This API represents the basic fetures of a twitter(ish) site. The API supports Users, Authentication, Posts, and Likes. Users should be able to register, sign in, create posts, delete posts, like posts, and update their profile information.
The API requires uses Mongoose and a MongoDB database. To work with the API locally you will need to create the DB locally, create a local .env file with your database URL, and setup your .env file.
- Make sure MongoDB is installed on your machine.
- For then clone this repository
- Change directories to the cloned repository
cd microblogLite
- create your
.env
file by copying the example providedcp .env.example .env
- edit the
.env
file to include something similar to the following example:DATABASE_URL="mongodb://127.0.0.1:227017/DB_NAME_HERE" JWT_SECRET="whateveryouwant"
- From the command line, type
npm install
- From the command line, type
npm start
ornpm run watch
if you want to leveragenodemon
. - Test the API by making a accessing
http://localhost:5000
in a broswer
NOTE: visiting
http://localhost:5000
will take you to a swagger/openapi documentation that describes and allows you test all the endpoints.
- Any HTML in the
username
andfullName
fields will be removed automatically. - Any HTML in the Post
text
and Userbio
fields will be sanitized. Some tags and attributes will be removed. - Tags and attributes allowed are partially listed here under the
allowedTags
andallowedAttributes
objects listed there.- The following additional tags are allowed:
<img>
<iframe>
butautoplay
permission is removed, some additional security policies are being enforced, and only the following hostnames are permitted in thesrc
attribute.www.youtube.com
open.spotify.com
embed.music.apple.com
player.vimeo.com
widget.deezer.com
- The following attributes are allowed on all elements:
- alt
- aria-*
- class
- data-*
- lang
- rel
- title
- translate
- The following additional tags are allowed:
- Sanitizers are defined in
/services/sanitizers.js
and implemented in the controllers for the POST and PUT endpoints for Users and Posts.