Summary:

You've done a really good job! There are a couple of things that need to be done before your project can be accepted. Please make sure code runs on dev mode, note that .evn variables are ignored by .gitignore and you need to set up default values.

Please make sure you send pull-requests when submitting your project. The project will be rejected without a review if you will not have a pull-request.

Backend

Performance Criteria

• The repository contains all the necessary infrastructure files:
  • A package.json file.
  • An .editorconfig file.
  • An .eslintrc file, which extends the airbnb-base configuration, and devDependencies required for the linter.
  • A .gitignore file.
  • Additionally, an exception for _id is added in .eslintrc. The following rules are forbidden: eslint-disable, eslint-disable-line, and eslint-disable-next-line
• No linting errors.
• The scripts section of the package.json file contains the following:
  • An npm run start command that starts the server on localhost:3000.
  • An npm run dev command that starts the server on localhost:3000 with hot reloading.
• When all dependencies are installed, the application starts with npm run dev without errors.

Your project can't be fully reviewed due to the comment above. Screen https://pasteboard.co/JCL48Mv.png

• The following routes function as described:
  • A request to GET /users/me returns information about the user (email and name).
  • GET /articles returns all articles saved by the user.
  • POST /articles creates an article with the data passed inside the request body.
  • DELETE /articles/articleId deletes the saved article using _id.
  • POST /signup creates a user with the data passed inside the request body.
  • POST /signin returns a JWT when the correct email and password are passed in the request body.
• All routes are protected with authorization, except for /signin and /signup.
• User routes and article routes are described in separate files.
• API errors are handled:
  • If something is wrong with the request, the server returns a response with an error message and a corresponding status.
  • Asynchronous handlers end with a catch() block.
  • The API does not return standard database or Node.js errors.
• In production mode, the database address is taken from process.env.
• Safe password storage has been implemented:
  • Passwords are stored in an encrypted format.
  • The API does not return a password hash to the client.
• Data is validated before being added to the database.
• Users can't delete saved cards from other user profiles.
• The server can be accessed via HTTPS using the domain specified in README.md.
• Storing the private key for creating a JWT is implemented correctly:
  • For the production build, it is stored in an .env file, and this file should not be added to Git.
  • In development mode (process.env.NODE_ENV !== 'production'), the code runs and works fine and an error won't occur if there is no .env file present.

Best Practices

• Asynchronous operations are implemented using promises or async/await.
• Requests are validated before being passed to the controller. The body and (where applicable) headers and parameters are checked against the corresponding schemas. If a request doesn't match the schema, the processing is not passed to the controller and the client receives a validation error.
• Logging is set up:
  • All requests and responses are logged to the request.log file.
  • All errors are logged to the error.log file.
  • Log files aren't added to the git repository.
• Errors are handled by a centralized handler.
• Centralized error handling is described inside a separate module.
• In case of an error, the API returns a response status that matches the error type.
• The server can be accessed via HTTPS using the domain specified in README.md.
• The application API is located on a domain with a name of the following format: name.zone/api (not just name.zone).
  • Correct: news-explorer.tk/api
  • Incorrect: news-explorer.tk
• All routes are connected to the index.js file, which is located in the routes folder, and app.js contains one main route handled by routes.

Recommendations

• For API errors, classes have been created to extend the Error constructor.
• The Helmet module is used to set security-related headers.
• Configuration and constants are stored in separate files:
  • The Mongo server address and the private key for the JWT in development mode are stored inside a separate configuration file.
  • Application constants (response and error messages) are stored inside a separate file with constants.
• A rate limiter is set up: the number of requests from a single IP address is limited to a particular value in a given amount of time.
• The rate limiter is configured in a separate file and imported into app.js.
• The API is hosted on a separate subdomain, e.g. api.news-explorer.tk.

Number of points: 46