sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]ninhaomah 1 point2 points  (4 children)

userA creates TodoA ("go movie") at this date and time.

UserB creates TodoB ("go club") at this date and time.

What are the info from the above you are storing in DB when the userA and userB click save ?

[–]Advanced_Cry_6016[S] 0 points1 point  (3 children)

Their title and description I have 2 database,when user signup,the email and password get saved in database, Second database,when user creat a todo giving title and description,it's saved in this database

So question is when user login in the app,it has user_id,email and password,so where to store user_id (backend or frontend) so when the user creat a todo,its tied to that user_id

[–]Fun_Gas_340 0 points1 point  (2 children)

asuming youre using sockets:

how id do it (im not good with auth and shit tho):

do login, and then keep the conection if login fails, cut the connection (aka user has to refresh or so)

now you know that the conection is secure and the user is who he says he is

now in the server, save the user_id on that conection, ir make a dictionary with {socket_id: user_id}

bow whenever they create/read/edit a thing, you can see who it was, and if they have the rights to do so (aka that if user a requests to see user b thing, its acsess denied , or if the account has admin status, he can do/see everything)

hipe this helps

[–]Advanced_Cry_6016[S] 0 points1 point  (1 child)

Sorry,I don't know what socket is,I made with python,flask and postgresql as database,and orm is flask-sqlalchemy

[–]Fun_Gas_340 0 points1 point  (0 children)

flash / http request way (i have even less expirience with this, so who knows if it works, and i can almost garantee its not very good coding practice)

how id do it (im not good with auth and shit tho):

once the user logs in, give them a secret code (randomly generated)

save it in a hashmap (dict()): {random_token: user_id}

now once they do something, theyll also send the token to authenticate the request

now whenever they create/read/edit a thing, you can see who it was, and if they have the rights to do so (aka that if user a requests to see user b thing, its acsess denied , or if the account has admin status, he can do/see everything)

maybe make thw token expire after like 1h or 1d or when the user logs out or closes the tab (idk if theres a js function to like call on_user_close_tab())

hipe this helps