REST & GraphQL API Design in Node.js, v2 (using Express & MongoDB) CRUD in the Controllers
This course has been updated! We now recommend you take the API Design in Node.js, v4 course.
Transcript from the "CRUD in the Controllers" Lesson
>> Scott Moss: Okay, cool, let's go into the next thing which is [COUGH] CRUD in the controllers. So we have those controllers that literally aren't doing anything right now. I mean, we have the part that's responding back, but inside of those functions, it's calling controllers. That's the resolving test data, right?
[00:00:20] We need to fill those controllers out so they're not just doing test data. And now that we have Mongo hooked up, we can use those models that we just created with those schemas and actually use them inside of our controllers. So we're gonna create controllers for each VERB, which is already created for you.
[00:00:39] We're gonna use information from the request and middleware to provide details to the database queries and inserts. All that information's all ready there for you as well but, for instance, you can use query parameters, route parameters, tokens, cookies, IPs. Whatever is sent on the request, whatever it is, you can use that information inside your controller to do whatever you need to do.
[00:00:59] This is where SQL injection came from. You inject that SQL query in that query right there, and they just pop it right off the query string and throw it right into SQL. And now you're querying all types of stuff. So we wanna keep it async to keep our concurrency high.
[00:01:14] And then we want to try to minimize touching the database. So that means just don't do any unnecessary querying that we don't have to. If we already have a document, from like that params middleware, then we shouldn't have to query the database to get into the same document.
[00:01:28] It's already there. Unless there's some additional data on a document that we don't have, and then we have to do some querying, like population or, I don't know, whatever you need. But just try not to touch the database more than once. Sure, you're gonna get examples where you have to touch the database a lot.
[00:01:45] For instance if you do like role-based authentications, or if you got, like when we get to GraphQL, you can literally touch the database on every single property in GraphQL if you don't be careful. So it's a lot of stuff you can do wrong in there. So you'll see, but basically you wanna try to keep that to the minimum as possible, using caching and stuff like that.
[00:02:05] Oops, come back, okay, cool.