Thank you for great work on this project, I've been exploring the codebase and noticed that in several places, entities are being used directly in controller methods.
While this works, it can lead to couple of potential issues:
- Security risks: Exposing entire entities may unintentionally reveal sensitive fields (e.g passwords)
- Validation complexity: It's harder to control and input when directly binding to entities
- Tight coupling: Changes in the entity could unintentionally break API contracts or client integrations.
Suggestion:
It might be beneficial to introduce DTO classes for request and response models.
Thank you for great work on this project, I've been exploring the codebase and noticed that in several places, entities are being used directly in controller methods.
While this works, it can lead to couple of potential issues:
Suggestion:
It might be beneficial to introduce DTO classes for request and response models.