I'm currently working on a MVC app. I've implemented a route using a POST method to retrieve information and navigate to the corresponding page, and I have some concerns about the design practices I'm using. This is the route:
app.post('/metrics/service/:serviceId', async (req, res) => {
target = req.query.target;
errors = [];
if (!target) {
res.render('metrics', {error: 'Please select a target to get the metrics from'});
}else{
await MetricsService.getServiceDetails(req.params.serviceId, target, req.body.token).then((data) => {
const mermaid_diagram = MetricsService.getMermaidServiceDiagram(data);
res.render('metrics_service_details', {target: target, mermaid_diagram, data, cnt: 0, errors: errors})
}).catch((error) => {
res.status(500).send('Error: ' + error);
});
}
});
I have several concerns regarding this implementation:
-
Use of POST for retrieval: Is it a good practice to use a POST method to retrieve data? Should I consider changing it to a GET method instead?
-
Handling tokens in the URL: The token required for authentication is passed as part of the request body (req.body.token). If I change the method to GET I'm concerned about security by having tokens in the URL. What would be a more secure approach? Is it better to pass tokens via headers or any other recommended method?
-
Combination of URL parameters and body data: Currently, I'm using a combination of URL parameters (serviceId), query parameters (target) and the token from the request body. Is this approach acceptable, or should I modify it to maintain a more consistent approach?
I'd greatly appreciate insights and best practices on how to architect this MVC route for efficient and secure data retrieval.
Thank you!
I tried a couple of approaches, they all work as intended but my concerns are about best practices.
Aucun commentaire:
Enregistrer un commentaire