logic of authorization | NestJS | Page 1

cobalt garnet Feb 7, 2024, 11:39 AM

#

hi, the the logic im handling inside the if, should be handled there in the controller, service or in a guard? thank you

gritty prismBOT Feb 7, 2024, 12:27 PM

#

:warning: Please do not screenshot code as it causes a number of issues:

Ease of assistance: if someone wants to copy your code and correct it, they cannot. Making it easy for people to help you is in your best interests.
Editorializing: it's common to try to make images small, which means you're likely to crop out code relevant to your issue
Accessibility: wide images can be hard to read on mobile devices, and are impossible for screen readers.
Legibility: you cannot read screenshots of code directly, instead you have to open them in an enlarged context.
Bandwidth usage/clutter: some of our members use metered connections, and it is wasteful for them to download images of a text.

For a small amount of code, please use a code-block.

edgy hatch Feb 7, 2024, 2:18 PM

#

If it can be extracted into something reusable then a guard might be good, but your example looks like a fairly straightforward and one off task so probably not worth putting into a guard.

Where to put it is a style choice. I personally like to keep it so my controllers only focus on http related stuff (things to do with the body, params, req.user roles, etc) and the service is the place where things like database checks/updates or business logic things happen. So if it were me I'd move that try catch block into the service and just have the controller call that with the relevant arguments.

jolly crow Feb 8, 2024, 11:34 AM

#

cobalt garnet hi, the the logic im handling inside the if, should be handled there in the cont...

first of all i like to point 2 things
one is what scott mentioned, screenshots of code are horrible
two

@Delete(`delete/:${appointmentIdParam}`)
``` this this is the most cursed thing i have ever seen in a controller dear lord ![DISGUSTANG](https://cdn.discordapp.com/emojis/581531485937467404.webp?size=128 "DISGUSTANG") 

now to your actual question
i would put this in a guard since any request with invalid url params should be stopped before they are even started
preventing is better then having to fix the damage

#

suggest to do this instead

@Delete('delete/:id')
async DeleteApointment(@Param('id', ParseIntPipe) id: number) {
// ...
}

cobalt garnet Feb 8, 2024, 12:23 PM

#

edgy hatch If it can be extracted into something reusable then a guard might be good, but y...

ok. thank you 🙂

cobalt garnet Feb 8, 2024, 12:24 PM

#

jolly crow first of all i like to point 2 things one is what scott mentioned, screenshots o...

ok. answering to your first comment: let's say i have in one route the id of a professional. and in another route the id of a user. should i be calling the two of them id? or are you just saying that is horrible to use a variable in a route?

jolly crow Feb 8, 2024, 12:25 PM

#

cobalt garnet ok. answering to your first comment: let's say i have in one route the id of a p...

Second, using a variable in a route

cobalt garnet Feb 8, 2024, 12:25 PM

#

jolly crow Second, using a variable in a route

got you. thank you

#logic of authorization