This is an authentication Api.
- This authentication Api test the main functionlities of creating account, assigning roles to users, protecting user access based on the user role in the system with the use of jwt(jsonwebtoken), hashing of user password to protect user information using bcrypt and password recovery. more functionality to aid this task involves using of sessions to keep the user logged in at will and logging out.
- To access the system, user has to create account and choose its role, the system accepts specified roles which include ['admin', 'manager', 'staff', 'users'], these roles are been strictly verifed to avoid unauthorized user accessing sensitive information, the Admin is the first user been created and has all the available access to the system, the Manager role is a sensitive role that the manager creates an account and on creation will include a request in the request model, then the admin has the access through the request list to verify the manager account to be used,the staff account has to be verifed either by the admin or the manager for their account to be used, while the user receives a verification email to verify is account through link sent.
Register
['admin', 'manager', 'staff', 'users'].
Login
['admin', 'manager', 'staff', 'users'].
verify account
['admin', 'manager', 'staff', 'users'].
forget password
['admin', 'manager', 'staff', 'users'].
verify password
['admin', 'manager', 'staff', 'users'].
approve manager
['admin'].
approve staff
['admin', 'manager'].
add blog
['admin', 'manager'].
update blog
['admin', 'manager', 'staff'].
delete blog
['admin', 'manager'].
request list
['admin', 'manager'].
blog list
['admin', 'manager', 'staff', 'users'].
logout
['admin', 'manager', 'staff', 'users'].
Server: Javascript language, Node.js framework, MONGODB
SignUp
Enables users to register with their email, fullname, mobile, gender, password and role.
Login
Accesses user details and enables authenticated users to gain full access to the platform.
Verify account
Allows users to verify their account for use, by obtaining the link sent to their gmail to verify.
Forget password
Allows users to activate a recovering link to chnage their password to be sent to their mail.
Verify password
Allows users to change their account password if forgotten, by providing the new password.
Approve manager
Enables authenticated users as an admin to verify an account created as a manager account.
Approve staff
Enables authenticated users as an admin or manager to verify an account created as a staff account.
Add blog
Enables authenticated users as an admin or manager to insert a blog post to the system.
Update blog
Enables authenticated users as an admin, manager or staff to update a blog post already created in the system.
Delete blog
Enables authenticated users as an admin or manager to delete a blog post already created in the system.
Delete blog
Enables authenticated users as an admin or manager to delete a blog post already created in the system.
Request list
Enables authenticated users as an admin or manager to view all the request list of the manager and staff already created in the system.
Blog list
Enables authenticated users as an admin, manager, staff or users to view all the blog post already created in the system.
Logout
Enables authenticated users to be logged out of the system.
You can test with these routes:
-
localhost:3000/api/v1/login
body{ email and password }
:POST
-
localhost:3000/api/v1/register
body{ email, fullname, mobile, gender, password and role }
POST
-
localhost:3000/api/v1/verify/account/:id
params{ userId }
POST
-
localhost:3000/api/v1/forget/password
body{ email }
POST
-
localhost:3000/api/v1/verify/password
params{ id } && body{ newPassword and confirmPassword }
POST
-
localhost:3000/api/v1/approve/managers
body{ userId }
:POST
-
localhost:3000/api/v1/approve/staff
body{ userId }
:POST
-
localhost:3000/api/v1/add/blog
body{ title, description }
POST
-
localhost:3000/api/v1/update/blog
body{ description, blogId }
PATCH
-
localhost:3000/api/v1/delete/blog
body{ blogId }
DELETE
-
localhost:3000/api/v1/list/request
GET
-
localhost:3000/api/v1/list/blog
GET
-
localhost:3000/api/v1/logout
POST