amilner42 / web-app-kickstarter Goto Github PK

At the moment, we have one "super model" which we pass to every view (component), even though the view only edits the record in it's component. This is bad practice, every view should be getting it's own model and for shared data we should just pass sharedData to all of them.

Webpack should compile scss.

I suspect the best structure will be having the scss beside the components, so when working on html you can go right there to edit your scss. So webpack needs to detect nested scss.

Navbar should support navigation (eg. clicking "back" takes you to the last one, url should change).

There are certain issues that arise from using cookies with sessionIDs instead of JSON web tokens, this should definitely by switched.

To read about possible race condition problems, read here

On the profile page you should be able to change your email.

(maybe not password because that normally requires email/phone confirmation in case someone else is on your account...)

I think it would be good to just wrap the base component update so that it always calls LocalStorage.save, this way the cacheing happens automatically.

I don't see a downside at the moment (it's async so it shouldn't slow code down).

The backend currently uses env variables for prod settings, let's switch these to flags so that everything is explicit and we have less state-deployment-bugs.

Should have script ./bin/dev.sh that runs the application while watch for file changes, probably would be nice to use nodemon so server doesn't need to be restarted for backend changes.

I'm not sure exactly what I would want, but there may be better ways to keep the model and the route in sync with each other - I know there are community url router packages that deal with this, possibly take a look at those for inspiration.

At the moment, all you have to do is Router.navigateTo route so it may not even be a problem, hence why I'm moving to V1.

Login/Register buttons should be disabled while the form is invalid (no user).

fromJsonString / toJsonString should definitely be generic helpers, not in every model (already done in private repo, will port over soon).

Additionally, we need encoder/decoder/cacheEncoder, but do we even need cacheDecoder - is it still valuable to have it around anyway cause the name helps the code be more readable?

There is no reason that we should be creating forms manually, not in Elm at least.

I want to be able to pass a record that specifies:

• The class names for different parts of the form
• API route to query on form submission
• Possibly an encoder (?) specifying which part of the form to submit
• Which inputs are connected to which error messages

I might be missing a few things, but overall it would be fantastic if a form was simply a record!

Right now there is a bit of url-glitchiness, for instance, if you are logged in and then type the welcome route in the url and hit enter the url will change but the page will not. This is because the page displayed cannot be the welcome page if the user is logged in, the top level View.elm makes sure of that, but it doesn't change the route so you end up with the right page but the wrong route.

I think this can be fixed by adding some logic to urlUpdate which does the check there if that route is valid and changes it if it is not.

When encoding a user to send to the backend, we obviously need to encode all the data, but when encoding and then cacheing in localStorage then I don't want to encode the password and have that just sitting in localStorage.

To avoid confusion, we should have encode and encodeForCache, where encodeForCache specifically strips sensitive data or data that we don't want to persist (eg. we don't want errorMessages to persist across browser sessions).

I wanna be able to run one script and deploy the app, that'd be incredible....

For both backend and frontend.

Then just add a line for test script: npm run test

It needs to be clear how to properly expand the project, no nesting under home-component, just 1 page per update.

Use changelog

Will definitely need to update http as that library was moved/redone.

Errors from the backend should all be rendered (eg. incorrect password for email)

A user should be able to log out.

This should clear localStorage and remove the session cookie.

While I didn't want to before, I think typescript has gotten enough support of typing functional programming that it's worth switching over.

Switch out of this, perhaps JWT in a cookie or just have oauth with a few providers be the default

It's already namespaced in structures in types.ts, just take it out of validator.ts and deploy with npm as a typed module.

Need to remove Gulp (gulpfile.js) and switch over to Webpack

The DefaultServices.Router has got some app-specific-functionality, that ruins the point of default services. Keep the non-app-specific part in DefaultServices and move the app-specific stuff to top level (beside Api.elm).

The http get/post methods should always double check if they get a 401 unauth back, and if they do they should log the user out. This way their is never that weird bug where they are unauthorized but localStorage says they are authorized....

There is a README at top level, but there should be READMEs in frontend/backend as well that explain things like file structure etc...

I think the README in bin might need an update as well.

The docs need to be good enough for version 0 of this kickstarter!

Currently the password is only bcrypted on the backend, while this keeps the passwords in the database safe is someone were to be listening over the wire (if on http) or do a man in the middle attack (can be on https) then it would be better if the password were encrypted as users tend to use the same password accross websites.

Thanks to @g-whiz for pointing that out

The entire src directory needs to be automatically formatted with elm format

At the moment we save automatically to localStorage every command, this is convenient. But a certain race arises where when the app first loads, while the port waits for the model to be loaded from localStorage, we save the defaultModel to localStorage.

Instead, the Elm app should get the value passed in from localStorage as a flag that way this race condition goes away.