Night DEV community!
This is a beginner's question and I'm really looking forward to learning from you now. 😄
Context:
I want to create a project to put in practice some skills that I just learned.
The idea: An APP with authentication and different views according to the user's role.
- Frot-end: React-native OR Flutter.
- Back-end: Express.js(Node.js) AND MongoDB.
Features:
- Users should be able to create an account/ sign in and sign out.
- There will be 2 types of users: NORMAL USER and STORE.
- Normal User = One e-mail and one password. Impossible to have two of the same. It will have access to some features on the app (CRUD operations).
- STORE = This user will have one e-mail and one password.It will have access to some features on the app (CRUD operations). The CATCH: this user will be able to create sub-users with the same access to the same features as the main STORE USER.
Questions:
- I know how to authenticate using Express (JWT, Passport, Middlewares, etc). Is that a common/best practice for an app? Use the authentication on the endpoints/requests?
- The relationship between a STORE user and it's sub-users would be one-to-few. So, should I have them referenced inside my schema or actually embed them inside the STORE schema?
Not sure if I was clear but I hope to get some insight before starting coding and figure out that I went the wrong way. 😌🤓
Thank you!
Top comments (4)
Hi, Lucas!
I'm not telling about best practices, but from my experience:
[1] For this purpose you can have a middleware, which can be used in protected endpoints, that extract a JWT token from a request (e.g. a client sends a token in the request body), decodes it and receives a user's role (and other payloads if you put it there) and you can put the extracted payload to, say, "req.user", so it will be available in your next functions (endpoints handlers - controllers):
You could embed other documents (users as you say) to a user document, like this:
But this method has cons:
So, it is better to make a reference, like this:
And in case you need to find out what users belong to a store, your query will be:
Wow Sergiy, thank you for your detailed response. I am glad that I actually fully understand both.😁. I didn't think about the cons in embedding before posting. It makes sense to me the pros in referencing. Thanks again!
Passport sounds nice, but you haven't said what authentication types you're trying to support.
Sounds like you're wondering where you should store the data. Grease the wheels by making it easy to access, then shard when you know it'll scale better otherwise. KISS, until you're app complains while keeping an eye out for security concerns.
Hey Bramer!
Thank you for your great help!