This is the fourth challenge in the series for cloudHub, where we are building some base level CRUD APIs to allow our applications to talk to mongodb. We will be setting up user access and authentication with JSON web tokens, and then building various endpoints to expose our data. The end goal of this challenge is to allow access to 5 collections within the database to authenticated users.
Based on the feedback in challenge #2, we are going to continue to use NodeJS + Express + Swagger.
- There are 3 different roles a user can have within the system, and they can have more than 1 role. Example, a user could have both the user and admin roles.
- user - Limited API access to the system, longer valid token.
- admin - Access to all information for only their company.
- super-admin - Access to all information for all companies.
- The user role will have very limited access to the application, they will only be able to run the API listed on 2-3. For that functionality we are going to create a random value on user create and email that value to the user. There should be 2 unique endpoints for this user, creating user and emailing value; and authenticating the loginToken for the user.
- For admin and super-admin the authentication will be with the email and password passed to the API.
All of the collections have 4 standard fields that we use for tracking. On POST we would update createdAt to current datetime and createdBy to the userId that made the API call. The same update would occur on PUT for modifiedAt and modifiedBy. Here are some of the initial endpoints we have defined that we will need for our application, we want all POST, PUT, GET, and DELETE when it makes sense, unless noted below:
- Load Company by Id
- Load all Companies (super-admin only)
- Load App by Id (PUT/DELETE restricted to super-admin)
- Load all Apps
- Load Apps by userId (apps stored in user model)
- Load Company Apps by companyId
- Load Company App by Id
- Load Company Charges by companyId
- Load Company Charges by appId
- Load Company Charge by Id
- Load Users by companyId
- Load User by Id
- Swagger-node with Express
- Create models for the following collections; users, companies, apps, companyCharges, userStats; we have defined these in the seed application, see thimble.zip in the forum.
- All endpoints that return multiple records should have offset parameter(s) to allow the user to paginate through the records, and not get all the records in 1 call.
- API restrictions should be configurable based on user role.
- node-token-jwt or similar for JWT management.