Voting App technically Finished - would love feedback

AdventureBear · December 26, 2016, 11:57pm

Finally “finished” my Voting app! Hooray!Some of the feedback for this will be really low hanging fruit, but I’m sooooo tired of working on this project I can’t wait to share it.

It’s not 100% production ready, but it works. There are a few “todos” I know I need to clean it up, like disallow repeat voting, clean up some centering on certain page, etc. If you’d like to help give me any other feedback about how it works or looks I’d appreciate it. Can’t believe how long this took. It’s not perfect but all user stories are someone implemented.

https://votease.herokuapp.com/

one thing that perplexes me, is why the logged in user doesn’t persist
lots of refactoring that i could do to clean up the logged in options at the top as well. But i’m pretty excited

jenovs · December 27, 2016, 9:04am

For me authentication was the most challenging part of this project, so it is the first thing I check.

So I looked at your code and I noticed that although you have isLoggedIn middleware, you’re applying it to one route only

And because of that:

as an unauthenticated user I’m able to delete any poll I want (I deleted two )
as an unauthenticated user I’m able to add new answers to a poll (https://votease.herokuapp.com/poll/585768ab6eb4e1477aeaa904)

AdventureBear · December 27, 2016, 9:41am

I can’t replicate that and I have it on several routes! How can I troubleshoot that?

I use if (user) in my EJs on the front end as well and it does show or hide those two areas you mention

Thank you for the feedback!

jenovs · December 27, 2016, 10:10am

I didn’t use front end. I used Postman (you can also use cUrl or just make fetch requests).

AdventureBear · December 27, 2016, 12:07pm

If I use the isLoggedIn then I would need two routes to see polls as logged in and not logged in wouldn’t I? Or just protect new and delete routes?

jenovs · December 27, 2016, 12:33pm

You should protect routes that should be accessible only to logged-in users.

Do you want anybody to be able to get list of polls? Yes. Don’t protect.
Does anonymous user should be able to delete a poll? No. Protect.
Does anonymous user should be able to post his vote? Yes. Don’t protect.
Does anonymous user should be able to add (post) voting options? No. Protect.
etc.

Your code also doesn’t check if a poll I want to delete belongs to me (even after you’ll protect the delete route, anyone will be able to log in and delete any poll).

AdventureBear · December 27, 2016, 1:33pm

Thank you, this is the type of feedback I need!

AdventureBear · December 27, 2016, 4:55pm

One more question, how did you find my source code if I didn’t post it? Did you just look at my github account?

THanks again for all the insight, I have about 8 new TODOs / bugs to squash with this app. Great learning.

jenovs · December 27, 2016, 5:24pm

I looked at your github

AdventureBear · December 27, 2016, 5:44pm

Brilliant!

working on those todos right now ,but first writing up a blog post (maybe a medium article) about coding this project and things I learned. It may help others, but mostly it helps me consolidate my learning

AdventureBear · December 30, 2016, 1:23am

I think i’ve fixed all the issues you brought up. Would you mind checking it out again if you have time? This was about 10-12 hours of additional work, but well worth the learning.

https://votease.herokuapp.com/

jenovs · January 3, 2017, 2:56pm

Looks like routes are protected, but I can’t find a logout button and I can still see login and signup buttons on the homepage although I’m logged in.

Also after deleting my poll I get ‘Internal Server Error’ (looks like server is sending back status code 200, but the address doesn’t exist anymore).