Add security

[nbarbettini]

Right now the API is unauthenticated. An example of how to do API security for a RESTful API would be sweet!

[TheAifam5]

Also to security stuff - you shoudn't send everything to the user... only that what is needed. I mean - good idea would be to make 2 models for Input (Requests) and Output (Responses) to prevent data leakage. :D I'm trying to master it right now. :)

[nbarbettini]

@TheAifam5 I agree, having separate classes to model what's stored in the DB, what's returned to the user, and what's accepted in a POST reduces the chances that you'll accidentally leak something. This project already uses that pattern. 🙂