Change API to REST

Add cors package.
Add /users/me route to identify from auth token.

README.md

@@ -2,3 +2,9 @@
 
 ## Description
 This is the backend for the VILLASweb frontend. It is build upon NodeJS, Express and MongoDB.
+
+## To-Do
+ - Don't send user password
+ - Only get projects which are accessible by the user
+ - Add support for config.js with docker volumes
+ - Add support for key-secret for bcrypt

VILLAS.mdj

@@ -5446,6 +5446,34 @@
 											"text": "+adminLevel: int",
 											"horizontalAlignment": 0,
 											"verticalAlignment": 5
+										},
+										{
+											"_type": "UMLAttributeView",
+											"_id": "AAAAAAFVjUd0SQNRNUg=",
+											"_parent": {
+												"$ref": "AAAAAAFU42gTN6uz8Tg="
+											},
+											"model": {
+												"$ref": "AAAAAAFVjUd0GgNOzVI="
+											},
+											"visible": true,
+											"enabled": true,
+											"lineColor": "#000000",
+											"fillColor": "#ffffff",
+											"fontColor": "#000000",
+											"font": "Arial;13;0",
+											"showShadow": true,
+											"containerChangeable": false,
+											"containerExtending": false,
+											"left": 61,
+											"top": 306,
+											"width": 151,
+											"height": 13,
+											"autoResize": false,
+											"underline": false,
+											"text": "+email: string",
+											"horizontalAlignment": 0,
+											"verticalAlignment": 5
 										}
 									],
 									"visible": true,
@@ -5460,7 +5488,7 @@
 									"left": 56,
 									"top": 241,
 									"width": 161,
-									"height": 68,
+									"height": 83,
 									"autoResize": false
 								},
 								{
@@ -5482,7 +5510,7 @@
 									"containerChangeable": false,
 									"containerExtending": false,
 									"left": 56,
-									"top": 309,
+									"top": 324,
 									"width": 161,
 									"height": 10,
 									"autoResize": false
@@ -9492,6 +9520,24 @@
 							"isDerived": false,
 							"aggregation": "none",
 							"isID": false
+						},
+						{
+							"_type": "UMLAttribute",
+							"_id": "AAAAAAFVjUd0GgNOzVI=",
+							"_parent": {
+								"$ref": "AAAAAAFU42gTNaurUj0="
+							},
+							"name": "email",
+							"visibility": "public",
+							"isStatic": false,
+							"isLeaf": false,
+							"type": "string",
+							"isReadOnly": false,
+							"isOrdered": false,
+							"isUnique": false,
+							"isDerived": false,
+							"aggregation": "none",
+							"isID": false
 						}
 					],
 					"isAbstract": false,

config.js

 module.exports = {
-  'databaseName': 'VILLAS',
-  /*'databaseURL': 'mongodb://mongo:27017/',*/
-  'databaseURL': 'mongodb://192.168.99.100:27017/',
-  'port': 3000,
-  'secret': 'longsecretislong'
+  databaseName: 'VILLAS',
+  databaseURL: 'mongodb://mongo:27017/',
+  port: 3000,
+  secret: 'longsecretislong',
+  admin: {
+    username: 'admin',
+    password: 'admin'
+  }
 }

package.json

@@ -4,11 +4,12 @@
   "private": true,
   "main": "server.js",
   "dependencies": {
-    "express": "^4.14.0",
-    "mongoose": "^4.5.1",
+    "bcrypt-nodejs": "^0.0.3",
     "body-parser": "^1.15.2",
-    "morgan": "^1.7.0",
+    "cors": "^2.7.1",
+    "express": "^4.14.0",
     "jsonwebtoken": "^7.0.1",
-    "bcrypt-nodejs": "^0.0.3"
+    "mongoose": "^4.5.1",
+    "morgan": "^1.7.0"
   }
 }

routes/projects.js

@@ -33,37 +33,34 @@ router.get('/projects', function(req, res) {
       return res.send(err);
     }
 
-    res.json(projects);
+    res.json({ projects: projects });
   });
 });
 
 router.route('/projects').post(function(req, res) {
   // create new project
-  var project = new Project(req.body);
+  var project = new Project(req.body.project);
 
   project.save(function(err) {
     if (err) {
       return res.send(err);
     }
 
-    res.send({ success: true, message: 'Project added' });
+    //res.send({ success: true, message: 'Project added', project: project });
+    res.send({ project: project });
   });
 });
 
-router.route('/projects/:id').put(function(req, res) {
+router.route('/projects/:id').patch(function(req, res) {
   // get project
   Project.findOne({ _id: req.params.id }, function(err, project) {
     if (err) {
       return res.send(err);
     }
 
-    if (!authorizeUser(req, project)) {
-      return res.send({ success: false, message: 'User not authorized' });
-    }
-
     // update all properties
-    for (property in req.body) {
-      project[property] = req.body[property];
+    for (property in req.body.project) {
+      project[property] = req.body.project[property];
     }
 
     // save the changes
@@ -72,7 +69,7 @@ router.route('/projects/:id').put(function(req, res) {
         return res.send(err);
       }
 
-      res.send({ success: true, message: 'Project updated' });
+      res.send({ project: project });
     });
   });
 });
@@ -83,11 +80,7 @@ router.route('/projects/:id').get(function(req, res) {
       return res.send(err);
     }
 
-    if (!authorizeUser(req, project)) {
-      return res.send({ success: false, message: 'User not authorized' });
-    }
-
-    res.send(project);
+    res.send({ project: project });
   });
 });
 
@@ -97,10 +90,6 @@ router.route('/projects/:id').delete(function(req, res) {
       return res.send(err);
     }
 
-    if (!authorizeUser(req, project)) {
-      return res.send({ success: false, message: 'User not authorized' });
-    }
-
     Project.remove({ _id: req.params.id }, function(err) {
       if (err) {
         return res.send(err);

routes/users.js

@@ -20,7 +20,7 @@ router.route('/users').get(auth.validateAdminLevel(1), function(req, res) {
       return res.send(err);
     }
 
-    res.json(users);
+    res.json({ users: users });
   });
 });
 
@@ -33,7 +33,7 @@ router.route('/users').post(function(req, res) {
       return res.send(err);
     }
 
-    res.send({ success: true, message: 'User added' });
+    res.send({ user: user });
   });
 });
 
@@ -45,8 +45,8 @@ router.route('/users/:id').put(auth.validateAdminLevel(1), function(req, res) {
     }
 
     // update all properties
-    for (property in req.body) {
-      user[property] = req.body[property];
+    for (property in req.body.user) {
+      user[property] = req.body.user[property];
     }
 
     // save the changes
@@ -55,18 +55,31 @@ router.route('/users/:id').put(auth.validateAdminLevel(1), function(req, res) {
         return res.send(err);
       }
 
-      res.send({ success: true, message: 'User updated' });
+      res.send({ user: user });
     });
   });
 });
 
+router.route('/users/me').get(function(req, res) {
+  // get the logged-in user ID
+  var userId = req.decoded._doc._id;
+
+  User.findOne({ _id: userId }, function(err, user) {
+    if (err) {
+      return res.send(err);
+    }
+
+    res.send({ user: user });
+  });
+});
+
 router.route('/users/:id').get(auth.validateAdminLevel(1), function(req, res) {
   User.findOne({ _id: req.params.id }, function(err, user) {
     if (err) {
       return res.send(err);
     }
 
-    res.send(user);
+    res.send({ user: user });
   });
 });
 

server.js

@@ -3,6 +3,7 @@ var express = require('express');
 var mongoose = require('mongoose');
 var bodyParser = require('body-parser');
 var morgan = require('morgan');
+var cors = require('cors');
 
 // local include
 var config = require('./config');
@@ -19,6 +20,7 @@ var app = express();
 app.use(bodyParser.json());
 app.use(bodyParser.urlencoded({ extended: true }));
 app.use(morgan('dev'));
+app.use(cors());
 
 // connect to database
 mongoose.connect(config.databaseURL + config.databaseName);