Rules Hub
Coding Rules Library
← Back to all rules
Rule priority, scope & exceptions
Use this to align rules with the senior-level structure (P0/P1/P2, scope, exceptions/tradeoffs).
backend ruleP1project specificStack: node
authsecurityapiparams
Separate the auth/session token from other request params
Handle the authorization token (e.g. session cookie) distinctly from generic query/body params rather than bundling it in.
PR: hegnar-forum-web · org-mining-hist-2026-06Created: Jun 20, 2026
Bad example
Old codets
| 1 | const { id, name, blaize_session } = req.query; // auth token mixed with data params |
| 2 | callApi({ id, name, blaize_session }); |
Explanation (EN)
Objašnjenje (HR)
Good example
New codets
| 1 | const { blaize_session } = req.cookies; // auth handled separately |
| 2 | const { id, name } = req.query; |
| 3 | callApi({ id, name }, { authToken: blaize_session }); |
Explanation (EN)
Objašnjenje (HR)