Today was fairly productive in terms of learning. I watched the 3rd video in the API Authentication series on YouTube regarding Express server set up. Lots of eye-opening information there. CodeWorkr patiently explains the set up of middleware and routes in Express, and modularizing the code. I was already familiar with much of it, having figured most of it out in an effort to get my site up. However, it’s nice sometimes to have someone break it down for you in easy, understandable chunks.
As part of the video, CodeWorkr discusses a logging module called Morgan and recommended reading up on it. So I did exactly that: I went to the github repository and skimmed through the docs. It was a nice mention, considering that Morgan is a package included with Express when utilizing the site generator functionality. And now I have a greater understanding of one of the tools at my disposal.
In the 4th video, CodeWorkr discusses using the Joi module to validate incoming data. He talks about schema validation and shows how Joi makes it simple. This is unnecessary, as MongoDB provides schema validation directly. Granted, much of the schema validation on MongoDB’s side of things happens when inserting or updating documents. However, it may be worthwhile to look into the mongodb node driver’s capabilities for validating data prior to arriving at the database: the data validation he speaks of validates data before any of the route functions are called, which happen before any database interactions occur. Hence why it may be worth looking into the node driver for MongoDB. Can it be used to validate data prior to route functions being called? If not, and I stick with MongoDB as my primary source of validation, I will either have to wait until updates and inserts occur to the database for validation, or write the validation scripts myself, using Regex.
Of course, this is all under the impression that I will be handling user input directly. Which I will not be doing. Upon further consideration, in terms of authentication, because I’m planning on solely using the OAuth2 protocol, there would be no reason to validate data, as the frontend user would not be inputting any information on my site directly, in order to sign in. The validator would only apply when creating a new user in the database from the user’s information being pulled from Discord, thus rendered data validation unnecessary prior to executing the OAuth scripts. In the future, should I decide to enable profile and display customization, I may need to include validation rules for certain collections depending on the kind of user input I’ll allow. But for now, I don’t need to worry about it.
Comments? Follow me on twitter and drop me a line in response to this tweet: