TODO: simplify checks with filters create services for each entity clean up the code in controllers cors/security related issues