Skip to content

Instantly share code, notes, and snippets.

@jfeliweb

jfeliweb/reunion_dish_peanut.md

Last active November 17, 2019 21:42
Show Gist options
  • Save jfeliweb/d237a7c56da6777a81eaebb06a0ee545 to your computer and use it in GitHub Desktop.
Save jfeliweb/d237a7c56da6777a81eaebb06a0ee545 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
reunion_dish_peanut.md

Reunion Dish API

Parties

  • List all the parties in the database
    • Display all public parties
    • Pagination
    • Limit number of results
    • Search by Party name or ID
    • Filter by tags
  • Get single party
    • Get single private
      • Authentication Required
      • Must have a role of Admin, Host, Co-host or guest
  • Create new party
    • Authentication Required
    • Must have a role of Admin or Host
  • add list item for party
    • Host and Co-host
  • upload photo for party
    • Host and Co-host
  • Update parties
    • Host and Co-host only
    • Validation on update
  • Delete Party
    • Host only

Dishes

  • List all dishes for party
  • List all dishes in general
    • Pagination, filtering, etc
  • Get single dish
  • Create new dish
    • Authentication Required
    • Must have the role of Admin, Host, Co-Host, Guest (while in a party)
  • Update dish
    • Owner only
  • Delete dish
    • Owner only

Users and Authentication

  • Authenticate using JWT/cookies
    • expires in 30 days
  • User registration
    • register as a guest or Host
    • Token will be sent along with a cookie after registration
    • Password will be hashed
      • two-factor added later
    • Google and Facebook Registration will be added.
      • will need email
  • User login
    • User can login with email and password
      • Google and Facebook will be added.
    • Plain text password will compare with stored hashed password
    • After logged in, token will be sent along with a cookie (token = xxx)
  • User logout
    • Cookie will be sent to set token = none
  • Get user
    • Route to get the currently logged in user (via token)
  • Password reset (lost password)
    • User can request to reset password
    • A hashed token will be emailed to users registered email address
    • A PUT request can be made to the generated url to reset password
    • The token will expire after 10 minutes
  • Update user info
    • Authenticated user only
    • Separate route to update password
  • User CRUD
    • Admin only

Security

  • Encrypt passwords and reset tokens
  • Prevent NoSQL Injections
  • Add headers for security (helmet)
  • Prevent cross site scripting - XSS
  • Add a rate limits for requests of 100 requests per 10 minutes
  • Protect against http param pollution
  • Use cors to make API public (for now)

Documentation

  • Use Postman to create documentation
  • Use docgen to create HTML files from Postman
  • Add HTML files as the / route for the api

Deployment

  • Docker
  • AWS or GDC
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment