trigen-backend's People
trigen-backend's Issues
Secure password storing (User Accounts)
Only store salted password hashes.
WSGI Application server
PATCH / PUT /users/id/accounts/id
Saves changes to one of a users accounts
JWT is required!
Request body:
{
"domain": "lfksafd.net",
"username": ";laskjdf",
}
Documentation
...just...DO IT!
DELETE /users/id/accounts/id
Deletes one of a users accounts
JWT is required!
Restrict origin to frontend domain
Only accept api requests from the frontend domain. (Settings in Nginx)
UPDATE/PATCH /users/id
Change password and/or email
The old password/hash needs to be validated with the value in the database inside the backend.
Needs authentication via JWT, maybe even a reauthentication. So that it only works with a freshly generated Token!
Request-Body:
{
"email": "[email protected]",
"oldPW": "oldPW",
"newPW": "newPW",
}
GET /users/id
Gets a single users id and email
Needs authentication via JSON Web Token
Response:
{
"id": "ABC123",
"email": "[email protected]"
}
POST /login
Logs in a specific user by returning a json web token which could then be used for further requests.
Request-Body:
{
"email": "[email protected],
"password": "password"
}
Das "JWT" sollte wirklich vor dem Token stehen!
Response:
{
"token": "JWT saldkfjo8j92832-238r-asdjf-as0djf0329...',
"user": {
"id": "1",
"email": "[email protected]",
"maxAccounts": 5,
}
}
POST /users/id/activate
Activates a newly registered user account.
Request should be sent from an email.
Response: 200 ok
GET /users/id/accounts
Gets a list of saved accounts for a specific user.
JWT is required!
Response:
[
{
"id": "alsdjf",
"domain": "domainName.TLD",
"username": "username"
},
{
"id": "sadfadsf",
"domain": "domainName2.TLD",
"username": "username2"
}
]
POST/users/id/slots/add
Adds a certain number of slots to the users maximum. (Usually when the user buys 'em)
The packageName
part represents one of the available slot packages, e.g. small for 10 accounts, medium for 50 and large for 100...)
JWT required!
prevent duplicate account entries
Make user_id, domain, username unique in database.
POST /logout
Logs out the currently logged in user
Request-Body:
{
"userID": "id",
}
Response: 200 ok
DELETE /users/id
Deletes a single user and his accounts
Error Handling
Add appropriate error checking and handling. Return nice error messages.
Put api classes in separate files
User and Account should be removed from triserv.py and put into separate files under resources/.
POST /users
Registers a new user
Request-Body:
{
"email": "[email protected]",
"password": "password"
}
Response-Body:
{
"id": "userID",
"email": "[email protected]",
}
GET /users/id/hash
Gets the user specific hash
Needs authentication via JWT! Should probably use a fresh token - if has been in use for a longer period of time, reauthentication is necessary. (we probably won't implement refresh tokens for now, though...
Response:
{
"hash": "hash"
}
POST /users/id/accounts
Adds a new account to the users account list
JWT is required!_
Request:
{
"domain: "domainadfasdlk.de",
"username": "aldskjf",
}
ngnix setup
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.