Repository & Pull Request
https://github.com/knacksteem/knacksteem-api
https://github.com/knacksteem/knacksteem-api/pull/5
What is KnackSteem?
"Do you have any talent? If yes! then KnackSteem is for you."
"Rewards people with talents, it can be any talent, anything you know how to do best is highly welcome on the platform. "
Source: Discord Channel :D
Changes Made
Middleware to check if a user is a moderator
Since some endpoints will be exclusively for moderators, a middleware to check if the current user is a moderator is needed to avoid unauthorized access. Basically, this middleware will check the username saved from the last middleware in the chain and will ask the database if this user is a moderator. If so, it will move to the next middleware. Otherwise, will tell the client that this user is not authorized to perform such action.
Related code:
https://github.com/knacksteem/knacksteem-api/blob/master/src/api/middlewares/is_moderator.js
Middleware to check if a user is a supervisor
Same as the middleware mentioned above but in this case, for supervisors. The process is exactly the same but, of course, for supervisors.
Related code:
https://github.com/knacksteem/knacksteem-api/blob/master/src/api/middlewares/is_supervisor.js
Fetch all posts from Steem API using the permlinks from the database
As discussed with other developers in this project, we had to somehow query only our posts from the blockchain but having all the data updated. Also, we wanted to add custom filters like not-moderated posts, moderated posts, and so on. To achieve this, we've decided to only store author, permlink, and category of the post in the database. First, we grab all the permlinks and authors from the query and we make calls to the Steem API to complete the missing data of the posts. Thanks to libraries like async.js, we were able to make concurrent HTTP calls and join the results at the end.
Related code:
https://github.com/knacksteem/knacksteem-api/blob/master/src/api/controllers/posts.controller.js#L35
Query posts by author
The method above allowed us to re-use this same code to perform a query by author in the database and complete the data using the same process mentioned above.
Related code:
Documentation for endpoints
One of the things I really like about apidocs is that you can generate a documentation based on the comments of the routes in the API. For instance, look at the following:
/**
* @api {post} v1/posts/create Create Post
* @apiDescription Insert a post into the database
* @apiVersion 1.0.0
* @apiName createPost
* @apiGroup Posts
* @apiPermission user
*
* @apiHeader {String} Authorization SC2 User's access token
*
* @apiParam {String} permlink Permlink of the post
* TODO: Add validation to the parameters.
*
* @apiSuccess {Number} status http status response
* @apiSuccess {String} message http return message
*
* @apiError (Unauthorized 401) Unauthorized Only authenticated users can create a post
*/
router.route('/create').post(sc2Middleware, checkUserMiddleware, controller.createPost);
Will generate the following page:
Function to moderate a post
This is a moderation tool. Basically, it allows moderators and supervisors to edit the moderation object of any post. So, they can decide if the post is approved or not.
Related Code:
Commits Overview
- https://github.com/knacksteem/knacksteem-api/pull/5/commits/b8fafa67b7fda38f05b6f9fd64418b85a5d53330
- https://github.com/knacksteem/knacksteem-api/pull/5/commits/2d54636c18dee3d23dc90a5a38c9a5f58d60ed1a
- https://github.com/knacksteem/knacksteem-api/pull/5/commits/45b6daff9e186d22a1ac15a9f481085f83b30f0a
- https://github.com/knacksteem/knacksteem-api/pull/5/commits/8b1d3ab3f6021788ce25bb4b27cea76510feb761
- https://github.com/knacksteem/knacksteem-api/pull/5/commits/92c7f85decdf63dded74674fc545f27251634af9
- https://github.com/knacksteem/knacksteem-api/pull/5/commits/61c9ea373d2267bffe738228019082911bff429e
- https://github.com/knacksteem/knacksteem-api/pull/5/commits/cce2275910c078994ef981b1a2897b0d7585d5a5
Congratulations @jaysermendez! You have completed some achievement on Steemit and have been rewarded with new badge(s) :
Award for the total payout received
Click on the badge to view your Board of Honor.
If you no longer want to receive notifications, reply to this comment with the word
STOP
To support your work, I also upvoted your post!
Do not miss the last post from @steemitboard!
Participate in the SteemitBoard World Cup Contest!
Collect World Cup badges and win free SBD
Support the Gold Sponsors of the contest: @good-karma and @lukestokes
Thanks for the contribution, @jaysermendez! Since the
isModerator
andisSupervisor
functions are identical apart from one line, wouldn't it be better to combine them into one function?Your contribution has been evaluated according to Utopian policies and guidelines, as well as a predefined set of questions pertaining to the category.
To view those questions and the relevant answers related to your post, click here.
Need help? Write a ticket on https://support.utopian.io/.
Chat with us on Discord.
[utopian-moderator]
Even they are identical, if I combine them, mods will have supervisors rights and it is something we don't want :D. While supervisors can do everyrhing, mods cannot. So, if I combine them, mods will have access to supervisors endpoints as well
Yes I know, but surely there is a better way of checking a user's role instead of duplicating all the code?
Now that you mentioned, it can be done with a function that takes the role as the parameter :D i will do that.
Hey @jaysermendez
Thanks for contributing on Utopian.
We’re already looking forward to your next contribution!
Contributing on Utopian
Learn how to contribute on our website or by watching this tutorial on Youtube.
Want to chat? Join us on Discord https://discord.gg/h52nFrV.
Vote for Utopian Witness!