dinever
commented
8 years ago Hi @bentranter, thanks for the contribution.
Were you hoping to have more routes in order to more closely match all the functionality in the model package?
Yes. For instance, we can have routes like GET /posts/:id/comments/ as we have the Comment model.
Are you looking to have a read-only API (ie, only support GET methods), or are you hoping for the API to match the functionality the web app provides?
I think we should support everything as I'm expecting to re-build the admin UI using some front-end frameworks like Angular or React so that we can also build a mobile app in the future.
For authenticated routes, what's the best way to handle it?
Actually, I'm not so sure with this either. We need to take a look at how other projects handled authentication from mobile apps.
This PR is a work-in-progress, and once completed and merged would resolve #6. Mostly looking for feedback at this point (am I on the right track, does the code style look ok, etc), but also wanted to ask a few questions.
GETmethods), or are you hoping for the API to match the functionality the web app provides? I'm assuming we'll want to support everything, but will require a way to restrict API use to authenticated users, which brings me to my third question.and then sending the token in the response (either as a cookie for web based API clients, or in the body for mobile), and then protecting specific routes with the existing
AuthMiddleware(although it would need to be modified for mobile clients who don't support cookies).