Welcome to Fellow (because it's Penn LABs - badum tss) - a kanban board API.
This project was written using ES6 features (mostly) adhering to the Airbnb's ES6 Style Guide with a Node environment.
- Bulma for making forms look pretty.
- Express for server (npm has a great ecosystem).
- MongoDB for database (although the data is technically relational, NoSQL is fast to develop with and the schema dictates document-level references anyway).
- JWT/Passport for authentication (extra feature talked about at length in Documentation section).
- The
id
s of cards and lists are immutable strings (notint
s) as per MongoDB's standard schemas. - The
edit
routes have been changed to/card/edit/:cardId
and/list/edit/:listId
for consistency. - Added a
/card/all
route to return all cards made by the user. - Added a
/list/all
route to return all lists made by the user (useful for debugging). - Added timestamps using a
createdAt
field to all documents. - Added an author field using
creator
to all documents. - Built middleware in
/server/auth/middleware.js
to validate token authorization.
All environment variables are located in .env
(I know this is isn't safe but I trust you guys), including PORT
, DB_URI
(currently hosted on MLab but can be changed) and SECRET
(key used to sign tokens).
- Clone repo.
- Install packages using
npm install
. - Run
npm start
to run project.
The code is commented but this section aims to provide a high-level overview of the project structure. Use this guide while exploring the codebase.
- Project is split into
/server
and/client
folders. Project starts atserver/index.js
when runningyarn start
. - Schemas for users, cards, and lists are in the
/server/models
folder with their own respective files linked together/server/models/index.js
when connecting to the MongoDB instance. - Routes are refactored into routers of their respective schema (and authentication protocol) in
server/routes
. - CRUD operations within routes are standard with the exception of re-ordering lists in which other are moved around according instead of simple swapping (similar to Trello's actual behavior).
Tokens are used to authenticate routes in a stateless manner and are signed using the 256 bit secret found in .env
(can be of arbitrary length). The procedure for token authentication in Fellow is as follows:
- User creates account using
/signup
route. Password is hashed using bcrypt and is stored. Independent salt is also generated and stored. - User signs in using
/login
route. Provided password is hashed using bcrypt and is compared. If match, then token is generated by signing a payload of user's_id
and username using a 256 bit secret. - An
Authorization
header MUST be set to a signed token in order for protected routes (/card/*
and/list/*
) to be accessed when using the API. However, when using the static front end pages I've added a default token to be sent so that you don't have to worry about it when using the web form. - Upon logout (or after 2 hours if you uncomment the comment in the signature line in
/server/auth/login.js
) tokens must be regenerated.