Closed vherus closed 2 years ago
What are some actions we can take here?
I'm interested to hear some thoughts about how else we might restructure this week.
Split and sequence:
Express
Database + SQL
Express + SQL
https://github.com/boolean-uk/cinema-booking-api/blob/main/requirements/3%20-%20Single%20Movie.md
Requirement: Build a route to retrieve a single movie by ID or name; both of these scenarios should be covered by the same route
can prove difficult. Suggest adding an easier path for this one, leaving the current one as an optional harder route through the requirement.
Frontend context for the backend work being done should be added. There's a client exercise repo (https://github.com/boolean-uk/cinema-booking-api-client) but some more context would be good
@vherus let's include updating the first week of the module today - C4 are approaching the start of the module.
Notes from @mikemherron
No validation- we never discussed the concept of "don't trust the client" at all. In some of the examples they are wide open to SQL injection. Time on the importance of validating client input would be useful - both manually and using the various express plugins that exist.
Error handling - a single catch to return a 500 on any error, and sending on the database error message was all we did which is totally unrealistic. A day on proper error handling and using suitable http response codes would be great.
No "logic" - every API method was just fetching a record from the database. Some exercises or examples with any sort of domain logic would be useful.
No data model / presentation separation - Every example just took the data returned from Prisma and sent it back to the client. There was never any discussion about not exposing implementation details of the underlying persistence layer and why it might not be a good idea just to serialise your table structure 1:1 back to the client.
API design and documentation - as discussed at stand up an introduction to how to formally document an API would be a useful modelling-type step.
Code Structure - as previously discussed, every API method was just a super thin layer that made a prisma query with no discussion of separation or where that code would exist.
Middleware - we never really cover the concept of what middleware is and what it does. We just add it in at one point.
This is referencing Week 1, before the refactor. This student also noted during feelings that there was too much example code in the exercises, making it unnecessarily difficult to figure out the core concepts.