A Koa2 RESTful API server

[lalawow]

Tech stack

• Nodejs and Koa2
• MongoDB and Mongoose
• RESTful API design
• Jest and supertest

Docs

./design_intro.md describes how I designed this server. ./how_to_run.md describes how to run the server.

[superbogy]

I am confusing about the API design, is it designed for admin? But from the auth strategy seems it is for normal users. Many updates do not verify the user's identity. If I misunderstand pls point it out.

[lalawow]

Your concern has a very good point. The lack of verification design can expose the system to some risks. I haven't started to design the authorization rules yet, since I think it depends on the users' needs and it's case by case. We can put a "role" in User Model, and use "authorizationValid()" middleware to do some verification. Before that, sure, if we only allow users involved and admin to operate those update/delete, that will be better practice for safety concern.

On Wed, Jun 10, 2020 at 12:28 PM Tommy notifications@github.com wrote:

I am confusing about the API design, is it designed for admin? but the auth strategy looks like it is for normal users. Many updates do not verify the user's identity. If I misunderstand pls point it out.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/Wiredcraft/test-backend/pull/45#issuecomment-641713020, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAYM6UCJQNEL2BRKPNQ6OELRV4DVVANCNFSM4NY5YE5A .

[xavierchow]

Thanks all, this PR is good enough for our evaluation, closing