* Hardcoded MongoDB connection string exposes critical production credentials; this demands immediate isolation using environmental variables. * Artwork uploads store file objects directly in MongoDB, which is inefficient; integrate cloud storage (S3) and persist only the URL. * The `ArtworkController` suffers from deep nesting due to mixing Multer callbacks within asynchronous Express error handling; refactor for cleaner error flow. * Resource fetching uses non-standard POST requests instead of conventional GET routes and URL parameters, compromising API RESTfulness.
Detailed description is only visible to project members.