This project is a backend, RESTful API server. It's intended to be coupled with a frontend application. The whole project is a security leak demonstration for Grand Nord Digital Forum: we're playing a "token theft" showing the matter of data encryption when it comes to HTTP.
This project was generated with Sails
One can contribute following those guidelines
Here's the roadmap
API documention uses apiary. Every single API change MUST be reflected inside API blueprint documentation
In english
- Install node.js
- Install sails locally
- Clone (or fork and clone) projet
npm install
inside projet folder- You're up & ready to rock =)
Auth is performed jwt style.
*sequence in the image is just an illustration, not reflecting our actual api implementation here
Steps:
- Authenticate with email/password couple on
/auth/signin
endpoint - Parse JSON response and find you're granted token using
token
property on the response ({token: '...'}, ...
) - Set
token
HTTP header (with received token value) on each further request, thus authenticating with this token in the process - (if you get a
403
on a further request, the token have been invalidated: user deleted, token expired => re-authenticate yourself)