Ask HN: Checklist for building a CRUD-style web app with user accounts?

3 points by 54mf 4 years ago | 2 comments
I'm at the feeling-out part of Yet Another Project Idea, trying to wrap my head around with level of effort required to build out a relatively straightforward web app with user accounts and CRUD-style item management. Think something like a social network; view content, create an account, upload content, etc etc.

I know there are checklists / task lists out there for things like web security ("don't use MD5") and front-end web dev best practices ("test in different browsers") but I'm curious if something higher-level exists. Almost something like a REST API boilerplate, maybe? Something along the lines of:

USER ACCOUNTS [] Create an account [] Send user email verification [] Edit account [] Reset password [] Securely create reset token [] Send password reset email ...

Is there anything like this out there? Feels like it could be useful for getting a project off the ground more smoothly, and help keep scope in check while helping avoid missing important requirements. I'll probably end up making something myself—and hey, let me know if you'd be interested in what I come up with—but I'd love to see what the state of the art looks like.

  • byoung2 4 years ago
    Is the goal to build the actual workings of the app (you want to learn CRUD app development)? Or do you have a product/service that you want to sell using the app (e.g. you want people to be able to create an account and buy and sell).

    In the first case just search for tutorials or best practices on building apps. For the second case, just use an off the shelf application.

    • 54mf 4 years ago
      Neither, really. I'm a developer and nothing in front of me is completely new, but taking a product from idea to completion has a fair amount of Coastline Paradox involved. Not looking for a "how do I do this" solution, more along the lines of, if I want to tackle this, here's a list of tasks I'll need to make sure to cover.

      For example, creating a user account creation flow is easy enough, right? You just need a form for a username and password. And password complexity checking (client-side for UX, and server-side for security). And something like bcrypt server-side for hashing (and make sure to follow best-practices in hashing and storing). And you'll want to verify emails to cut down on spam, so you'll need some sort of way to send emails, probably a service because rolling your own email server is....a lot. Oh and where are you going to actually store the user data? MySQL/PostgreSQL or something like NoSQL? Managed database, or are you going to handle the setup, backups, hardening, etc yourself?

      Congratulations, we've finished creating a user account! Except for password reset, session authentication tokens, rate-limiting login attempts, CAPTCHAs, and everything around the admin side of handling bad actors (account suspension, IP and/or email blocklists, etc etc etc). ;)