Diving In to Team-Based Development

1

Knex.js

At first, we attempted my idea of simply adding an additional migration using Knex.js, a library which allowed us to build and query our Postgres database inside a Node framework. This required saving the existing role information from the database, deleting that column, creating a new table and column, and repopulating it with foreign keys from the new table. Unfortunately, we kept running into different errors with deleting or adding columns to the existing profiles table, and at one point had to delete the local database altogether, starting over with the preexisting Knex migration and seed files. After being unable to find a solution to these errors, one of my teammates tried a different approach, starting over on our goal. Eventually we gave up on modifying the database with additional files, and decided to rewrite the original migrations and seeds, adding in one for the roles table as well, and running functions to remove and rebuild the database entirely before seeding it with new sample data. We had chosen not to try this approach at first because it is risky in a production environment, where important data already exists in the database that could easily be lost in the process, but we decided there was no risk with only sample data that could be repopulated with a single npm command. This approach worked, much to all of our relief! We then quickly built new models and API endpoints for the new roles table in Express.js.

#Database Management #MySQL Tools #Databases 57 social mentions

2

JSON Web Token

While digging through the repositories to find out how user permissions were implemented, I realized it seemed like they weren’t referred to at all in the back-end codebase, and it also didn’t seem like our identity management provider, Okta, was even storing role information. Confused, I started looking through the browser development tools as I navigated through the local live instance of the app. I found that there were three things being saved to the browser local storage, two JWTs related to Okta authentication, and one ‘role’ variable. Curious, I logged in as one of our test accounts designated with user permissions. By editing the string stored under ‘role’ from ‘user’ to ‘admin’, and continuing to navigate through the application, I was able to unlock special pages that should have only been accessible to admins, and to add, delete, and change data without any sort of verification.

#Identity Provider #Identity And Access Management #SSO 276 social mentions

3

ExpressJS

At first, we attempted my idea of simply adding an additional migration using Knex.js, a library which allowed us to build and query our Postgres database inside a Node framework. This required saving the existing role information from the database, deleting that column, creating a new table and column, and repopulating it with foreign keys from the new table. Unfortunately, we kept running into different errors with deleting or adding columns to the existing profiles table, and at one point had to delete the local database altogether, starting over with the preexisting Knex migration and seed files. After being unable to find a solution to these errors, one of my teammates tried a different approach, starting over on our goal. Eventually we gave up on modifying the database with additional files, and decided to rewrite the original migrations and seeds, adding in one for the roles table as well, and running functions to remove and rebuild the database entirely before seeding it with new sample data. We had chosen not to try this approach at first because it is risky in a production environment, where important data already exists in the database that could easily be lost in the process, but we decided there was no risk with only sample data that could be repopulated with a single npm command. This approach worked, much to all of our relief! We then quickly built new models and API endpoints for the new roles table in Express.js.

#JavaScript Framework #Node.js Framework #Web Frameworks 424 social mentions