Skip to content

aidoskanapyanov/Nodejs-Object-Storage-REST-API

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

88 Commits
.vscode
.vscode
 
 
prisma
prisma
 
 
src
src
 
 
.env.example
.env.example
 
 
.gitignore
.gitignore
 
 
.prettierrc
.prettierrc
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
docker-compose-dev.yaml
docker-compose-dev.yaml
 
 
package.json
package.json
 
 
pnpm-lock.yaml
pnpm-lock.yaml
 
 
test-update.txt
test-update.txt
 
 
test.rest
test.rest
 
 
test.txt
test.txt
 
 
tsconfig.json
tsconfig.json
 
 

Repository files navigation

Nodejs-Object-Storage-REST-API

Rest api design w/ express.js.

Design doc

Design a service with REST API.

  • Authorization via Bearer token (/info, /logout, /file(all routes) );
  • Setup CORS for any domain;
  • DB – Mysql;
  • Generate access token on each authorization, valid for 10 minutes. Refresh it after expiration using refresh token;
  • Develop using express js framework;
  • API:
    • /signin [POST] - get bearer token by id and password;
    • /signin/new_token [POST] - refresh bearer token via refresh token;
    • /signup [POST] - register a new user;
    • Fields id and password, id is either phone number or email;
    • /file/upload [POST] - upload new file to the system and write file parameters to the database: name, extension, MIME type, size, upload date;
    • /file/list [GET] lists files and their parameters from the database using pagination with the page size specified in the list_size parameter passed, by default 10 records per page if the parameter is empty. The page number is specified in the page parameter, by default 1 if not specified;
    • /file/delete/:id [DELETE] - deletes the document from the database and local storage;
    • /file/:id [GET] - show information about the selected file;
    • /file/download/:id [GET] - download a specific file;
    • /file/update/:id [PUT] - update the current document to a new one in the database and local storage;
  • In case of successful registration, return a pair of bearer token and refresh token;
    • /info - [GET] - returns user id;
    • /logout [GET] - logs out of the system;
  • After logout, you need to get a new token;
  • Old tokens should not be valid;

Features and Notes

  • Refresh token is stored as a safe, http, same-site cookie to prevent XSS and CSRF attacks.
  • Invalidated tokens are stored in a MySQL table, and are checked against on every request. It might be better to use a Redis cache for this, but I wanted to keep the dependencies to a minimum.
  • Testing of the REST API is done using vscode's REST Client extension. See test.rest for examples. I've added it in recommended extensions (extensions.json).
  • Before running test.rest curls, you need to signup and signin to create a new user in the database and get a jwt access and refresh tokens.
  • test.rest uses a $BEARER_EXAMPLE jwt access token for testing purposes.
  • Prisma ORM is used for database access.
  • zod is used for request validation.

Run locally

  1. Install dependencies using pnpm:
pnpm install
  1. Copy .env.example to .env and update the variables if needed:
cp .env.example .env
  1. Spin up a local database using Docker, and wait until it's ready (this may take a minute):
docker-compose -f docker-compose-dev.yaml up -d
  1. Push the Prisma schema to your database:
pnpm db:push
  1. Start the development server:
pnpm dev

License

Licensed under the MIT license.

About

Rest api design w/ express.js

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Languages