a social photo platform REST API
Create a .env
file and configure it with the following enviroment variables
PORT=3000
DEBUG=true
CORS_ORIGINS='<one or more cors orgins (space seporated)>'
MONGO_URI='<mongo uri>'
SECRET='<random string>'
AWS_ACCESS_KEY_ID='<a aws access key id>'
AWS_SECRET_ACCESS_KEY='<a aws secret access key>'
AWS_BUCKET='<a aws bucket>'
- Start a mongodb
yarn db-on
- Start the server
yarn start
The user model is used in the backend strickly for authentication and authorization. The user model will never be returned from the API, however userID's are stored on Profiles, Photos, and Comments for authorzation validation.
_id
- an unique database genorated string which uniqly identifys a useremail
- a unique string which stores the users emailusername
- a unique string that stores the users usernamepasswordHash
- a string that holds a users hashed passwordtokenSeed
- a unique and random string used to genorate authorization tokens
Each user can have a single profile. Authorization is required for Creating, Updating, and Deleteing Profiles but they have public read access.
_id
- an unique database genorated string which uniqly identifys a profileowner
- the user id of the profiles creatoremail
- a unique string which stores the profiles emailusername
- a unique string that stores the profiles profilenameavatar
- a string holding a URL to a profile photobio
- a string holding a profiles bio
Each user can have may photos. Authorization is required for Creating, Updating, and Deleteing Photos but they have public read access.
_id
- an unique database genorated string which uniqly identifys a profileowner
- the user id of the photos creatorprofile
- stores a the creators profile ID. the profile is populated on GET requestscomments
- stores an array of comment IDs. the comments are populated on GET requestsurl
- a string which store a url to the photodescription
- a string with a description of the photo
Each user can have many comments, and each photo can have may comments. Authorization is required for Creating, Updating, and Deleteing Comments but they have public read access.
_id
- an unique database genorated string which uniqly identifys a profileowner
- the user id of the photos creatorprofile
- stores a the creators profile ID. the profile is populated on GET requestsphotoID
- stores the photo id of the photo the comment is a response tocontent
- a string with the users comment
Sluggram uses Basic authentication and Bearer authorization to enforce access controls. Basic and Bearer auth both use the HTTP Authorization
header to pass credentials on a request.
Once a user account has been created Basic Authentication can be used to make a request on behalf of the account. To create a Basic Authorzation Header the client must base64 encode a string with the username and password seporated by a colon. Then the encoded string can then be appened to the string 'Basic '
and set to an Authorization
header on an HTTP Request.
// Example of formating a Basic Authentication header in Javascript
let username = 'slugbyte'
let password = 'abcd1234'
let encoded = window.btoa(`${username}:${password}`)
let headers = {
Authorization: `Basic ${encoded}`
}
After a successfull signup or login request the client will receive a token. Bearer Authorization uses that token to make a request on behalf of that user account. The token should be append to the string 'Bearer '
and set to an Authorization header on an HTTP Request.
// Example of formating a Bearer Authorization header in Javascript
let token = '11983261983261982643918649814613298619823698243'
let headers = {
Authorization: `Beaer ${token}`
}
a HTTP POST request to /signup will create a new user account.
- Expected Headers
- Content-Type: application/json
- Request Body
- JSON containing a username, email and password
{
"username": "slugbyte",
"email": "slugbyte@slugbyte.com",
"password": "abcd1234"
}
The response body will be a bearer token.
A HTTP GET request to /login will login (fetch a token) to an existing user account.
- Expected Headers
- Basic Authorization for the user account
The response body will be a bearer token.
A HTTP POST request to /profiles will create a new profile.
- Expected Headers
- Bearer authorization
- Content-Type: multipart/form-data
- Expected Body
- a
bio
field containing string with the users bio - a
image
filed with the users avatar image
- a
the response will be a JSON profile
a HTTP GET request to /profiles will return an array of profiles
- Optional Query Paramiters
- SEE PAGINATION
See pageination
a HTTP GET request to /profiles/:id will return a profile
the response will return a JSON profile
a HTTP GET request to /profiles/:id will return a profile
- Expected Headers
- Bearer authorization
the response will return a users JSON profile
a HTTP PUT request to /profiles/:id will update a profile
- Expected Headers
- Bearer authorization
- Content-Type: multipart/form-data or application/json
- Optional Body Fields
- an optional
image
filed with the users avatar image- photo uploads are only posible for Content-Type: multipart/form-data
- an optional
bio
field containing string with the users bio
- an optional
the response will return a JSON profile
a HTTP DELETE request to /profiles/:id will delete a profile
- Expected Headers
- Bearer authorization
the response will have no body and a status of 204
A HTTP POST request to /photos will create a new photo. A photo cannot be created until the User has created a profile.
- Expected Headers
- Bearer authorization
- Content-Type: multipart/form-data
- Expected Body
- a
photo
filed with the file asset - a
description
field
- a
the response will be a JSON photo
a HTTP GET request to /photos will return an array of photos
- Optional Query Paramiters
- SEE PAGINATION
See pageination
a HTTP GET request to /photos/:id will return a photo
the response will return a JSON profile
a HTTP PUT request to /photos/:id will update a profile
- Expected Headers
- Bearer authorization
- Content-Type: multipart/form-data or application/json
- Optional Body Fields
- an optional
photo
filed with a replacement photo- photo uploads are only posible for Content-Type: multipart/form-data
- an optional
description
- an optional
a HTTP DELETE request to /photos/:id will delete a profile
- Expected Headers
- Bearer authorization
the response will have no body and a status of 204