This is a simple proxy server whose primary role is to ensure that only the calls with the appropriate authorization credentials are able to modify the database. It also serves as an abstraction layer for the back-end databases, so that we can change implementation strategies and not have to change the front-end code.
This API is defined using Swagger (aka OpenAPI), and the swagger
library
takes care of validating request and responses according to the schema defined
in api/swagger/swagger.yaml.
The critical code is in api/controllers.
The token
authorization model refers to the Auth0 JWT token scheme, and
many calls look at group memberships defined by the Auth0 app.
The calls in the /user
paths are proxied to the Auth0 administration API.
The calls in the /case
, /method
, /organization
and the like are proxied
to the ElasticSearch database.
The code expects a file .env
to be located in the root directory of the folder,
defining the following environment variables:
AUTH0_CLIENT_ID
and AUTH0_CLIENT_SECRET
as per the Auth0 application which
is managing the users, and AWS_ACCESS_KEY_ID
and AWS_SECRET_ACCESS_KEY
corresponding to the AWS account with permissions to access the ElasticSearch
cluster.
npm start
starts the API server.
npm test
runs the test suite. These are written using
http://visionmedia.github.io/superagent/ and
https://github.com/substack/tape
swagger project editor
can be used (once swagger
is installed) to edit the
API definition file.