API Routes structure
Hello! I have user, user can have many favorite stations. User can add/remove station from favorites. What controller should I put these functionalities
Users or Stations e.g. POST:/users/{id}/stations/favorite, body stationId or POST:/stations/favorite/{stationId}, body:userId?5 Replies
Is the user logged in? Can they reasonably edit other users stations?
I'd always prefer to read the userID from the currently logged in user, if thats an option. Means you dont open yourself up to someone inspecting the http calls and making their own
yes, user = user account, they log in with email and password and have session stored in refresh + jwt, user can't see other users favorite stations. Station data can't be changed.
alr, then you dont need to take userId at all
just read it from the currently authenticated user
where is better place for these routes?
UserController or StationController?I'd go with stationcontroller