3

I'm walking through the Javascript demos of pg-promise-demo and I have a question about the route /api/users/:name.

Running this locally works, the user is entered into the database, but is there a reason this wouldn't be a POST? Is there some sort of advantage to creating a user in the database using GET?

// index.js
// --------

app.get('/api/users/:name', async (req, res) => {
  try {
    const data = (req) => {
      return db.task('add-user', async (t) => {
        const user = await t.users.findByName(req.params.name);
        return user || t.users.add(req.params.name);
      });
    };
  } catch (err) {
    // do something with error
  }
});

For brevity I'll omit the code for t.users.findByName(name) and t.users.add(name) but they use QueryFile to execute a SQL command.

EDIT: Update link to pg-promise-demo.

  • Personally, I can't think of any reason for this - it just feels so wrong and dangerous. I would never do this as all it takes is browsing to a URL.. I would suggest [opening an issue](https://github.com/vitaly-t/pg-promise-demo/issues) on that repo with the same question... maybe the author did it just for demo purposes? Even for a demo, what a terrible practice. – Matt Oestreich Sep 18 '19 at 02:43

1 Answers1

1

The reason is explained right at the top of that file:

IMPORTANT:

Do not re-use the HTTP-service part of the code from here!

It is an over-simplified HTTP service with just GET handlers, because:

  1. This demo is to be tested by typing URL-s manually in the browser;
  2. The focus here is on a proper database layer only, not an HTTP service.

I think it is pretty clear that you are not supposed to follow the HTTP implementation of the demo, rather its database layer only. The demo's purpose is to teach you how to organize a database layer in a large application, and not how to develop HTTP services.

vitaly-t
  • 24,279
  • 15
  • 116
  • 138