no-vulnerability API
API for no-vulnerability.
Getting started
To setup the development server, run
npm install
to configure the dependencies. Edit env.example removing the .example extension. Set every variable:
SECRET=YOUR SECRET FOR JWT
DB_HOST=DATABASE HOST
DB_PORT=DATABASE PORT
DB_USER=DATABASE USERNAME
DB_PASSWORD=DATABASE PASSWORD
DB_NAME=DATABASE NAME
Then, setup the MySQL database db-schema.sql. This database will store the data of our API.
To start the server, run:
npm start
Endpoints
/api/v1/register
This is the registration endpoint. To use this, send a POST request with a body as below:
{
"username": "diegowinter",
"email": "diego@diegowinter.dev",
"password": "diego2021"
}And a Content-Type: application/json header. If everything is OK, it will return status 201 with the response:
{
"message": "success"
}/api/v1/login
This is the authentication endpoint. To use this, send a POST request with a body as below:
{
"username": "diegowinter",
"password": "diego2021"
}And a Content-Type: application/json header. If the username and password match, it will return status 200 with the response:
{
"auth": true,
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImtSTjcxTFhvUnEiLCJpYXQiOjE2MTE1ODQxMDUsImV4cCI6MTYxMTU4NzcwNX0.F1ec-ln47JluNsJ18PswDBBHbYSJUxspLJCgkh69hGM"
}The token is used in every request on the next endpoint.
/api/v1/cards
With verbs GET, POST, PUT and DELETE, each doing a different task.
GET: Get cards from a user. To use this, just send a request with a headerx-access-tokenwith a valid token obtained at authentication. If everything is OK, it will return status200and an array with all cards of the authenticated user:
{
"data": [
{
"id": "WJMaxbPOOt",
"user_id": "kRN71LXoRq",
"title": "Some task 1",
"description": "A pending task",
"created_at": "1611536846212",
"updated_at": "1611536846212"
},
{
"id": "POMaOJxtWb",
"user_id": "kRN71LXoRq",
"title": "Some task 2",
"description": "Another pending task",
"created_at": "1611536846212",
"updated_at": "1611536846212"
}
]
}POST: Add a new card associated to the authenticated user. To use this, send a request with a headerx-access-tokenwith a valid token obtained at authentication and a body as below:
{
"title": "Some task 3",
"description": "A new task to add"
}And a Content-Type: application/json header. If everything is OK, it will return status 201 with the response:
{
"message": "success"
}PUT: Edit an existing card. To use this, send a request with a headerx-access-tokenwith a valid token obtained at authentication and a body as below:
{
"id": "WJMaxbPOOt",
"title": "Some task 1 (a brief edit)",
"description": "This task is pending!"
}And a Content-Type: application/json header. If everything is OK, it will return status 200 with the response:
{
"message": "success"
}DELETE: Delete a card. To use this, send a request with a headerx-access-tokenwith a valid token obtained at authentication and a body as below:
{
"id": "WJMaxbPOOt"
}And a Content-Type: application/json header. If everything is OK, it will return status 200 with the response:
{
"message": "success"
}Limits
The API will validate every data coming with requests and will return an error if not respect the following limits:
| Attribute | Limit |
|---|---|
| username (user) | Up to 20 characters, including only letters, numbers, _ and . |
| email (user) | Up to 100 characters |
| title (card) | Up to 100 characters |
| description (card) | Up to 300 characters |