Meteor Web API Examples using fine-rest
.
$ git clone https://github.com/aadamsx/meteor-web-app-test.git
Two different projects, one Web API and one the Client to the Web API.
$ cd /web-api-uer
$ meteor npm install --save
$ cd /web-api
$ meteor npm install --save
$ cd /web-api/fine-rest
$ meteor npm install --save
$ cd /web-api
$ npm run web-app-test
By default the Web API will run on --port 4500
$ cd /web-api-user
$ npm run web-app-test
By default the Web API client will run on --port 3101
curl -X POST \
http://localhost:4500/test-route \
-H 'cache-control: no-cache' \
-H 'content-type: application/json'
Security checks are NOT implemented for the above route, so you will not have to call out to the API /users/login
first. For routes under /api
you must first get a valid token. An example is provided under Create Bearer Token. Options for database are database_1
or database_2
defined in the settings.json
file.
In order to check the fine-rest lib will return a Bearer token you must do the following:
Note: The default database is simpley web-api
, yet when calling a route under /api/
, specifically /api/test-route2
you must specify either database_1
corresponding to web-api-1 or database_2
corresponding to web-api-2.
2) Create users in this database with the Meteor accounts-password package.
curl -X POST \
http://localhost:4500/users/login \
-H 'cache-control: no-cache' \
-H 'content-type: application/json' \
-d 'email=test@test.com&password=12345'
A NEW option is to log in with a temp token:
curl -X POST \
http://localhost:4500/users/token-login \
-H 'cache-control: no-cache' \
-H 'content-type: application/json' \
-d 'dbId=database_1&loginToken=123'
For this option only the temporary login token is required, the databaseId is optional and requires a database URL in the settings.json file (please see the code for more details).
You should get a response:
{
"id": "456",
"token": "123",
"tokenExpires": "2017-10-19T04:10:18.644Z"
}
This token is your Bearer token that you have to use for all subsequent Web API calls. .
1) Make sure before running this command you have attached debugger; comments where you want to "hook" into your code, for example:
JsonRoutes.add('POST', '/test-route/', function(req, res, next) {
debugger; // => the server will pause for debugging if the 'test-route' is called!
JsonRoutes.sendResult(res, {
code: 200,
data: {
result: "OK"
}
});
});
MONGO_URL=mongodb://localhost:27017/meteor meteor --debug-port 3200 --port 3100 --settings settings.json
Note: by default running npm web-app-test
will run with debug turned on.
3) After running this command you must go to the following URL in order to attach to the server process:
http://localhost:5422/?port=3200
curl -X POST \
http://localhost:3100/api/test-route2 \
-H 'authorization: Bearer 123' \
-H 'cache-control: no-cache' \
-H 'content-type: application/json' \
-d 'userId=456&dbId=database_2'
Note: For this route, security is on, this means the Bearer token
must be valid (in the user's collection record), the userId
must be valid (again in the user's collection record) for the databaseId
passed in, either database_1
or database_2
.
.
- Could not get middleware to run on exceptions.
- Could not add a code to sendResult() without the requestor (web-api-user project) hanging.
.
- Engineer the auto retrieval of the Bearer token from the Web API.
- Engineer the storage of Bearer token in order for client to use the Web API.
- MongoDB storage of Bearer token.
- Middleware that only runs for a particular route.
- Ability to retrieve data from multiple databases.
- Added login token ability (instead of user name and password).
- Get CORS working.
- CORS working for specific domains.
- Add a check for user Roles to see if they have permission on an endpoint.
- Add rate limiter to avoid request overload.
- React Native client to Web API?
- Logging in middleware for all requests.
- Consider removing Meteor Accounts dependency
- Add "Web Hooks" on the client to get response status from long-running service.
- Singleton and Concurrency concepts:
- Singleton: One connection to a database = one module = one class within that module, must all be unique per HTTP request (cannot have one request, stepping on another, by overwriting the next).
- Concurrency: Web App must be able to handle concurrent HTTP requests reading from and writing to a database.
.
-
We could send an immediate response to the user with the URL to the file and set a flag inside the "shared" database with the status of the operation.
-
But the issue is we'd still have to periodically check the status. I think Web Hooks on the Web API allow you to get alerted when the status changes?
-
I think as it stands, the code is synchronous and thus does not require me to use webhooks?
.
- fine-rest in this example has been updated with the option to log in with a token. The new route is named
/users/token-login
and has the option to pass in a database ID for multi-database use. I will update the NPM version of fine-rest to reflect this changes at some point soon. - The example
web-api-user
client application now checks for a Bearer token server side inside a MongoDB collection namedGlobals
-- if its there it uses it for Web API calls, if not it goes and gets a new one from the Web API.
- The Meteor Web API now talks to (3) MongoDBs. The first DB named
web-api
is the default for the Web API. The second and third DBs options are stored in thesettings.json
file. - Added requirement to pass in databaseId. There are two databases to choose from, web-api-1 and web-api-2.
- Added imports directory where the People class and Mono collections are defined.
- Added new
/api/test-route2
. - All security checks are not under the new
/api
route.
- Temporarily added fine-rest package locally to the web-api project for debugging purposes.
- Worked on Original issues