- Check on all config required options before boot;
- Swagger integration and config for existing API;
- Node.js lts 12
>= 12.13.1; - MongoDB
>= 3.6; 4?
- Download source code,
git cloneit's fine; - Delete
.gitif cloned; - Install dependencies with
npm install; - Overwrite the base configuration inside
./config.js; - Add and overwrite any code you need to;
- Run with
npm run dev; - Docs available @
localhost:\[port\]/documentations; - Test can be run with
npm run test;
MongoDBconnection to env-based database;- Authentication middleware with
JWT; - Authorization middleware, based on user's role;
- Registration flow with account confirmation through email;
- Login API with token;
- User's CRUD;
- Setting's CRUD;
index.js: server entry point, the one to executeserver.js: main app instance creation and configuration;config.js: configuration variables and constants grouped by the app's environment of execution (test, dev, prod);src/resources/: API resources, a folder for each one containing schema, controller, database migration, ecc...;src/services/: misc services or utility functions;src/emailTemplates/: html templates, used in the emails for instance.
- A user can register an account with
/api/v1/registration; - An email will be sent to the provided address with a confirmation link with the following format
[server-address]/confirmation/:token; - The token should be included in the body of an additional request to
POST /api/v1/confirm-registration; - The
tokenis aJWTtoken with an expiration period of 2 days containing the email of the account to confirm. - The confirmation email can be re-sent any time using
/api/v1/resend-confirmation; - A non confirmed user can login in, but he won't see most of the data/resources;
- A password recovery can be requested by a user with a confirmed account, using
/api/v1/password-recover, which returns a recover token; - The new password can be recovered/updated from
/api/v1/confirm-password-recover, using the previous recover token.
Every user has a role that determines the his capabilities. The roles list can be found in the config file (config.js in the project root).
- Every operation except the personal profile information requires a confirmed account;
- The update operation, used to edit a user personal informations, can only be performed by admins towards a profile that is not the same as the user making the request (there's a specific api for that) and that has a role lower than the user making the request. Also the new role (if it is provided) cannot be higher that the one of the user making the request;
- The delete operation, used to delete a user account, can only be performed by admins towards a profile that is not the same as the user making the request (there's a specific api for that) and that has a role lower than the user making the request;
- The list operation, used to list all the users account, can only be performed by admins and it shows only the users with a role that is lower than the role of the user making the request;
- The details operation, used to get a single user infos, can only be performed by admins and it shows only the users with a role that is lower than the role of the user making the request;
- The creation operation, used to create a new account, can only be performed by admins and it can only create account with a role lower than the one of the user making the request;
- The me operation returns the profile of the user making the request;
- The updateMe operation updates the personal informations of the user making the request;
- The updateMePassword operation updates the password of the user making the request;
- The invalidateTokens operation updates the
tokenMinValidityfield in order to create a tokens blacklist.
General website settings, can be use for multiple purposes
- Every operation can only be performed by a superadmin.
- The details operation returns all the saved settings data;
- The update operations edits and updates the settings data with the new one provided.