Skip to content

SorinC6/back-end

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

71 Commits
allRoutes
allRoutes
 
 
api
api
 
 
auth
auth
 
 
data
data
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
dev.sqlite3
dev.sqlite3
 
 
index.js
index.js
 
 
knexfile.js
knexfile.js
 
 
notes.md
notes.md
 
 
package.json
package.json
 
 
yarn.lock
yarn.lock
 
 

Repository files navigation

back-end

Endpoints

Method Endpoint Description body
POST /api/register Creates a user using the information sent inside the body of the request. { "username": "user", "password": "pass", "role": 0 }
POST /api/login Use the credentials sent inside the body to authenticate the user. On successful login, create a new JWT with the user id as the subject and send it back to the client. { "username": "user","password": "pass" }
GET /api/users If the user is logged in, respond with an array of all the users contained in the database. If the user is not logged in repond with the err code. ---
GET /api/books If the user is logged in, respond with an array of all the books contained in the database. If the user is not logged in repond with the err code. ---
GET /api/reviews If the user is logged in, respond with an array of all the reviews contained in the database. If the user is not logged in repond with the err code. ---
GET /api/users/:id If the user is logged in, and is the correct user, respond with an object with the user user info. If the user is not logged in repond with the err code. ---
GET /api/reviews/:id If the user is logged in, and is the correct user, respond with an object with the specific review info. If the user is not logged in repond with the err code. ---
GET /api/books/:id If the user is logged in, and is the correct user, respond with an object with the specific book info. If the user is not logged in repond with the err code. ---
GET /api/books/:id/all If the user is logged in, and is the correct user, respond with an object with the specific book info. And an attached array of all of the availible revews in the database for that book. If the user is not logged in repond with the err code. ---
DELETE /api/books/:id If the user is logged in, responds with the statment Book with id: ${userID} Deleted!. If the user is not logged-in or does not contain the entry respond with the err code. ---
DELETE /api/reviews/:id If the user is logged in, responds with the statment Review with id: ${userID} Deleted!. If the user is not logged-in or does not contain the entry respond with the err code. ---
PUT /api/books/:id If the user is logged in, responds with an object with the users entry. If the user is not logged-in or does not contain the entry respond with the err code. { "title": "fgfd dfgdfg","author": "pgfd dfass gfdf","publisher": "first fsd ", "summary": "ldf as d t" }
PUT /api/reviews/:id If the user is logged in, responds with an object with the users entry. If the user is not logged-in or does not contain the entry respond with the err code. { "review": "fgfd dfgdfg","rating": "pgfd dfass gfdf","reviewer": "first fsd ", "books_id": 1 }
POST /api/books If the user is logged in, respond with an id of the new entry. If the user is not logged in repond with the err code. { "title": "fgfd dfgdfg","author": "pgfd dfass gfdf","publisher": "first fsd " }
POST /api/reviews If the user is logged in, respond with an id of the new entry. If the user is not logged in repond with the err code. { "review": "fgfd dfgdfg","rating": "pgfd dfass gfdf","reviewer": "first fsd ", "books_id": 1 }

Running

npm run server, yarn server: Runs the Dev back-end server.

yarn start : Runs only the back-end server.

Environment Variables

Tech-Stack

Back-End Dependencies (Production)

BcryptJS

Bcrypt is an adaptive hash function which adjusts the cost of hashing, which means that in the future as computers become more powerful, simply increasing the salt rounds will suffice at keeping Main Course secure due to the amount of processing time that would be required to generate all possible password combinations. | View Dependency

Cors

Used to configure API security. This was used to allow for secure communication between the front-end and back-end servers. | View Dependency

ExpressJS

A prebuilt NodeJS framework that makes creating server side applications simple, fast, and flexible. NodeJS is powered by Google's V8 Engine which means it's powerful and can handle a large number of requests without lapsing in dependability. Also, this means that this is a highly scalable choice when you consider the Event Loop which manages all asynchronous operations allowing the program to continue to run as expected without stops. | View Dependency

Helmet

A collection of nine smaller middleware functions that set security-related HTTP headers appropriatley. This protects Main Course from numerous well known vulnerablilites. | View Dependency

JSON Web Token

Realizing that there is not inherent benefit to using tokens over sessions, we chose to implement jwts due to the added benefit of storing the session on the client side as opposed to being in-memory. Main Course is built with the active server in mind and the potential to have the application be accessed from various devices in different locations. With this, instead of running the risk of having a session be interrupted due to data roaming, connection issues, or server side problems, we chose to store the session information on the client side. We also found this to be more efficient for our needs, as jwts eliminate the need to fetch additional information from the DB to validate the user. | View Dependency

Back-End Dependencies (Development)

Dotenv

Dotsenv allows us to universally set environment variables. | View Dependency

Sqlite3

Jest

Chosen for its out of the box readiness. Jest comes with inbuilt mocking, the ability to run tests in parallel, it works with both the front-end and back-end, has promise support, and is a one stop shop for most testing needs within the scope of this project. | View Dependency

Morgan

An HTTP request logging middleware used for production to easily identify bugs in routes. | View Dependency

Nodemon

Automatically restarts the server on save making production more efficient. | View Dependency

Supertest

Using supertest with jest for integration testing makes things easy to implement and easy to read. | View Dependency

Backend API

Auth Token Payload

The JWT payload will look like this:

{
  username: "usersname",
  password: "random hashed password"
  role: 
};

register/Signup =

|endpoint: |post request to: |/api/register| |expects an object with a username(string), password(string), and role(integer either 0 or 1, --0 for customers and 1 for admin--)| |{ "username":"me", "password":"new", "role":1

}|

login/Signin =

|endpoint:|post request to:|/api/login|expects an object with a username(string), password(string), it generates a token that can be either saved in stat or save locally as the| { "username":"me", "password":"new", "role":1

}| |{ "username": "1", "password": "1", "role": 0

}||{ "username": "kenneth", "password": "password", "role": 1

}|| |/api/users| [ { "id": 1, "username": "me", "password": "$2a$14$JZ2eR.7f8j2oAcbS72NfJ.Py26wp9v6hzxGQBGWaxkJ6vCNTolrxq", "role": 1, "true": null } ]| There are currently Demo endpoint you can use to get reviews and books get:|/demo/api/reviews| to post reviews pasws an abject with the review(string), rating(integer), reviewer(string), and books_id(string)properties included. it should ook like the following |/demo/api/reviews|{ "review": "Sdf gfah dd gsdf", "rating": 4, "reviewer": "juste", "books_id" : 1

}|to update a review use endpoint /demo/api/reviews/:id |/demo/api/reviews/4 |you will need to include review(string), rating(integer) and reviewer(string).|example below:|{

    "review": "everything newer",
    "rating": 5,
    "reviewer": "new person"
}

|/demo/api/books|the id is automatically incremented. but you must implement string values for title, author, publisher. when posting a books info the Summary section(string data) is optional and null will be place if no data is put in.| |{ "title": "C++ for all", "author": "Prof. SmartyPants", "publisher": "Tech book inc", "summary": "more stuff" } | To GET a specific book |/demo/api/books/:id |example: |/demo/api/books/1|[ { "id": 1, "title": "FirstBook", "author": "me", "publisher": "book inc", "summary": "stuff", "true": null }, { "id": 2, "title": "SecondBook", "author": "me", "publisher": "bookinc", "summary": null, "true": null }, { "id": 3, "title": "C++ for all", "author": "Prof. SmartyPants", "publisher": "Tech book inc", "summary": "more stuff", "true": null } ]|

|/demo/api/users/:id|to get request specific user data you will need the id of the user, or simple input the beloww to get them all.|/demo/api/users||The user is an aray stucture of user objects like whats listed below.|

[ { "id": 1, "username": "me", "password": "$2a$14$JZ2eR.7f8j2oAcbS72NfJ.Py26wp9v6hzxGQBGWaxkJ6vCNTolrxq", "role": 1, "true": null } ] |

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • JavaScript 100.0%