Ask HN: Checklist for building a CRUD-style web app with user accounts?
I know there are checklists / task lists out there for things like web security ("don't use MD5") and front-end web dev best practices ("test in different browsers") but I'm curious if something higher-level exists. Almost something like a REST API boilerplate, maybe? Something along the lines of:
USER ACCOUNTS [] Create an account [] Send user email verification [] Edit account [] Reset password [] Securely create reset token [] Send password reset email ...
Is there anything like this out there? Feels like it could be useful for getting a project off the ground more smoothly, and help keep scope in check while helping avoid missing important requirements. I'll probably end up making something myself—and hey, let me know if you'd be interested in what I come up with—but I'd love to see what the state of the art looks like.
2 comments
[ 5.5 ms ] story [ 16.0 ms ] threadIn the first case just search for tutorials or best practices on building apps. For the second case, just use an off the shelf application.
For example, creating a user account creation flow is easy enough, right? You just need a form for a username and password. And password complexity checking (client-side for UX, and server-side for security). And something like bcrypt server-side for hashing (and make sure to follow best-practices in hashing and storing). And you'll want to verify emails to cut down on spam, so you'll need some sort of way to send emails, probably a service because rolling your own email server is....a lot. Oh and where are you going to actually store the user data? MySQL/PostgreSQL or something like NoSQL? Managed database, or are you going to handle the setup, backups, hardening, etc yourself?
Congratulations, we've finished creating a user account! Except for password reset, session authentication tokens, rate-limiting login attempts, CAPTCHAs, and everything around the admin side of handling bad actors (account suspension, IP and/or email blocklists, etc etc etc). ;)