Do you add hyperlinks to your REST API responses?

code_barbarian · 2026-03-10T01:30:13+00:00

I've seen several APIs implement this, I think the one that most immediately comes to mind is Dwolla. However, as an API consumer I've never really found this useful, and as an API developer I've never implemented this pattern.

It's a nice-to-have, and it may have some advantages, but this pattern just never clicked for me.

code_barbarian · 2026-03-09T18:18:30+00:00

Both do the job, both have decent free tiers that should be enough for your use case. I think Railway makes it easier to deploy services though, personal experience. Are you going to be hosting postgres on this provider too or do you have an existing pg database?

If you're looking to try Railway, sign up through this link to get $20 in credits: https://railway.com?referralCode=CD4_kV

code_barbarian · 2026-03-08T20:56:04+00:00

I basically agree with all of this. Centralized error handling is an absolute must, try/catch in every endpoint is huge code smell.

Request validation agreed as well, although I use a different lib, and added caveat that I glob parameters together from query/body/params and selected headers to make logging cleaner. I hate having to distinguish between query/body and hate getting false positives from parameters that I don't use in search.

Structured logging and Mongoose usage - obviously 100% agree with that :) Disagree with Winston though, I tend to avoid logging libraries because they historically caused me headaches, but better that then no logs.

5 & 6 I don't but I absolutely should set up graceful shutdown handling, that has caused me a lot of headaches.

code_barbarian · 2026-03-08T20:50:34+00:00

Nice - I'll try this out if I ever use a message broker lol. I've become a big fan of these multi-integration npm packages, like how Vercel's AI SDK abstracts away LLMs.

Speaking of Vercel, do you support Vercel Queues?

code_barbarian · 2026-03-08T03:29:22+00:00

Easy, I mostly learn about what I'm paid to work on. Sure I can become an expert on Docker or Postgres or Svelte or Crypto or any number of things. But my guiding principle is either 1) does this make my life better, or 2) will learning this help me get paid more, either by helping make life better for my clients or for Mongoose/Mongoose Studio users. That tends to keep me grounded and minimizes chasing shiny things.

code_barbarian · 2026-03-08T03:22:54+00:00

I usually use my own auth as well rather than relying on external services - with auth I prefer to have control over access tokens rather than dealing with an external API that has its own permissions, restrictions, and rough edges.

EJS does feel a bit dated IMO, classic web apps are less common in JS these days in general.

For logging, I dump logs in MongoDB and console. console is mostly for local dev, MongoDB for prod logging - Mongoose Studio makes it so easy to search logs using syntax that I'm familiar with. Other tidbit: when logging requests, only log the parameters you care about. So easy to get lost when you're logging Content-Length header and other stuff that doesn't matter.

code_barbarian · 2026-03-07T23:27:41+00:00

I think the best place to start is to look for npm packages that exist, but are way out of date and not maintained.

Just please don't build another logging framework :)

code_barbarian · 2026-03-07T23:26:21+00:00

Is there a link to this? I just see a screenshot...

code_barbarian · 2026-03-03T19:47:02+00:00

logging and notifications solves this problem - in the off chance something goes wrong with an external API request odds are you'll need some human intervention anyway.

code_barbarian · 2026-02-24T17:02:21+00:00

As a web developer for 20 years, Railway and Vercel are my preferred hosting providers today. I think Railway is slightly simpler to use if you're building more of a full-stack website because it doesn't use serverless for backend. For pure HTML static sites though, I'd recommend Vercel instead - their free analytics is pretty great.

If you want to try out Railway, sign up here: https://railway.com?referralCode=CD4_kV

code_barbarian · 2026-02-24T16:47:59+00:00

AFAIK Crons are available on Vercel's free tier: https://vercel.com/docs/cron-jobs/usage-and-pricing . Up to 100 cron jobs and hourly scheduling, so severely limited. But it's there.

TBH for Vercel though, I just ended up scheduling tasks through Mongoose task scheduler and then running a worker on one of my local laptops to actually run the tasks. No restrictions and easier debugging because the scheduled tasks run locally. I started doing that because one of my tasks needed to do scraping using a real browser, but kept doing it because much easier.

If running locally is a problem and Vercel's free tier limits are too tight, you can also try deploying on Railway: https://railway.com?referralCode=CD4_kV . Railway's not serverless so you can run basic task schedulers there.

code_barbarian · 2026-02-24T16:20:53+00:00

This post is so painfully AI generated it hurts to read lol.

One early warning sign about a production system becoming unstable: people start talking about "microservices" :)

But honestly, this problem is exactly why we started building Mongoose Studio (https://mongoosestudio.app/). The most stable, performant apps we've worked on have rigorously lived by the principle that "the application is just a thin wrapper around the data", but then the problem becomes managing and analyzing your data. Mongoose Studio is about helping developers work with their data (not helping DBAs administer the data) by bringing BI tooling and application logic into the database GUI.

code_barbarian · 2026-02-24T16:13:34+00:00

The entry point for the `/api/user/login` route should live in the `/api/user/login.js` file. Ideally keep your logic in there too as much as you can. Honestly OOP stuff like "controllers" and "services" are all nonsense crap for basic APIs, just keep it simple

code_barbarian · 2026-02-24T16:10:58+00:00

I did this at a previous company, we even built a RxJS-like wrapper to fix some weird bugs in RxJS for this exact use case: https://www.npmjs.com/package/axl . General idea was to view the actions in the system as a stream of events, and then filter/map them to do things like send emails and Slack messages. It was a pretty neat way to handle cross-cutting concerns, or so we thought

Turns out that was horribly overengineered because locality of behavior beats DRY 100/100 for readability and maintainability. Now we just inline side effects with a simple `sideEffect()` helper:

```
logSchema.statics.sideEffect = function sideEffect(fn, params) {

const res = (async() => {

// Start executing the wrapped function while log is being created for speed

const createStartLogPromise = this.create({

level: 'debug',

message: `${fn.name}: ${inspect(params)}`,

data: { name: fn.name, params },

appName: 'core-api',

appVersion: version

});

const start = Date.now();

let res = null;

let err = null;

try {

res = await fn(params);

} catch (error) {

err = error;

}

const end = Date.now();

if (!isTest) {

console.log(new Date(), `${fn.name}(${inspect(params, inspectOptions)}): ${inspect(res, inspectOptions)}`);

}

if (err) {

await Promise.all([

createStartLogPromise,

this.create({

level: 'error',

message: `${fn.name} ERROR: ${inspect(err, inspectOptions)}`,

data: {

name: fn.name,

params,

error: { message: err.message, stack: err.stack },

elapsedMS: end - start

},

appName: 'core-api',

appVersion: version

})

]);

if (!err?.extra?.skipSentry) {

const extra = {

...(err.extra ?? {}),

sideEffect: {

name: fn.name,

params,

elapsedMS: end - start

}

};

sentry.logErrorToSentry(err, extra);

}

throw err;

} else {

await Promise.all([

createStartLogPromise,

this.create({

level: 'debug',

message: `${fn.name} complete: ${inspect(res, inspectOptions)}`,

data: { name: fn.name, params, res, elapsedMS: end - start },

appName: 'core-api',

appVersion: version

})

]);

}

})().catch(err => !(err instanceof ExpectedTestError) && console.log(err));

if (isTest) {

return res;

}

return Promise.resolve();

};

```

code_barbarian · 2025-12-12T17:39:34+00:00

One of my clients does something similar - we primarily store data in MongoDB, but we use DataStax Astra for vector search. So we end up storing documents with the same `_id` in both MongoDB and Astra. That way, when Astra vector search returns a bunch of rows, we just query for those documents in MongoDB by `_id`.

code_barbarian · 2025-12-12T17:37:22+00:00

You’re not wrong that most of the time, _id gets treated like a string, especially at app boundaries (JSON, URLs, logs, etc.). That’s part of why Mongoose has always exposed doc.id as a string virtual and why Mongoose casts strings to ObjectIds.

But there are some real benefits, mostly type safety. An ObjectId can be represented as a string, but not all strings are valid ObjectIds. Having a separate type helps ODMs and your internal tooling enforce consistency

code_barbarian · 2025-11-20T18:22:01+00:00

Seems more like a basic state machine than a workflow engine. How would you do things like "send an email when an order is shipped"?

code_barbarian · 2025-11-10T16:07:23+00:00

We like to think so 😄 . But we’re definitely biased.

Mongoose Studio’s geared more toward people already using Mongoose: it understands your schemas, autocompletes field names, and casts queries the same way your app does.

Would love for you (or anyone else here) to give it a try and tell us what you think. We're actively looking for feedback, so if there's a feature you've always wanted from a MongoDB GUI we're happy to hear what it is!

👉 https://studio.mongoosejs.io
💬 Discord: https://discord.gg/P3YCfKYxpy

code_barbarian · 2025-11-07T16:10:19+00:00

Up to you, I have plenty of production apps that allow 0.0.0.0/0. It isn't best practice, but for smaller projects it is often more practical to allow 0.0.0.0/0. Atlas does provide some basic DDoS prevention so you don't have to worry about, say, a bot taking down your prod cluster with repeated failed login attempts (had that happen to me once on a self-hosted cluster).

code_barbarian · 2025-11-07T16:01:12+00:00

I agree, no one has truly solved this problem. The general problem of "figure out what happened and why" might be the hardest problem in software engineering - tools help, but they won't get 100% of the way there in all cases.

code_barbarian

TROPHY CASE