Skip to content
No description, website, or topics provided.
JavaScript HTML Other
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
code
scripts
.gitignore
.tm_properties
LICENSE.md
LICENSES
README.md
appspec.yml
buildspec.yml

README.md

Admin Server

This is a private Node.js Express server that hosts the Admin dashboard at https://admin.[domain]. It initializes the database, contains the Content Management System for the pages served on Main server, manages the newsletter functionality, and has other admin actions. Its Security Group restricts its access to one whitelisted IP CIDR range. Most actions are logged and many actions, such as signin or signup, send email alerts to the administrator.

Prerequisites

Database Initialization

Before running anything, you must initialize the database:

GET /?initialize=true

Sign In

The POST /signin API returns a session cookie. Use the cookie on requests that require authentication. Usually, your HTTP request framework will automatically save this cookie. If the cookie expires or server returns 401, request a new cookie.

Sign In - Web

Request

GET /signin

Sign In

Request

POST /signin
Name Type Description
email string Required User email.
password string Required User password.

Response

Set-Cookie: <Cookie with Expiration Time>

Log Out (Delete Session)

Request

GET /logout

Response

Redirects to /signin

Create Admin User

Create Admin User With Email - Web

Request

GET /signup

Create Admin User With Email

Request

POST /signup
Name Type Description
email string Required Email to use to create the user.
password string Required User password.

Response

Redirect to /signup-success

Confirm Admin Email to Complete Email Signup

Request

GET /confirm-email
Name Type Description
code string Required Code that confirms a user is the owner of an email address to complete email signup.

Response

Redirect to /signin

Resend Confirmation Email - Web

Request

GET /resend-confirm-code

Resend Confirmation Email

Request

POST /resend-confirm-code
Name Type Description
email string Required Email to resend confirmation code to.

Response

Redirect to /signin

Admin

Admin Dashboard Home - Web

Request

Authentication Required

GET /admin

Change Admin User Password - Web

Request

Authentication Required

GET /change-password

Change Admin User Password

Request

Authentication Required

POST /change-password
Name Type Description
currentPassword string Required User's current password.
newPassword string Required User's new password.

Response

Redirect to /admin

Content Management System

CMS Dashboard - Web

Request

Authentication Required

GET /cms

New Post - Web

Request

Authentication Required

GET /new-post

Edit Post - Web

Request

Authentication Required

GET /edit-post?id=[POST_ID]
Name Type Description
id string Required ID of post you're editing

Save Post

Request

Authentication Required

POST /save-post
Name Type Description
id string Required if you're editing a post. The ID of post you're saving edits to.
title string Required Title of the post
author string Required Author name of the post
alias string Required A URI alias for viewing the post, used in this format: https://[domain]/post/[alias]. Only alphanumerics, dashes, and underscores.
body string Required Body of the post, in Markdown format.
tags string Comma separated tags for the post.
published boolean Whether or not the post is published, meaning it's publicly viewable. Defaults to false.

Response

{
	message: "Saved successfully",
	id: [ID of the post]
}

Delete Post

Request

Authentication Required

POST /delete-post
Name Type Description
id string Required The ID of post you're deleting.

Response

{
	message: "Deleted successfully"
}

Content Management System - Files

Content Management System - File Uploads - Web

Request

Authentication Required

GET /cms-files

Upload File

Request

Authentication Required

POST /upload-cms-file
Name Type Description
filename string Required The name you want the uploaded file to have.
file binary Required The file data to upload.

Response

Redirect to /cms-files with "Upload Successful" message.

Newsletter Management

View Anonymized Newsletter Statistics

Request

Authentication Required

GET /newsletter

Response

Shows number of confirmed emails, unconfirmed emails, and unsubscribed do not emails.

Send Post To Newsletter

Request

Authentication Required

POST /send-post
Name Type Description
id string Required The ID of post you're sending to the newsletter.
target string Required The target you're sending to. Can be either admin or newsletter. admin is for testing a send of the newsletter — it sends to just admin@[domain]. newsletter sends to the entire newsletter.

Response

{
	message: "Sent successfully."
}

Database - Postgres Command

Admin Dashboard Database Management - Web

Request

Authentication Required

GET /database

Run Logged Postgres Command

The query itself will be logged to a CloudWatch Log Group called PostgresQueries. The result is not logged.

Request

Authentication Required

POST /postgres-command
Name Type Description
command string Required Postgres query to run.

Response

Displays the query result onscreen.

Other APIs

Test Error Logging

Request

GET /error-test

Health Check

Request

GET /health

Response

Status 200
{
	message: "OK from admin." + DOMAIN
}

Feedback

If you have any questions, concerns, or other feedback, please let us know any feedback in Github issues or by e-mail.

License

This project is licensed under the GPL License - see the LICENSE.md file for details

Contact

engineering@openlyoperated.org

You can’t perform that action at this time.