DEV Community

STEVE
STEVE

Posted on • Updated on

BUILDING MY BLOGGING API (CHALLENGES FACED, LESSONS LEARNT AND OPTIMIZATION)

The project at hand was a blogging API built with JavaScript, Node.js, Express, and MongoDB as part of a second semester exam. The initial scope of the project included various features such as creating and publishing blog posts, managing user accounts, and implementing authentication and authorization. However, during the development process, there were certain features that were either wrongly implemented or not implemented at all.

One of the main challenges faced while working on the project was ensuring the correctness and reliability of the implemented features. To address this, a decision was made to re-implement all the wrongly implemented features and to complete the implementation of all the features that were not implemented at all.

New Feature:

In addition to re-implementing the wrongly implemented features, a new feature was also added to the project – user validation using JOI. JOI (Javascript Object Schema validation) is a powerful and flexible schema validation library for JavaScript objects. It allows developers to define a schema for an object and then validate the object against that schema. This helps to ensure that the object adheres to the required format and structure, and also helps to prevent errors and bugs in the application.

The new feature was implemented by defining a schema for the user object using JOI, and then using the validate method of JOI to validate the user object against the schema. Any errors or deviations from the schema were then handled and appropriate feedback was provided to the user. This added an extra layer of security and reliability to the application, ensuring that only valid and properly formatted user data was processed and stored.

`const Joi = require('joi');

const userValidation = async (req, res, next) => {
try {
const payload = req.body
await schema.validateAsync(payload)
next()
} catch (error) {
console.log(error)
return res
.status(500)
.json({error : error.details[0].message})
}
}

const schema = Joi.object({
email: Joi.string()
.email({ minDomainSegments: 2, tlds: { allow: ['com', 'net'] }})
.required(),

password: Joi.string()
    .pattern(new RegExp('^[a-zA-Z0-9]{3,30}$'))
Enter fullscreen mode Exit fullscreen mode

})

module.exports = userValidation`

Re-implementation of Wrongly Implemented Features:

One of the features that was wrongly implemented was the authentication and authorization system. The initial implementation had several security vulnerabilities and did not properly enforce the required permissions and access controls. To fix this, the authentication and authorization system was completely re-implemented from scratch.

The re-implementation process involved designing a new authentication and authorization flow that addressed the security vulnerabilities of the initial implementation. This included the use of secure hashes and salts for storing passwords, as well as the implementation of proper access controls and permissions. The re-implemented system was thoroughly tested to ensure that it was reliable and secure.

Another feature that was wrongly implemented was the user account management system. The initial implementation had several issues with data consistency and reliability, which led to errors and inconsistencies in the application. To fix this, the user account management system was re-implemented to ensure that all data was properly validated, stored, and retrieved. This included the implementation of proper data validation and error handling, as well as the use of transactions to ensure data consistency.

Implementation of Missing Features:

In addition to re-implementing the wrongly implemented features, there were also several features that were not implemented at all in the initial implementation. These features were completed as part of the re-implementation process.

One of the missing features that was implemented was the ability to delete blog posts. This feature was implemented by adding a new route and corresponding logic to the application, which allowed users with the appropriate permissions to delete their own blog posts. The delete functionality was thoroughly tested to ensure that it worked as expected.

Another missing feature that was implemented was the ability to edit blog posts. This feature was implemented by adding a new route and corresponding logic to the application, which allowed users with the appropriate permissions to edit their own blog posts. The edit functionality was also thoroughly tested to ensure that it worked.

Top comments (0)