Skip to content

CalebQ42/stupid-backend

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

111 Commits

crash

crash

 
 

db

db

 
 

defaultapp

defaultapp

 
 

embed

embed

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

Thunder-Client-Tests.json

Thunder-Client-Tests.json

 
 

app.go

app.go

 
 

auth.go

auth.go

 
 

count.go

count.go

 
 

crash.go

crash.go

 
 

go.mod

go.mod

 
 

go.sum

go.sum

 
 

log.go

log.go

 
 

request.go

request.go

 
 

stupid.go

stupid.go

 
 

user.go

user.go

 
 

Repository files navigation

Stupid Backend

A purposely simple and "stupid" backend. Primarily created for SWAssistant with that specific implementation found at swassistant-backend. Though made for SWAssistant, this is a barebones that provides some common use cases I (and potentially others) that can be quickly and easily deployed.

Functions

  • Disable or enable any capabilities based on an API key or server configuration.
  • Log anonymously
    • Deleted after 30 days. Purely for user count purposes.
  • Crash reports
    • Anonymouse with optional extra data.
  • User accounts
    • Authentication provided, but specific uses are left up to the implementation.
  • All of the above, but with multiple apps using the same backend.
    • Each app will have a seperate App ID.
    • Users will be shared between multiple apps.

Base Authenticed URLs

These are the available functions in the core setup for KeyedApps. These are meant to be added to in a specific implementation.

API Key Info

GET: /key/{api_key}

Requires the key permission.

{
  "id": "uuid string",
  "appID": "myApp",
  "alias": "Human readable description of the key",
  "permissions": {
    "key": true, // Get info about this key.
    "count": true, // Get user count; Total user and users per platform. Based on Log.
    "log": true, // Log a user connecting.
    "auth": true, // Authenticate and create user accounts.
    "crash": true // Send crash reports
    // Additional permissions should be added by specific implementations.
  },
  "death": -1 // Unix timestamp (seconds) of the planned death of the key. Keys can be expired at any time without warning. -1 indicates no intended death time.
}

User Count

GET: /count?key={api_key}&platform={platform}

Required the count permission. Platform query is optional.

{
  "platform": "platform", // If no platform is given, will be "all".
  "count": 0
}

Log Connection

POST: /log?key={api_key}&id={uuid}&platform={platform}

Requires the log permission.

Logs that a user connected to the API. This is purely meant to get a rough amount of active users. Should be opt-in and IDs are removed if they haven't logged within 30 days.

If successful, returns 201.

Report Crash

POST: /crash?key={api_key}

Requires the crash permission.

Request body:

{
  "id": "uuid string",
  "error": "error",
  "platform": "platform",
  "stack": "stacktrace",
  "version": "app version",
  // Optional extras object field with additional context
  "extras": {}
}

If successful, returns 201.

Create User

POST: /createUser?key={api_key}

Requires the userAuth permission. If not using stupid-server, make sure user creation is only allowed when using TLS.

Request Body:

{
  // Must not be empty or just spaces and cannot end or begin with spaces.
  // Must be less then 64 characters.
  // Must be unique.
  // Spaces will be trimmed.
  "username": "username",
  // Passwords must be between 5-32 characters.
  "password": "password",
  // Email must be unique.
  "email": "email"
}

Response:

{
  "token": "jwt token",
  // Only populated if there's some problem with creating the user.
  // username - Username is already taken or invalid.
  // email - email is already taken or (probably) invalid.
  // password - Password is invalid.
  "problem": "username"
}

Authenticate

POST: /auth?key={api_key}

Requires the userAuth permission. If not using stupid-server, make sure user authentication is only allowed when using TLS.

Requests will timout every 3 failed attempts for 3^((failed/3)-1) minutes with a maximum of 60 minutes of timeout.

Request Body:

{
  "username": "username",
  "password": "password"
}

Response:

If username is not found, returns 404 with no body.

{
  "token": "jwt token",
  "timeout": -1 // Minutes remaining until timeout is done. -1 if no timeout.
}

Authenticated requests

There are no requests provided by stupid-backend that requires authentication, but will check authentications if the token query is given and extension on stupid-backend will have access to some basic info about the user. Ex:

GET: /getdata?key={api_key}&token={jwt_token}

If a token is present, but the token is invalid (expired or otherwise), returns 401.

Unauthenticated Apps

You can add an app as an UnKeyedApp that doesn't require an API key. This does not have an default functions, but requests will be forwarded to the app. When using both KeyedApp and UnKeyedApp, the KeyedApps will have priority.

Requests

ANY: /{appID}/ ANY: /{alternateName}/

TODO

This libary is yet unfinished, and still needs a couple things.

  • Change passwords.
    • De-authorize JWT tokens when this is done.
  • Allow for third-party logins
    • Primarily want Google 0Auth, but implemented in a way that others could be added later on.
  • Provide more pre-made db's
  • Proper tests
    • Could cause less headaches for me in the future.
  • Build a dashboard
    • Add the necessary APIs for access to this info.

About

A stupid backend to test things out.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases 13

Extras Latest
Feb 5, 2024
+ 12 releases

Packages

No packages published

Languages