Miscellaneous improvements

[keawade]

@crodeheaver, would you mind reviewing? I think I'm done making changes for tonight.

[crodeheaver]

👍

[NathanBland]

I think I'd rather the API response have the more verbose errors than the console... Wouldn't this be more useful for other applications consuming the api?

[keawade]

I'm not entirely sure. Verbose logs in the server console makes sense but I'd rather not give the client a ton of data about why we failed. I think we may want to consider implementing a basic log wrapper to handle logging levels.

[NathanBland]

I agree with not giving a consumer lots of info about why a request failed, but for an api targeted at developers.. It seems giving them concise errors so they know how to handle them would be appropriate.

However, I think in this case, given that it is authentication, we should make no distinction between wrong username or password, but should make a distinction for things like username already in use.

[keawade]

I don't think the API should return errors more verbose than the http response codes. That will generally allow developers to know if the problem is with them or with us but doesn't expose what our problems are.

If someone is having an issue with us, they can submit an issue and we can try to reproduce and resolve it or they can fork the project and check the server logs themselves and give us more information that way.

[NathanBland]

Usually, to go with that responseCode there is a responseBody that contains a reason for the failure. It isn't our problem if a username is already taken, but is extremely useful for a client to know that to provide feedback to a user during the signup process.

Just swallowing information in a console.log is not beneficial to anyone because if someone does contact us looking for help with an issue, we have to dig through log files to figure it out, as opposed to having a more decipherable message. Learn from Microsoft's awful error codes on blue screens and be more user friendly.