Closed sandreae closed 4 years ago
I wonder why it is necessary to create new routes for /places
and /events
? We should be able to get all needed information from the server with the currently available routes.
You could refactor the /routes/index.js
instead and move the jwt authorization in an own middleware to then attach it to all sub routes where it is required. Right now its a "catch all" for all authenticated routes but I can see that you need something more fine-grained for this feature.
If I remember correctly, I did it like this so as not to expose other /places
and /events
routes, like .push()
. I'll look into how to refactor this, I'm not mega confident when it comes to server security issues.....
If I remember correctly, I did it like this so as not to expose other
/places
and/events
routes, like.push()
. I'll look into how to refactor this, I'm not mega confident when it comes to server security issues.....
I think you should refactor the middleware into an own file to then have the more granular use depending on the route, no need to create new endpoints in the API!
Closing this now, lets discuss this further here: https://github.com/adzialocha/hoffnung3000/pull/82
Creating routes for use later when making request to the server as an unregistered visitor.