In many APIs in the wild there are some common requirements which are not mentioned in the README:
-
Authentication: The ability for a user to prove who they are to the server. (Can be stateless, e.g. with JWT.)
-
Access control: The ability for the system to restrict access of some data and operations to certain users.
I do not expect restify-mongoose to provide implementations of these features, but if restify-mongoose can support these behaviours, it would be helpful to see them documented in the README.
For example, something like this could be reassuring, and could increase adoption:
// If you want auth:
// server.use(restify.plugins.authorizationParser());
// If you want access control:
// server.get('/notes', notes.queryVisibleToUser());
// server.get('/notes/:id', checkUserCanView, notes.detail());
// server.post('/notes', checkUserCanAdd, notes.insert());
// server.patch('/notes/:id', checkUserCanModify, notes.insert());
// server.del('/notes/:id', checkUserIsOwner, notes.remove());
I am not sure if the code above would be the most appropriate solution. That's why I'm asking here!
In many APIs in the wild there are some common requirements which are not mentioned in the README:
Authentication: The ability for a user to prove who they are to the server. (Can be stateless, e.g. with JWT.)
Access control: The ability for the system to restrict access of some data and operations to certain users.
I do not expect restify-mongoose to provide implementations of these features, but if restify-mongoose can support these behaviours, it would be helpful to see them documented in the README.
For example, something like this could be reassuring, and could increase adoption:
I am not sure if the code above would be the most appropriate solution. That's why I'm asking here!