Document Management System, complete with roles and privileges. Each document defines access rights; the document defines which roles can access it. Also, each document specifies the date it was published.
The following features make up the Document Management System API:
- It uses JSON Web Token (JWT) for authentication.
- It generates a token upon successul login / account creation and returns it to the client.
- It verifies the token to ensures a user is authenticated to access some endpoints.
- It allows users to be created.
- It allows users to login and obtain a token
- It allows authenticated users to retrieve and edit their information only.
- All users can be retrieved, modified and deleted by the admin user.
- It ensures that users have roles.
- It ensures user roles could be
admin
orregular
, or as created by the admin . - It ensures roles can be created, retrieved, updated and deleted by an admin user.
- A non-admin user cannot create, retrieve, modify, or delete roles.
- It allows new documents to be created by authenticated users.
- It ensures all documents have access roles defined as
public
orprivate
. - It allows admin users to create, retrieve, modify, and delete documents.
- It allows the admin user to retrieve all documents.
- It allows
private
andpublic
access documents to be retrieved by its owners. - It ensures users can delete, edit and update documents that they own.
- It allows users to retrieve all documents they own.
- It allows users to set a type for any document they create.
- It allows documents to be defined based on types. Eg. Note, Report etc.
- It allows users to add types to any document they create.
- It allows users to create and retrieve types.
- It allows only admin user to modify and delete types
- It allows users to search
public
documents that belong to other users (as well as documents that belong to the user). - It allows admin to retrieve all documents that matches search term, be it
public
orprivate
.
- [React] - A javascript library for building user interfaces
- [Redux] - A predictable state container for JavaScript apps.
- [Enzyme] - A JavaScript Testing utility for React
- [Materialize] - great UI boilerplate for modern web apps
- node.js - evented I/O for the backend
- Express - fast node.js network app framework
- [Webpack] - the streaming build system
- [Sequelize] - Sequelize is a promise-based ORM for Node.js and io.js.
- [JWT] - To authenticate routes
- [Postgresql and Sequelize ORM]
Document Mnagement System requires Node.js v4+ to run.
Install the dependencies and devDependencies and start the server.
$ cd docMan
$ npm install -d
$ node app
$ Create Postgresql database and run migrations npm run db:setup.
$ Start the express server npm start.
$ Run test npm test.
Create a Postman environment and set url and token variables or download and import a production environment from this
The API has routes, each dedicated to a single task that uses HTTP response codes to indicate API status and errors.
Users are assigned a token when signup or signin. This token is needed for subsequent HTTP requests to the API for authentication and can be attached as values to the header's x-acess-token
or authorization
key. API requests made without authentication will fail with the status code 401: Unauthorized Access
.
EndPoint | Functionality |
---|---|
POST /api/users/login | Logs a user in. |
POST /api/users/logout | Logs a user out. |
POST /api/users/ | Creates a new user. |
GET /api/users/ | Find matching instances of user. |
GET /api/users/ | Find user. |
PUT /api/users/ | Update user attributes. |
DELETE /api/users/ | Delete user. |
POST /api/documents/ | Creates a new document instance. |
GET /api/documents/ | Find matching instances of document. |
GET /api/documents/ | Find document. |
PUT /api/documents/ | Update document attributes. |
DELETE /api/documents/ | Delete document. |
GET /api/users//documents | Find all documents belonging to the user. |
GET /search/users/ | Gets all users with full Names contain the search term |
GET /search/roles/:term | Get all roles with title containing the search term |
GET /search/document/:userId/:term | Get all document owned by userId with title containing the search term |
GET /search/documents/:term | Get all documents with title containing the search term |
GET /search/documents/:userId/:term | Get all document owned or accessible by userId with title containing the search term |
The following are some sample request and response from the API. |
- Roles
- Users
- Documents
- Search
- Search Documents
- [Search Users] (#search-users)
Endpoint for Roles API.
- Endpoint: GET:
/api/roles
- Requires: Authentication
- Status:
200: OK
- Body
(application/json)
[
{
"id": 1,
"title": "Admin",
"createdAt": "2016-12-06T06:44:54.792Z",
"updatedAt": "2016-12-06T06:44:54.792Z"
}, {
"id": 2,
"title": "Registered",
"createdAt": "2016-12-06T06:44:54.792Z",
"updatedAt": "2016-12-06T06:44:54.792Z"
}
]
Endpoint for Users API.
- Endpoint: POST:
api/users
- Body
(application/json)
{
"username": "uniqueuser",
"fullNames": "Unique User",
"email": "[email protected]",
"RoleId": 1,
"password": "password"
}
- Status:
201: Created
- Body
(application/json)
{
"user": {
"id": 141,
"username": "uniqueuser",
"fullNames": "Unique User",
"email": "[email protected]",
"RoleId": 1,
"createdAt": "2017-02-19T17:34:19.992Z",
"updatedAt": "2017-02-19T17:34:19.992Z"
},
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJVc2VySWQiOjE0MSwiUm9sZUlkIjoxLCJpYXQiOjE0ODc1MjU2NjAsImV4cCI6MTQ4NzY5ODQ2MH0.ddCQXZB2_woJ32xZNHqPBhNXfjBRg6T3ZsSmF8GCplA",
"expiresIn": "2 days"
}
- Endpoint: GET:
api/users
- Requires: Authentication, Admin Role
- Status:
200: OK
- Body
(application/json)
[{
"id": 140,
"username": "uyi2",
"fullNames": "wuyi2AH",
"email": "[email protected]",
"RoleId": 1,
"password": "$2a$08$ErbiyXkXAXsGXLoG2VOIIucUwzaCXGJz.d5YKkL/0SQIM3xhdbib2",
"createdAt": "2017-02-17T19:41:30.837Z",
"updatedAt": "2017-02-17T19:41:30.837Z"
},
{
"id": 141,
"username": "uniqueuser",
"fullNames": "Unique User",
"email": "[email protected]",
"RoleId": 1,
"password": "$2a$08$eggCuipNKnau7CJcxGVaUeEssqo5OjbQedfV1.gGNT2GNTyloD6MS",
"createdAt": "2017-02-19T17:34:19.992Z",
"updatedAt": "2017-02-19T17:34:19.992Z"
}]
Endpoint for document API.
- Endpoint: GET:
/api/documents
- Requires: Authentication, Admin Role
- Status:
200: OK
- Body
(application/json)
[{
"id": 45,
"title": "Another new document",
"content": "Test Epic things like lorem etc",
"permission": "Public",
"OwnerId": 29,
"createdAt": "2017-02-17T17:40:45.146Z",
"updatedAt": "2017-02-17T17:40:45.146Z"
},
{
"id": 44,
"title": "New Title",
"content": "The unique content of a document does not lie in the presence of the word unique",
"permission": "1",
"OwnerId": 1,
"createdAt": "2017-02-06T22:55:43.747Z",
"updatedAt": "2017-02-06T22:55:43.747Z"
}]
- Endpoint: POST:
/api/documents
- Requires: Authentication
- Body
(application/json)
{
"title": "Just a Title",
"content": "This placeholder should not always be a lorem generated document",
"OwnerId": 1,
"permission": "private"
}
- Status:
201: Created
- Body
(application/json)
{
"id": 1,
"title": "Just a Title",
"content": "This placeholder should not always be a lorem ipsum generated document",
"OwnerId": 1,
"permission": "private",
"createdAt": "2017-02-05T05:51:51.217Z",
"updatedAt": "2016-02-05T05:51:51.217Z"
}
- Endpoint: GET:
/api/documents/:id
- Requires: Authentication
- Status:
200: OK
- Body
(application/json)
{
"id": 1,
"title": "Just a Title",
"content": "This placeholder should not always be a lorem ipsum generated document",
"OwnerId": 1,
"permission": "private",
"createdAt": "2017-02-05T05:51:51.217Z",
"updatedAt": "2016-02-05T05:51:51.217Z"
}
- Endpoint: PUT:
/api/documents/:id
- Requires: Authentication
- Body
(application/json)
:
{
"title": "Updated Title",
}
- Status:
200: OK
- Body
(application/json)
{
"id": 1,
"title": "Updated Title",
"content": "This placeholder should not always be a lorem ipsum generated document",
"OwnerId": 1,
"permission": "private",
"createdAt": "2017-02-05T05:51:51.217Z",
"updatedAt": "2016-02-05T05:51:51.217Z"
}
- Endpoint: DELETE:
/api/documents/:id
- Requires: Authentication
- Status:
200: OK
- Body
(application/json)
{
"message": "Deleted Document with id:42"
}
- Endpoint: GET:
/search/documents/:term
- Requires: Authentication
- Status:
200: OK
- Body
(application/json)
[{
"id": 45,
"title": "Another new document",
"content": "Test Epic things like lorem etc",
"permission": "Public",
"OwnerId": 29,
"createdAt": "2017-02-17T17:40:45.146Z",
"updatedAt": "2017-02-17T17:40:45.146Z"
},
{
"id": 44,
"title": "New Title",
"content": "The unique content of a document does not lie in the presence of the word unique",
"permission": "1",
"OwnerId": 1,
"createdAt": "2017-02-06T22:55:43.747Z",
"updatedAt": "2017-02-06T22:55:43.747Z"
}]
- Endpoint: GET:
/search/users/:term
- Requires: Authentication, Admin Role
- Status:
200: OK
- Body
(application/json)
[{
"id": 140,
"username": "uyi2",
"fullNames": "wuyi2AH",
"email": "[email protected]",
"RoleId": 1,
"password": "$2a$08$ErbiyXkXAXsGXLoG2VOIIucUwzaCXGJz.d5YKkL/0SQIM3xhdbib2",
"createdAt": "2017-02-17T19:41:30.837Z",
"updatedAt": "2017-02-17T19:41:30.837Z"
},
{
"id": 141,
"username": "uniqueuser",
"fullNames": "Unique User",
"email": "[email protected]",
"RoleId": 1,
"password": "$2a$08$eggCuipNKnau7CJcxGVaUeEssqo5OjbQedfV1.gGNT2GNTyloD6MS",
"createdAt": "2017-02-19T17:34:19.992Z",
"updatedAt": "2017-02-19T17:34:19.992Z"
}]
The limitations to the Document Management System API are as follows:
- Users can only create plain textual documents and retrieve same when needed.
- Users cannot share documents with people, but can make document
public
to make it available to other users. - Users cannot delete their accounts unless via the action of an admin of the system.
- Users login and obtain a token which is verified on every request, but users cannot logout (nullify the token), however tokens become invalid when it expires (after 1 day).
Contributors are welcome to further enhance the features of this API by contributing to its development. The following guidelines should guide you in contributing to this project: