The current API server has some bad practices that need to be solved to make the codebase cleaner and help people to understand it better.
[x] Docker support (#22)
[x] Login/register with at least one OAuth app (#24)
[x] Authorization in GraphQL resolvers (#27)
[x] Change the auth mechanism to rely on sessions instead of JWT¹ (#24)
[x] Decouple the database from the rest of the code² (#25)
[x] Remove unnecessary code (GraphQL resolvers, database columns, for example. Things that the project won't need in the present) (#26)
[x] Change Sequelize to Knex.js³ (#25)
¹: JWT should not be utilized for sessions, they are not designed for this and has security flaws.
²: All database related code should be in one single place and expose functions to operate with the database. The rest of the code doesn't need to know anything about the db.
³: ORMs should be avoided, they hide the SQL logic and prevent optimizations. Too much magic also makes harder to newcomers understand what is going on. And Sequelize is just bad overall.
rafaelalmeidatk
commented
5 years ago
The current API server has some bad practices that need to be solved to make the codebase cleaner and help people to understand it better.
¹: JWT should not be utilized for sessions, they are not designed for this and has security flaws. ²: All database related code should be in one single place and expose functions to operate with the database. The rest of the code doesn't need to know anything about the db. ³: ORMs should be avoided, they hide the SQL logic and prevent optimizations. Too much magic also makes harder to newcomers understand what is going on. And Sequelize is just bad overall.