I’m trying to build a web-app with integration of some Facebook data. (Facebook Events in particular).
I would like to know what are the best practices/recommandations to handle synchronization.
Here is my current thought: In my database, I need to have:
- User: with Facebook ID, and list of friends
- Event: with list of User
In mongoose syntax it means the following schema:
var UserSchema = new Schema({
id: { type: String, default: '' },
friends: [{type : Schema.ObjectId, ref : 'User'}]
})
mongoose.model(‘User', UserSchema )
var EventSchema = new Schema({
eid: { type: String, default: '' },
users: [{type : Schema.ObjectId, ref : 'User'}]
})
mongoose.model('Event', EventSchema)
For now, I’m using Passport-Facebook to handle authentication and Facebook-Node-SDK (https://github.com/Thuzi/facebook-node-sdk) to make graph call. So I can set my accessToken during my Passport FacebookStrategy:
passport.use(new FacebookStrategy({
clientID: config.facebook.clientID,
clientSecret: config.facebook.clientSecret,
callbackURL: config.facebook.callbackURL
},
function(accessToken, refreshToken, profile, done) {
FB.setAccessToken(accessToken); //Setting access token
User.findOne({ 'id': profile.id }, function (err, user) {
//handling creation in case of error
//then synchronization of friends
})
]);
Once the user is logged, I redirect him to an URL which first call a static method which synchronize FB events of current user then redirect him to the following route:
app.get('/events', events.index)
But this is not compliant with RESTful standards? For example, with my method I didn’t need route like this:
app.post('/events', events.add)
app.put('/events', events.update)
app.del('/events', events.destroy)
In fact, I don’t see how to proper implement this kind of syntonization and I’m worry with the future integration of front-end solution.
Can someone point me what I am missing and eventually give some advices/link to handle this situation? Is it better to handle the listing of event on client-side with Official Facebook SDK and just give to my API the IDs needed? In this case, how to secure the data?
Update: It's an extand of this question Web app integration with facebook ( architecture issues ) Regarding the answer, I can't figure it out with my particular case.