* Hardcoded sensitive MongoDB credentials in `index.js` dangerously expose the production database connection string. * Artwork images or file buffers are stored directly in MongoDB, which complicates scaling file storage for the artists' assets. * Fetching endpoints like `/api/artworkDetails` utilize `POST` instead of standard `GET` requests, violating REST principles. * Authentication is decentralized; user identification relies on `userToken` passed in the body, requiring validation middleware. * The codebase lacks a robust file upload strategy; integrating Cloudinary or S3 is recommended over database storage.
Detailed description is only visible to project members.