Skip to content

API Routes

Jump to bottom
Romain Francois edited this page Dec 19, 2016 · 2 revisions

Prerequisites and Configuration

First, we need to require some packages and files to make it work properly:

var express         = require('express');
var router          = express.Router();
var config          = require('../config/config');
var moment		    = require('moment');
var Promise		    = require('bluebird');
var Info 		    = require('./models/Info');
var User		    = require('./models/User');
var Controller      = require('./controller.js');
var bcrypt          = require('bcrypt');
var jwt             = require('jsonwebtoken');
var reCAPTCHA       = require('recaptcha2');

Then, we need a little configuration:

//Set the hash salt for encrypt
const saltRounds = 10;

We set a salt for the hash passwords library (bcrypt).

var recaptcha = new reCAPTCHA({
    siteKey:   config.googlePublic,
    secretKey: config.googleSecret
});

This is the basic code for the Google reCAPTCHA feature. Here you import your public and secret key from your /config/config.js file.

Different routes

These are all the routes the API handles:

'api/user/register'          (POST)    //Register new user
'api/user/login'             (POST)    //Login user
'api/infos'                  (GET)     //Get all the information

//From here need valid token
'api/infos'                  (POST)    //Add a new information
'api/infos/user/:id'         (GET)     //Get all the information related to the userID)
'api/infos/id/:id'           (GET)     //Get an information by its ID
'api/infos/update/:id'       (POST)    //Update an information by its ID
'api/infos/delete/:id'       (DELETE)  //Delete an information by its ID
'api/infos/:id/join'         (POST)    //Join an Event by its ID
'api/info/:id/leave'         (POST)    //Leave an Event by its ID
'api/infos/:id/:votetype'    (POST)    //Add a vote on an info by its ID
'api/users'                  (GET)     //Get all users
'api/user/id/:id'            (GET)     //Get a user by its ID
'api/user/name/:name'        (GET)     //Get a user by its username
'api/user/myprofile'         (GET)     //Get the profile of the connected user
'api/user/update'            (POST)    //Update user information
'api/user/delete'            (DELETE)  //Delete the connected user

Checking the token

This middleware is defined after the GET route '/api/infos'.

.use(function(req, res, next) {

    //check header or url params or post params for token
    var token = req.headers['x-access-token'];
    //decode token
    if(token != undefined) {

        //verifies secret and checks expiry
        jwt.verify(token, config.secret, function(err, decoded) {
            if(err) {
                return res.status(403).json({ success: false, message: 'Failed to authenticate token'});
            }
            else {
                //if everything good save to request for use in other Routes
                req.decoded = decoded;
                next();
            }
        });
    }
    else {

        //if there is no token : return error
        return res.status(403).send({
            success: false,
            message: 'No token provided.'
        });
    }
})

Default response (404 error)

If the request is not handled by the defined routes, the following middleware will handle it:

.use(function(req, res, next){
    res.status(404).send('Error 404 : Request not found');
});

©Quickshare 2016-2017 | [Contact](mailto:[email protected]?subject=[Contact QuickShare WIKI]) | Written with StackEdit.

Navigation

Clone this wiki locally