deno-api-starter-oak icon indicating copy to clipboard operation
deno-api-starter-oak copied to clipboard

Published 20 hours ago verified publisher icon asad-mlbd

Great inspiration!

Open viztastic opened this issue 4 years ago • 2 comments

Thanks for this @asad-mlbd , a few thoughts:

  • Any chance you could include an example of how to connect to MongoDB in a production friendly manner.

  • Noticed you're storing password in code, pretty sure that's bad security practice across the board? Shouldn't we be using something like docker secrets or chamber to handle this?

  • Also nervous about storing any type of secret in the codebase (jwt secrets included)

  • Shouldn't there be some sort of listener for the SIGKILL, SIGINT and similar events to handle db cleanup before shut-down?

  • Would be great if there's some sort of guidance/pattern for how to store data in a produciton-friendly manner, it seems to just mount to a directly on the host computer?

viztastic avatar Jun 23 '20 23:06 viztastic

Just want to emphasise it's very kind of you to make the first move on this. These aren't criticisms as much as they are "how do I" questions. I know what good looks like, I'm just not sure how to actually do it. Hence my interest in this project.

viztastic avatar Jun 23 '20 23:06 viztastic

  • Any chance you could include an example of how to connect to MongoDB in a production friendly manner. Currently, I have some other plans like integrating testing, work with cloud deployment, etc.

To make it work with MongoDB, just have to change db.ts, and the repository layer. I can do that in future, or if someone interested can give a PR, I can keep a separate branch for that. Are you interested?

  • Noticed you're storing password in code, pretty sure that's bad security practice across the board? Shouldn't we be using something like docker secrets or chamber to handle this?

Actually that is env.example. And in README it is mentioned to change the pass and JWT secrets. Kept the sample pass and Jwt values in example file so that anyone can just rename it and can run the project easily.

  • Also nervice about storing any type of secret in the codebase (jwt secrets included)

I prefer to keep it in env variable

  • Shouldn't there be some sort of listener for the SIGKILL, SIGINT and similar events to handle db cleanup before shut-down?

Will check, can you give some related examples, please?

  • Would be great if there's some sort of guidance/pattern for how to store data in a produciton-friendly manner, it seems to just mount to a directly on the host computer?

In future, I might write some posts regarding prod deploy.

Thanks @viztastic ! Please keep posting your comments,

asad-mlbd avatar Jun 24 '20 09:06 asad-mlbd