Conversation
| import jwt from "jsonwebtoken"; | ||
| import { User } from "../models/User.js"; | ||
|
|
||
| const JWT_SECRET = process.env.JWT_SECRET || "supersecret"; |
There was a problem hiding this comment.
Hardcoded fallback secret can be removed for security reasons.
| const token = jwt.sign( | ||
| { userId: user._id, email: user.email }, | ||
| JWT_SECRET, | ||
| { expiresIn: "2h" } |
There was a problem hiding this comment.
No problem to have 2 hour duration but next step would be refreshed token.
| }; | ||
|
|
||
| // PATCH /thoughts/:id/unlike | ||
| export const unlikeThought = async (req, res) => { |
There was a problem hiding this comment.
Good safety code that thoughts cant go negative. Keeping things positive or neutral at least.
Update: While logged in I can spam my own like-button and it does to negative -1 and -2 I managed to get.
| thoughtsQuery = thoughtsQuery.sort({ hearts: 1 }); | ||
|
|
||
| const total = await Thought.countDocuments(query); | ||
| const results = await thoughtsQuery |
There was a problem hiding this comment.
Do coercion on both number and page instead of just number.
"const { message, minHearts, sort, page = 1, limit = 10 } = req.query;
const pageNum = Number(page);
const limitNum = Number(limit);
.skip((pageNum - 1) * limitNum)
.limit(limitNum);"
| } | ||
| }; | ||
|
|
||
| // DELETE /thoughts/:id |
There was a problem hiding this comment.
The user can not delete thoughts if they're not logged in - potential new feature? Connecting it to the session ID or similar?
| // connect to mongoDB then start server | ||
| connectToDatabase().then(() => { | ||
| app.listen(port, () => { | ||
| console.log(`Server running on http://localhost:${port}`); |
oskarnordin
left a comment
oskarnordin
left a comment
There was a problem hiding this comment.
Very clean and easily understandable code. Good comments and good setup. Very minor changes can be made.
3 participants
https://js-project-api-cathi.onrender.com