Fix authorization header typo in tests
Add API endpoints to documentation
Initial commit
A minimal demonstration of a CRUD API for user profiles
For the sake of minimising the technical scope and time spent on this MVP, various featurs are not implemented, preventing this from being considered remotely close to production-ready. These are listed below, under the TODO heading.
After cloning the repository locally, simply install the sparse number
of dependencies for the project via npm, npm install
.
In your local directory containing the cloned project, you may run
npm start
as you usually would to run the project using npm
directly. However, do note that the application currently uses an
environment variable, JWT_SECRET
, to assign an HMAC secret for the
purpose of the JSON Web Token functionality. You can simply set this at
run time via JWT_SECRET=somesecret npm start
.
Once running, you may connect to the service in whichever method you
prefer. As I prefer using curl
, let's use that for the example:
curl -i -X POST \
-d '{"username":"foo","name":"Foo McBar","email":"foo@bar.com","password":"Password123!"}' \
-H "Content-Type: application/json" \
http://localhost:8000/auth/register
Which returns a corresponding JSON response, such as:
{"id":"fZcp8B4l6xYjiJnwfbQNi","username":"foo","email":"foo@bar.com","name":"Foo McBar"}
You may now log into the auth controller to retrieve your JWT token:
curl -i -X POST \
-d '{"username":"foo","password":"Pasword123!"}' \
-H "Content-Type: application/json" \
http://localhost:8000/auth/login
Which returns a corresponding JSON response, such as:
{"username":"foo","email":"foo@bar.com","name":"Foo McBar","accessToken":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6Im4zeW9XU3o2VUNEdlpUN21USFNFayIsImlhdCI6MTY0MDMzNTk5NSwiZXhwIjoxNjQwNDIyMzk1fQ.N6Yks1ZvJxy7qIV_W1xAwCKLDcPrahW7aYeLwA3lJ2o"}
This token is set to expire 24 hours after time it was issued. Using this token, you may now pass the authentication necessary to view user profiles, as well as updating or deleting your own profile.
curl -i \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjJLbk94NHd6bnFZbzFzLW5PSEp5cyIsImlhdCI6MTY0MDMzNjc0MSwiZXhwIjoxNjQwNDIzMTQxfQ.Fj-5n5ABSYFfRxwc_ti7TkvHgmSIO0_PaSrs38e_vlQ" \
http://localhost:8000/users
Returning:
[{"key":"2KnOx4wznqYo1s-nOHJys","value":"{\"username\":\"foo\",\"hashedPassword\":\"$2b$10$QCE2DWZfwiYhzmvdX7BR.OQpfJUhuSGTjzMJV9kt148z/mnzrIcd6\",\"email\":\"foo@bar.com\",\"name\":\"Foo McBar\"}"}]
The API consists of the following endpoints:
POST /auth/register(/)
: register a userPOST /auth/login(/)
: log in with a username and passwordGET /users(/)
: * list usersPOST /users(/)
: * register a new user (redundant, to be removed)GET /users/<user-id>(/)
: * view a user profileDELETE /users/<user-id>(/)
: * delete user profile (only if the
profile is your own)PUT /auth/register(/)
: * update user profile (only if the profile
is your own)* Request requires authentication via JWT.
To run the test suite, run via npm, npm t
.
dockerfile
for easy containerisationnyc
, for example)