search

adzialocha / hoffnung3000

Platform for decentralized, anonymized, self-curated festivals
https://hoffnung3000.de
GNU Affero General Public License v3.0
36 stars 8 forks source link

Antiuni Feature Free Festival [#1]: create public routes for Events and Places #76

Closed sandreae closed 4 years ago

sandreae commented 4 years ago

Creating routes for use later when making request to the server as an unregistered visitor.

adzialocha commented 4 years ago

I wonder why it is necessary to create new routes for /places and /events? We should be able to get all needed information from the server with the currently available routes.

You could refactor the /routes/index.js instead and move the jwt authorization in an own middleware to then attach it to all sub routes where it is required. Right now its a "catch all" for all authenticated routes but I can see that you need something more fine-grained for this feature.

sandreae commented 4 years ago

If I remember correctly, I did it like this so as not to expose other /places and /events routes, like .push(). I'll look into how to refactor this, I'm not mega confident when it comes to server security issues.....

adzialocha commented 4 years ago

If I remember correctly, I did it like this so as not to expose other /places and /events routes, like .push(). I'll look into how to refactor this, I'm not mega confident when it comes to server security issues.....

I think you should refactor the middleware into an own file to then have the more granular use depending on the route, no need to create new endpoints in the API!

adzialocha commented 4 years ago

Closing this now, lets discuss this further here: https://github.com/adzialocha/hoffnung3000/pull/82