Closed willwade closed 7 years ago
Also we need to verify the user before updating if the record exists. We can perform simple verification with email that project author has provided.
we actually don't have any user system at the moment. not sure how we would do this or even if there is a need
No need for user system. We can send an email with a code to author if it's not the first time submitting for save. Then they need to pass it at save.
Though there's no simple way to get author's email from the project.
verify with email is not going to work. User can edit content between "get" and "save" this is why invalid content can get in.
we can use cors to limit access to api from frontend. And on frontend maybe put a captcha? (just to limit spam)
Yeah. This is not very important right now. There are lots of ways to improve it. We can ask for email from user for verifying them on next save.
Leaving this here for note: https://www.npmjs.com/package/validate (need schema of the openat scheme written and then we can validate against that easy enough)
Validation notes
title, short_title, authors = required string
description = required markdown string, Needs sanitization to prevent injecting scripts, iframes, etc
datemod = a valid date and time in iso format https://en.wikipedia.org/wiki/ISO_8601
download_url, project_url = required valid url
license = optional string
tags = array of strings
This was my discovery. Please define others if i missed any.
date: Will be created by backend (or if in the the original format then fine - will read that)
Implemented
Great. Thanks for this. Just for documentation - can you point me in the direction where the schema is set?
No checking being done yet. Needs to happen once format settles