Ch9: Limitations of our approach

tahaafzal5 · Aug 11, 2024 · fe17f47 · fe17f47
1 parent 3d100b4
commit fe17f47
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/Notes/Ch6-10.md b/Notes/Ch6-10.md
@@ -145,6 +145,7 @@
     - [`context` Vs `with_context`](#context-vs-with_context)
   - [Validation of Stored Data](#validation-of-stored-data)
     - [Responsibility Boundaries](#responsibility-boundaries)
+  - [Limitations Of The Naive Approach](#limitations-of-the-naive-approach)
 
 # Ch 6 - Reject Invalid Subscribers #1
 * Our input validation for `/POST` is limited: we just ensure that both the `name` and the `email` fields are provided, even if they are empty.
@@ -934,3 +935,11 @@ curl "https://api.postmarkapp.com/email" \
 * It feels like a business-level decision that would be better placed in `publish_newsletter`, the driving routine of our delivery workflow.
 * `get_confirmed_subscriber` should simply act as an adapter between our storage layer and our domain layer.
   * It deals with the database-specific bits (i.e. the query) and the mapping logic, but it delegates to the caller the decision on what to do if the mapping or the query fail.
+
+## Limitations Of The Naive Approach
+* Our approach so far has the following limitations:
+  1. Security: Our `POST /newsletters` endpoint is unprotected - anyone can fire a request to it and broadcast to our entire audience, unchecked.
+  2. Only One Shot: As soon you hit `POST /newsletters` your content goes out to your entire mailing list. No chance to edit or review it in draft mode, etc.
+  3. Performance: We are sending emails out one at a time. We wait for the current one to be dispatched successfully before moving on to the next in line.
+  4. Fault Tolerance: If we fail to dispatch one email we bubble up the error using `?` and return a `500 Internal Server Error` to the caller. The remaining emails are never sent, nor we retry to dispatch the failed one.
+  5. Retry Safety: Many things can go wrong when communicating over the network. What should a consumer of our API do if they experience a timeout or a `500 Internal Server Error`? They cannot retry - they risk sending the newsletter issue twice to the entire mailing list.