Merge pull request #122 from ember-nexus/github-issue/49

GitHub issue/49

.env

@@ -28,4 +28,4 @@ ELASTIC_AUTH=ember-nexus-elasticsearch:9200
 REDIS_AUTH=tcp://ember-nexus-redis?password=redis-password
 RABBITMQ_AUTH=amqp://user:password@ember-nexus-rabbitmq:5672
 
-REFERENCE_DATASET_VERSION=0.0.6
+REFERENCE_DATASET_VERSION=0.0.9

.markdownlintrc

@@ -2,5 +2,6 @@
     "default": true,
     "MD013": false,
     "MD033": false,
+    "MD038": false,
     "MD041": false
 }

CHANGELOG.md

@@ -5,7 +5,12 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## Unreleased
+### Added
+- Add feature test for GET `/token` endpoint
+- Add feature test for POST `/token` endpoint
+- Add feature test for DELETE `/token` endpoint
 ### Changed
+- Increase reference dataset version to 0.0.8.
 - **Switch license to GPL-3.0-only.**
 
 ## 0.0.27 - 2023-09-02

docs/_sidebar.md

@@ -14,25 +14,47 @@
   - [Passwords, Tokens and Hashing](/security/passwords-tokens-and-hashing)
   - [Security Tests](/security/test/general)
 - API Endpoints
-  - Generic Endpoints
-  - [`GET / -` Get Index](/api-endpoints/get-index)
-  - [`GET /<uuid> -` Get Element](/api-endpoints/get-element)
-  - [`GET /<uuid>/parents -` Get Parents](/api-endpoints/get-parents)
-  - [`GET /<uuid>/children -` Get Children](/api-endpoints/get-children)
-  - [`GET /<uuid>/related -` Get Related](/api-endpoints/get-related)
-  - [`POST / -` Create Root Element](/api-endpoints/post-index)
-  - [`POST /<uuid> -` Create Element](/api-endpoints/post-element)
-  - [`PUT /<uuid> -` Replace Element](/api-endpoints/put-element)
-  - [`PATCH /<uuid> -` Update Element](/api-endpoints/patch-element)
-  - [`DELETE /<uuid> -` Delete Element](/api-endpoints/delete-element)
-  - [`POST /search -` Search](/api-endpoints/post-search)
-  - [`GET /instance-configuration -` Get Instance Configuration](/api-endpoints/get-instance-configuration)
-  - User Endpoints
-  - [`POST /register -` Register New Account](/api-endpoints/post-register)
-  - [`POST /sessions -` Create Session](/api-endpoints/post-sessions)
-  - [`GET /sessions -` Get Sessions](/api-endpoints/get-sessions)
-  - [`GET /sessions/<uuid> -` Get Specific Session](/api-endpoints/get-specific-session)
-  - [`DELETE /sessions/<uuid> -` Delete Session](/api-endpoints/delete-session)
+
+  - **User Endpoints**
+    - [<span class="method-post">POST</span>` /register -` Register New Account](/api-endpoints/user/post-register)
+    - [<span class="method-post">POST</span>` /token -` Create Token](/api-endpoints/user/post-token)
+    - [<span class="method-get">GET</span>` /token -` Get Token](/api-endpoints/user/get-token)
+    - [<span class="method-delete">DELETE</span>` /token -` Delete Token](/api-endpoints/user/delete-token)
+  - **Element Endpoints**
+    - [<span class="method-get">GET</span>` / -` Get Index](/api-endpoints/element/get-index)
+    - [<span class="method-get">GET</span>` /<uuid> -` Get Element](/api-endpoints/element/get-element)
+    - [<span class="method-get">GET</span>` /<uuid>/parents -` Get Parents](/api-endpoints/element/get-parents)
+    - [<span class="method-get">GET</span>` /<uuid>/children -` Get Children](/api-endpoints/element/get-children)
+    - [<span class="method-get">GET</span>` /<uuid>/related -` Get Related](/api-endpoints/element/get-related)
+    - [<span class="method-post">POST</span>` / -` Create Root Element](/api-endpoints/element/post-index)
+    - [<span class="method-post">POST</span>` /<uuid> -` Create Element](/api-endpoints/element/post-element)
+    - [<span class="method-put">PUT</span>` /<uuid> -` Replace Element](/api-endpoints/element/put-element)
+    - [<span class="method-patch">PATCH</span>` /<uuid> -` Update Element](/api-endpoints/element/patch-element)
+    - [<span class="method-delete">DELETE</span>` /<uuid> -` Delete Element](/api-endpoints/element/delete-element)
+  - **File Endpoints**
+    - [<span class="method-get">🚧 GET</span>` /<uuid>/file -` Get Element File](/api-endpoints/file/get-element-file)
+    - [<span class="method-post">🚧 POST</span>` /<uuid>/file -` Create Element File](/api-endpoints/file/post-element-file)
+    - [<span class="method-put">🚧 PUT</span>` /<uuid>/file -` Replace Element File](/api-endpoints/file/put-element-file)
+    - [<span class="method-patch">🚧 PATCH</span>` /<uuid>/file -` Update Element File](/api-endpoints/file/patch-element-file)
+    - [<span class="method-delete">🚧 DELETE</span>` /<uuid>/file -` Delete Element File](/api-endpoints/file/delete-element-file)
+  - **WebDAV Endpoints**
+    - [<span class="method-copy">🚧 COPY</span>` /<uuid> -` Copy Element](/api-endpoints/webdav/copy-element)
+    - [<span class="method-lock">🚧 LOCK</span>` /<uuid> -` Lock Element](/api-endpoints/webdav/lock-element)
+    - [<span class="method-unlock">🚧 UNLOCK</span>` /<uuid> -` Unlock Element](/api-endpoints/webdav/unlock-element)
+    - [<span class="method-mkcol">🚧 MKCOL</span>` /<uuid> -` Create Folder](/api-endpoints/webdav/mkcol-folder)
+    - [<span class="method-move">🚧 MOVE</span>` /<uuid> -` Move Element](/api-endpoints/webdav/move-element)
+    - [<span class="method-propfind">🚧 PROPFIND</span>` /<uuid> -` Find Element Property](/api-endpoints/webdav/propfind-element)
+    - [<span class="method-proppatch">🚧 PROPPATCH</span>` /<uuid> -` Change Element Property](/api-endpoints/webdav/proppatch-element)
+  - **Search Endpoints**
+    - [<span class="method-post">POST</span>` /search -` Search](/api-endpoints/search/post-search)
+  - **System Endpoints**
+    - [<span class="method-get">GET</span>` /instance-configuration -` Get Instance Configuration](/api-endpoints/system/get-instance-configuration)
+  - **Error Endpoints**
+    - [<span class="method-get">GET</span>` /error/400/bad-content`](/api-endpoints/error/get-400-bad-content)
+    - [<span class="method-get">GET</span>` /error/400/forbidden-property`](/api-endpoints/error/get-400-forbidden-property)
+    - [<span class="method-get">GET</span>` /error/400/incomplete-mutual-dependency`](/api-endpoints/error/get-400-incomplete-mutual-dependency)
+    - [<span class="method-get">GET</span>` /error/400/missing-property`](/api-endpoints/error/get-400-missing-property)
+
 - Commands
   - [Backup Commands](/commands/backup)
   - [Database Commands](/commands/database)

docs/api-endpoints/element/delete-element.md

@@ -0,0 +1,151 @@
+# <span class="method-delete">DELETE</span>` /<uuid> -` Delete Element
+
+<!-- panels:start -->
+<!-- div:left-panel -->
+
+Deletes a single element. If the deleted element is a node, all connected relationships are deleted.
+
+!> **Note**: In order to avoid orphaned nodes, children need to be deleted first or get other parents added.  
+This behaviour might be changed, see issue [#64: HTTP DELETE /&lt;uuid&gt; - DeleteElementController](https://github.com/ember-nexus/api/issues/64).
+
+## Request Example
+
+```bash
+curl \
+  -X DELETE
+  -H "Authorization: Bearer secret-token:PIPeJGUt7c00ENn8a5uDlc" \
+  https://api.localhost/2f99440e-ca4c-4e83-bf86-1cd27a4b1b70
+```
+
+<!-- tabs:start -->
+
+### **Success 204**
+
+The element is now deleted. No content is returned.
+
+### **Error 401**
+
+This error can only be thrown, if the token is invalid or if there is no default anonymous user.
+
+```problem+json
+{
+  "type": "Invalid authorization token",
+  "title": "Unauthorized",
+  "status": "401",
+  "detail": "Request requires authorization."
+}
+```
+
+### **Error 404**
+
+Error 404 is thrown if the element to be deleted does not exist, or if the use does not have permissions to delete the
+element.
+
+```problem+json
+{
+  "type": "Invalid authorization token",
+  "title": "wip",
+  "status": "404",
+  "detail": "wip"
+}
+```
+
+### **Error 429**
+
+```problem+json
+{
+  "type": "429-too-many-requests",
+  "title": "Too Many Requests",
+  "status": "429",
+  "detail": "The client sent too many requests in a given timeframe; rate limiting is active."
+}
+```
+
+<!-- tabs:end -->
+
+<!-- div:right-panel -->
+
+## Internal Workflow
+
+Once the server receives such a request, it checks several things internally:
+
+<div id="graph-container-1" class="graph-container" style="height:1200px"></div>
+
+<!-- panels:end -->
+
+<script>
+G6.registerEdge('polyline-edge', {
+  draw(cfg, group) {
+    const { startPoint, endPoint } = cfg;
+    const hgap = Math.abs(endPoint.x - startPoint.x);
+
+    const path = [
+      ['M', startPoint.x, startPoint.y],
+      [
+        'C',
+        startPoint.x + hgap / 4,
+        startPoint.y,
+        endPoint.x - hgap / 2,
+        endPoint.y,
+        endPoint.x,
+        endPoint.y,
+      ],
+    ];
+    const shape = group.addShape('path', {
+      attrs: {
+        stroke: '#AAB7C4',
+        path,
+      },
+      name: 'path-shape',
+    });
+    const midPoint = {
+      x: (startPoint.x + endPoint.x) / 2,
+      y: (startPoint.y + endPoint.y) / 2,
+    };
+    const label = group.addShape('text', {
+      attrs: {
+        text: cfg.label + '###########',
+        x: midPoint.x,
+        y: midPoint.y,
+        textAlign: 'center',
+        textBaseline: 'middle',
+        fill: '#000',
+        fontSize: 14,
+      },
+      name: 'label-shape',
+    });
+    return shape;
+  },
+});
+renderWorkflow(document.getElementById('graph-container-1'), {
+  nodes: [
+    { id: 'init', ...workflowStart, label: 'server receives DELETE-request' },
+    { id: 'checkToken', ...workflowDecision, label: 'does request contain token?' },
+    { id: 'noTokenAction', ...workflowStep, label: "use default anonymous\nuser for auth" },
+    { id: 'checkTokenValidity', ...workflowDecision, label: 'is token valid?' },
+    { id: 'checkRateLimit', ...workflowDecision, label: "does request exceed\nrate limit?" },
+    { id: 'checkExistence', ...workflowDecision, label: 'does element exist?' },
+    { id: 'checkAccess', ...workflowDecision, label: 'has user permission\nto delete element?' },
+    { id: 'deleteElement', ...workflowStep, label: 'delete element' },
+    { id: 'error401', ...workflowEndError, label: "return 401" },
+    { id: 'error404', ...workflowEndError, label: "return 404" },
+    { id: 'error429', ...workflowEndError, label: 'return 429' },
+    { id: 'success204', ...workflowEndSuccess , label: "return 204"},
+  ],
+  edges: [
+    { source: 'init', target: 'checkToken', label: '' },
+    { source: 'checkToken', target: 'checkTokenValidity', label: 'yes' },
+    { source: 'checkToken', target: 'noTokenAction', label: 'no' },
+    { source: 'checkTokenValidity', target: 'checkRateLimit', label: 'yes' },
+    { source: 'checkTokenValidity', target: 'error401', label: 'no' },
+    { source: 'checkRateLimit', target: 'checkExistence', label: 'no' },
+    { source: 'checkRateLimit', target: 'error429', label: 'yes' },
+    { source: 'checkExistence', target: 'checkAccess', label: 'yes' },
+    { source: 'checkExistence', target: 'error404', label: 'no' },
+    { source: 'checkAccess', target: 'deleteElement', label: 'yes' },
+    { source: 'checkAccess', target: 'error404', label: 'no' },
+    { source: 'deleteElement', target: 'success204' },
+    { source: 'noTokenAction', target: 'checkRateLimit', label: '', type2: 'polyline-edge' }
+  ],
+}, 'TB');
+</script>

docs/api-endpoints/get-children.md → docs/api-endpoints/element/get-children.md

@@ -1,4 +1,4 @@
-# GET /<uuid>/children - Get Children
+# <span class="method-get">GET</span>` /<uuid>/children -` Get Children
 
 Returns all children of the specified node.  
 Returned data is paginated, can be filtered/sorted (?) and each page contains all relations between the parent and the

docs/api-endpoints/get-element.md → docs/api-endpoints/element/get-element.md

@@ -1,4 +1,4 @@
-# GET /<uuid> - Get Element
+# <span class="method-get">GET</span>` /<uuid> -` Get Element
 
 <!-- panels:start -->
 <!-- div:left-panel -->

docs/api-endpoints/get-index.md → docs/api-endpoints/element/get-index.md

@@ -1,4 +1,4 @@
-# GET / - Get Index
+# <span class="method-get">GET</span>` / -` Get Index
 
 <!-- panels:start -->
 <!-- div:left-panel -->

docs/api-endpoints/get-parents.md → docs/api-endpoints/element/get-parents.md

@@ -1,4 +1,4 @@
-# GET /<uuid>/parents - Get Parents
+# <span class="method-get">GET</span>` /<uuid>/parents -` Get Parents
 
 Returns all parents of the specified node.  
 Returned data is paginated, can be filtered/sorted (?) and each page contains all relations between the node and the

docs/api-endpoints/get-related.md → docs/api-endpoints/element/get-related.md

@@ -1,4 +1,4 @@
-# GET /<uuid>/related - Get Related
+# <span class="method-get">GET</span>` /<uuid>/related -` Get Related
 
 Returns all nodes related to the current node.  
 Returned data is paginated, can be filtered/sorted (?) and each page contains all relations between the node and the

docs/api-endpoints/patch-element.md → docs/api-endpoints/element/patch-element.md

@@ -1,4 +1,4 @@
-# PATCH /<uuid> - Update Element
+# <span class="method-patch">PATCH</span>` /<uuid> -` Update Element
 
 Updates an individual data element.
 

docs/api-endpoints/element/post-element.md

@@ -0,0 +1,3 @@
+# <span class="method-post">POST</span>` /<uuid> -` Create Element
+
+Creates a new data element. It is owned by the referenced node.

docs/api-endpoints/post-index.md → docs/api-endpoints/element/post-index.md

@@ -1,3 +1,3 @@
-# POST / - Create Root Element
+# <span class="method-post">POST</span>` / -` Create Root Element
 
 Creates a new data element. If the data element is a node, it is directly owned by the current user.

docs/api-endpoints/put-element.md → docs/api-endpoints/element/put-element.md

@@ -1,4 +1,4 @@
-# PUT /<uuid> - Replace Element
+# <span class="method-put">PUT</span>` /<uuid> -` Replace Element
 
 Replaces the data of an individual data element.
 

docs/api-endpoints/error/get-400-bad-content.md

@@ -0,0 +1 @@
+# <span class="method-get">GET</span>` /error/400/bad-content`

docs/api-endpoints/error/get-400-forbidden-property.md

@@ -0,0 +1 @@
+# <span class="method-get">GET</span>` /error/400/forbidden-property`

docs/api-endpoints/error/get-400-incomplete-mutual-dependency.md

@@ -0,0 +1 @@
+# <span class="method-get">GET</span>` /error/400/incomplete-mutual-dependency`

docs/api-endpoints/error/get-400-missing-property.md

@@ -0,0 +1 @@
+# <span class="method-get">GET</span>` /error/400/missing-property`

docs/api-endpoints/file/delete-element-file.md

@@ -0,0 +1,4 @@
+# <span class="method-delete">🚧 DELETE</span>` /<uuid>/file -` Delete Element File
+
+!> **Currently not implemented.**  
+This feature is reserved for the version [0.2.0](https://github.com/ember-nexus/api/milestone/1).

docs/api-endpoints/file/get-element-file.md

@@ -0,0 +1,4 @@
+# <span class="method-get">🚧 GET</span>` /<uuid>/file -` Get Element File
+
+!> **Currently not implemented.**  
+This feature is reserved for the version [0.2.0](https://github.com/ember-nexus/api/milestone/1).

docs/api-endpoints/file/patch-element-file.md

@@ -0,0 +1,4 @@
+# <span class="method-patch">🚧 PATCH</span>` /<uuid>/file -` Update Element File
+
+!> **Currently not implemented.**  
+This feature is reserved for the version [0.2.0](https://github.com/ember-nexus/api/milestone/1).

docs/api-endpoints/file/post-element-file.md

@@ -0,0 +1,4 @@
+# <span class="method-post">🚧 POST</span>` /<uuid>/file -` Create Element File
+
+!> **Currently not implemented.**  
+This feature is reserved for the version [0.2.0](https://github.com/ember-nexus/api/milestone/1).

docs/api-endpoints/file/put-element-file.md

@@ -0,0 +1,4 @@
+# <span class="method-put">🚧 PUT</span>` /<uuid>/file -` Replace Element File
+
+!> **Currently not implemented.**  
+This feature is reserved for the version [0.2.0](https://github.com/ember-nexus/api/milestone/1).

docs/api-endpoints/post-search.md → docs/api-endpoints/search/post-search.md

@@ -1,8 +1,11 @@
-# POST /search - Search
+# <span class="method-post">POST</span>` /search -` Search
 
 <!-- panels:start -->
 <!-- div:left-panel -->
 
+!> **Note**: This endpoint might be changed during development to the
+[0.3.0](https://github.com/ember-nexus/api/milestone/3) version.
+
 The post search endpoint at `POST /search` is used to execute [Elasticsearch](https://www.elastic.co/) queries and
 return found elements.
 

docs/api-endpoints/get-instance-configuration.md → docs/api-endpoints/system/get-instance-configuration.md

@@ -1,4 +1,4 @@
-# GET /instance-configuration - Get Instance Configuration
+# <span class="method-get">GET</span>` /instance-configuration -` Get Instance Configuration
 
 <!-- panels:start -->
 <!-- div:left-panel -->

docs/api-endpoints/user/delete-token.md

@@ -0,0 +1,3 @@
+# <span class="method-delete">DELETE</span>` /token -` Delete Token
+
+Deletes the currently used token.

docs/api-endpoints/user/get-token.md

@@ -0,0 +1,7 @@
+# <span class="method-get">GET</span>` /token -` Get Token
+
+Returns the currently used token.
+
+To display all tokens, you can return all root elements and filter for the `Token` type.
+
+Currently under development.