef3eafbbe760e7f277c6ed48e2687e7c7e03a0627479997R11-R13) ```diff @Get() +@HttpCode(HttpStatus.OK) async getAllUsers(): Promise |
User description
Add user controller
https://github.com/Hu-Fi/Mr.Market/issues/93
Type
enhancement
Description
UserController
for handling user-related operations, secured with JWT authentication.spotChecks.ts
by removing unnecessary line breaks in the assignment of variables.UserController
within theUserModule
to enable its functionalities.Changes walkthrough
spotChecks.ts
Simplify Spot Order and Exchange Index Validity Checks
server/src/common/helpers/checks/spotChecks.ts
validSpotOrderTypes
andvalidExchangeIndexes
by removing unnecessary line breaks.user.controller.ts
Implement User Controller with JWT Authentication
server/src/modules/mixin/user/user.controller.ts
UserController
class with JWT authentication guard.getAllUsers
method to fetch all users.user.module.ts
Register UserController in UserModule
server/src/modules/mixin/user/user.module.ts - Registered `UserController` in the `UserModule`.