Simple TODO API

There is also grpc branch

Contents

• API End-points
  • User related
  • List related
  • Task related
  • Token related
• Stack

API End-points

Optional fields marked with "optional" comment

User related

• POST /users

  # POST /users
  
  # Request body
  {
      "username": <string>,   
      "password": <string>    # printable ascii ; minimal length is 8
  }
  
  # Response body
  {
      "user_id": <int32>
  }

• POST /users/login

  # POST /users/login
  
  # Request body
  {
      "username": <string>,   
      "password": <string>
  }
  
  # Response body
  {
      "session_id": <uuid>,
      "access_token": <string>,
      "access_token_expires_at": <time>, # RFC3339 with maximum 9 digits in fractional seconds, without trailing zeros in fractional seconds
      "refresh_token": <string>,
      "refresh_token_expires_at": <time>, # same as access_token_expires_at
      "user_id": <int32>
  }

• PUT /users/<int32>

  # PUT /users/<int32>
  # Require header "authorization : bearer <access_token>"
  
  # Request body
  {
      "old_password": <string>,
      "new_password": <string>
  }
  
  # Without resposne body

• DELETE /users/<int32>

  # DELETE /users/<int32>
  # Require header "authorization : bearer <access_token>"
  
  # Without request body
  
  # Without response body

List related

• GET /users/<int32>/lists

  # GET /users/<int32>/lists
  # Require header "authorization : bearer <access_token>"
  
  # Without request body
  
  # Resposne body
  {
      "lists": [
          {
              "id": <int32>,
              "header": <string>
          }...
      ]
  }

• POST /users/<int32>/lists

  # POST /users/<int32>/lists
  # Require header "authorization : bearer <access_token>"
  
  # Request body
  {
      "header": <string>
  }
  
  # Without response body

• DELETE /users/<int32>/lists/<int32>

  # POST /users/<int32>/lists/<int32>
  # Require header "authorization : bearer <access_token>"
  
  # Without request body
  
  # Without response body

Task related

• GET /users/<int32>/lists/<int32>/tasks

  # POST /users/<int32>/lists/<int32>/tasks
  # Require header "authorization : bearer <access_token>"
  
  # Without request body
  
  # Response body
  {
      "tasks": [
          {
              "id": <int32>,
              "list_id": <int32>,
              "parent_task": <int32>, # optional ; min = 1
              "task": <string>,
              "complete": <bool>
          }...
      ]
  }

• POST /users/<int32>/lists/<int32>/tasks

  # POST /users/<int32>/lists/<int32>/tasks
  # Require header "authorization : bearer <access_token>"
  
  # Request body
  {
      "parent_task": <int32>, # optional ; min = 1
      "task": <string>
  }
  
  # Response body
  {
      "created_task_id": <int32>
  }

• PUT /users/<int32>/lists/<int32>/tasks/<int32>

  # POST /users/<int32>/lists/<int32>/tasks/<int32>
  # Require header "authorization : bearer <access_token>"
  
  # Request body
  {
      "type": <string>, # "TEXT" or "CHECK"
      "text": <string>, # required if type == TEXT
      "check": <bool> # required if type == CHECK
  }
  
  # Without response body

• DELETE /users/<int32>/lists/<int32>/tasks/<int32>

  # DELETE /users/<int32>/lists/<int32>/tasks/<int32>
  # Require header "authorization : bearer <access_token>"
  
  # Without request body
  
  # Without response body

Token related

• POST /tokens/refresh_access

  # POST /tokens/refresh_access
  
  # Request body
  {
      "refresh_token": <string>
  }
  
  # Response body
  {
      "access_token": <string>,
      "access_token_expires_at": <time> # RFC3339 with maximum 9 digits in fractional seconds, without trailing zeros in fractional seconds
  }

Stack

Web server

• gin
• paseto

Data Base (PostgreSQL)

• lib/pq
• migrate
• sqlc
• mock

Testing

• mock
• testify

Deploy

• Docker
• viper

Types

• google/uuid