This project is a backend, RESTful API server. It's intended to be coupled with a frontend application. The whole project is a security leak demonstration for Grand Nord Digital Forum: we're playing a "token theft" showing the matter of data encryption when it comes to HTTP.

This project was generated with Sails

One can contribute following those guidelines

Here's the roadmap

API documention uses apiary. Every single API change MUST be reflected inside API blueprint documentation

In english

• Install node.js
• Install sails locally
• Clone (or fork and clone) projet
• npm install inside projet folder
• You're up & ready to rock =)

See API doc at apiary.io

Auth is performed jwt style.

*sequence in the image is just an illustration, not reflecting our actual api implementation here

Steps:

• Authenticate with email/password couple on /auth/signin endpoint
• Parse JSON response and find you're granted token using token property on the response ( {token: '...'}, ... )
• Set token HTTP header (with received token value) on each further request, thus authenticating with this token in the process
• (if you get a 403 on a further request, the token have been invalidated: user deleted, token expired => re-authenticate yourself)