- fork this repository
- write all of your code in a directory named
lab-
+<your name>
e.g.lab-duncan
- push to your repository
- submit a pull request to this repository
- submit a link to your PR in canvas
- write a question and observation on canvas
- create a package.json that lists all dependencies and developer dependencies
- include an .eslintrc
- include a .gitignore
- add the string
db
to a new line in your gitignore file so that you dont include the db directory monogd is storeing its files in! - create a gulpfile
- have a lint task for running eslint
- have a test task for running mocha
- have a nodemon task that restarts your server any time a change has been bade to your .js files
- have a default task for running the lint and mocha tasks
- Create these directories to organize your code:
- db - use the command
mongod --dbpath ./db
to start mongod using this directory - lib
- model
- controller
- route
- test
- Create a HTTP Server using
express
- Use the
http-errors
npm module with the newerror-response
middleware from lecture - Create a User Model using mongoose with the properties
username
,password
, andfindHash
- The users must have a unique username and findhash
- The user must never store the password as plain text (hash the password)
- The user must have a method for genorating a token from the findHash
- Create a Basic Auth Middleware for parsing basic auth headers
- use the
body-parser
express middleware to onPOST
andPUT
routes - use the npm
debug
module to log the functions being executed in your app - using the express
Router
create an auth router with routes for signup and signin - Your server should depend on the environment variables
DEBUG
- for turing on loggingAPP_SECRET
- for signing and verify tokensPORT
- for setting the port your server will listen onMONGODB_URI
- for setting the URI that mongoose will conect to
POST
request- the client should pass the username and passord in the body of the request
- the server should respond with a token genoratorated using jsonwebtoken and the users findHash
- the server should respond with a 400 Bad Request to failed request
GET
request- the client should pass the username and password to the server using a Basic auth header
- the server should respond with a token to authenticated users
- the server should respond with a 401 Unauthorized to non authenticated users
- your tests should start your server when they begin and stop your server when they finish
- write a test to ensure that your api returns a status code of 404 for routes that have not been registered
/api/signup
POST
- test 400, responds with thehttp-errors
401 name, for if nobody provided
orinvalid body
POST
- test 200, response body like<token>
for a post request with a valid body/api/signin
GET
- test 401, responds with thehttp-errors
401 name, if the users could not be authenticatedGET
- test 200, response body like<token>
for a request with a valid basic auth header