a social photo platform REST API
Create a .env
file and configure it with the following environment variables
PORT=3000
DEBUG=true
CORS_ORIGINS='<one or more cors origins (space separated)>'
MONGO_URI='<mongo uri>'
SECRET='<random string>'
AWS_ACCESS_KEY_ID='<a aws access key id>'
AWS_SECRET_ACCESS_KEY='<a aws secret access key>'
AWS_BUCKET='<a aws bucket>'
- Start a mongodb
npm db-on
- Start the server
npm start
The user model is used in the back-end strictly for authentication and authorization. The user model will never be returned from the API, however userID's are stored on Profiles, Photos, and Comments for authorization validation.
_id
- an unique database generated string which uniquely identifies a useremail
- a unique string which stores the users emailusername
- a unique string that stores the users usernamepasswordHash
- a string that holds a users hashed passwordtokenSeed
- a unique and random string used to generate authorization tokens
Each user can have a single profile. Authorization is required for Creating, Updating, and Deleting Profiles but they have public read access.
_id
- an unique database generated string which uniquely identifies a profileowner
- the user id of the profiles creatoremail
- a unique string which stores the profiles emailusername
- a unique string that stores the profiles profil enameavatar
- a string holding a URL to a profile photobio
- a string holding a profiles bio
Each user can have may photos. Authorization is required for Creating, Updating, and Deleting Photos but they have public read access.
_id
- an unique database generated string which uniquely identifies a profileowner
- the user id of the photos creatorprofile
- stores a the creators profile ID. the profile is populated on GET requestscomments
- stores an array of comment IDs. the comments are populated on GET requestsurl
- a string which store a url to the photodescription
- a string with a description of the photo
Each user can have many comments, and each photo can have may comments. Authorization is required for Creating, Updating, and Deleting Comments but they have public read access.
_id
- an unique database generated string which uniquely identifies a profileowner
- the user id of the photos creatorprofile
- stores a the creators profile ID. the profile is populated on GET requestsphotoID
- stores the photo id of the photo the comment is a response tocontent
- a string with the users comment
CF-Gram uses Basic authentication and Bearer authorization to enforce access controls. Basic and Bearer auth both use the HTTP Authorization
header to pass credentials on a request.
Once a user account has been created Basic Authentication can be used to make a request on behalf of the account. To create a Basic Authorization Header the client must base64 encode a string with the username and password separated by a colon. Then the encoded string can then be append to the string 'Basic '
and set to an Authorization
header on an HTTP Request.
// Example of formating a Basic Authentication header in Javascript
let username = 'slugbyte'
let password = 'abcd1234'
let encoded = window.btoa(`${username}:${password}`)
let headers = {
Authorization: `Basic ${encoded}`
}
After a successful sign-up or login request the client will receive a token. Bearer Authorization uses that token to make a request on behalf of that user account. The token should be append to the string 'Bearer '
and set to an Authorization header on an HTTP Request.
// Example of formating a Bearer Authorization header in Javascript
let token = '11983261983261982643918649814613298619823698243'
let headers = {
Authorization: `Bearer ${token}`
}
a HTTP POST request to /signup will create a new user account.
- Expected Headers
- Content-Type: application/json
- Request Body
- JSON containing a username, email and password
{
"username": "slugbyte",
"email": "[email protected]",
"password": "abcd1234"
}
The response body will be a bearer token.
A HTTP GET request to /login will login (fetch a token) to an existing user account.
- Expected Headers
- Basic Authorization for the user account
The response body will be a bearer token.
A HTTP POST request to /profiles will create a new profile.
- Expected Headers
- Bearer authorization
- Content-Type: multipart/form-data
- Expected Body
- a
bio
field containing string with the users bio - a
image
filed with the users avatar image
- a
the response will be a JSON profile
a HTTP GET request to /profiles will return an array of profiles
- Optional Query Parameters
- SEE PAGINATION
See pagination
a HTTP GET request to /profiles/:id will return a profile
the response will return a JSON profile
a HTTP GET request to /profiles/:id will return a profile
- Expected Headers
- Bearer authorization
the response will return a users JSON profile
a HTTP PUT request to /profiles/:id will update a profile
- Expected Headers
- Bearer authorization
- Content-Type: multipart/form-data or application/json
- Optional Body Fields
- an optional
image
filed with the users avatar image- photo uploads are only possible for Content-Type: multipart/form-data
- an optional
bio
field containing string with the users bio
- an optional
the response will return a JSON profile
a HTTP DELETE request to /profiles/:id will delete a profile
- Expected Headers
- Bearer authorization
the response will have no body and a status of 204
A HTTP POST request to /photos will create a new photo. A photo cannot be created until the User has created a profile.
- Expected Headers
- Bearer authorization
- Content-Type: multipart/form-data
- Expected Body
- a
photo
filed with the file asset - a
description
field
- a
the response will be a JSON photo
a HTTP GET request to /photos will return an array of photos
- Optional Query Parameters
- SEE PAGINATION
See pagination
a HTTP GET request to /photos/:id will return a photo
the response will return a JSON profile
a HTTP PUT request to /photos/:id will update a profile
- Expected Headers
- Bearer authorization
- Content-Type: multipart/form-data or application/json
- Optional Body Fields
- an optional
photo
filed with a replacement photo- photo uploads are only possible for Content-Type: multipart/form-data
- an optional
description
- an optional
a HTTP DELETE request to /photos/:id will delete a profile
- Expected Headers
- Bearer authorization
the response will have no body and a status of 204