titanscouting / red-alliance-api Goto Github PK

Currently, REST clients who have no Google authentication cannot authenticate with the API. There should be a secure (encrypted and hashed) API key system for easy authentication, with a client id and client key.

While this does not cause an error or cause the lint to fail, we should fix this at some point.

This API endpoint does not consider the competition at the time, but instead removes the scouter from the first matching match and team scouting pair it finds, which may not be from the current competition.

Error: Token used too late, 1603743467.831 > 1603743177:

A lot of files are very big (I'm looking at you dbHandler.ts) which could potentially be broken up into multiple files and then exported again out of one file. There's also a lot of duplicate code which could potentially be simplified.

See here for report: https://codeclimate.com/github/titanscout2022/red-alliance-api

Currently, the endpoints fetchMatchConfig and fetchPitConfig return the JSON config from the code. This static return means that only one config can be used across teams. These configs need to be pulled from the database, while also asking for a team number so that different teams can have different configs.

The mobile app now welcomes new users with a signup page, where they enter their FRC team number to gain access. While the API has an endpoint to check users, it does not have an endpoint to add users to the database.

Check that the user has been registered to the DB in the table "userlist" before accepting a write to the DB

While the route checks for auth, it sometimes let those with invalid authentication (expired tokens) authenticate. The error thrown by OAuth needs to be properly handled to prevent this behavior.

While the API does indicate if a request was successful or not via the success property of the response, the HTTP code is always 200 OK. The proper HTTP code should be returned.

There is currently no documentation for any of the API endpoints. This should be written before the Public API is released.

Potential security breach. See /index.js

Found with https://shhgit.darkport.co.uk