Skip to content

Latest commit

 

History

History
303 lines (244 loc) · 9.29 KB

README.md

File metadata and controls

303 lines (244 loc) · 9.29 KB

TDAH REST API

This is the documentation of the api used in the TDAH WebApp, the api is structure in two simple parts Authentication and Patients where authentication will be responsable to keep the information of patients organized for every user and keep them secret for each Adivsor's patients. and Patient will store all the data related to every patient.

API Content

Tech Stack

Node.js & Javascript:

This RESTful API was created enterelly using Javascript using modern Syntax in the Node.js Enviroment version 6+ LTS. And using Express 4 Framework for the server and the database used was the popular noSQL MongoDB with the mongoose ODM 4+. and finally using JSON format for data transfer.

Authentication

User Data Structure

Data structure of each user created automatically when sign up.

{
  "email": String,
  "password": String,
  "displayName": String,
  "confirmed": Boolean,
  "avatar": String,
  "signupDate": Number,
  "lastLogin": Number,
  "workplace": String,
  "location": String, 
  "tokens": [
    "access": String,
    "token": String
  ]
}

Creating User

For creating a new user just make a POST request in /api/advisor and provide your email, Fullname and password.

POST REQUEST: /api/advisor

Sending to body:

{
  "email": "[email protected]",
  "password": "123abc!",
  "displayName": "Jhon Doe"
  "workplace": "Center for Disease Control and Prevention",
  "location": "Miami, FLorida", 
}

Once you send the POST request this new user will hash the password and asign a new token where will able to be used in header for authentication puspsses. At the same time you will receive a email message with an url for validate the account. once you confirme you email the user will toggle the confirmed status to true.

validation to true don't block any feature in the rest api. this may be used in the frontend to control some characteristics.

Validating User

When you create a new user. this process automatically send to the user email a confirmation email (see in the Creating User section for further information). but if you need you could request a new conformation email in case the user havent receive the email, accidentally remove the email from his inbox or just in the case the previous url expired.

YOU SHOULD BE LOGGED IN IN ORDER TO REQUEST VERIFICATION EMAIL (HAVE AN AUTH TOKEN)

GET REQUEST: /api/advisor/activation

Request User

you can get the information where you're currently logged in getting the information of your user token.

REQUIRE AUTH TOKEN

GET REQUEST: /api/advisor/me

Request All Users

you can also request the basic information of all users.

REQUIRE AUTH TOKEN

GET REQUEST: /api/advisor/all

Login

when the user doesn't have a active auth token (if not logged in) in order to access to the data information of your user you should login using your registered email and password.

Once you logged in successfully the user receive a auth token.

POST REQUEST: /api/advisor/login

Sending to body:

{
  "email": "[email protected]",
  "password": "123abc!",
}

Logout

for logout cases you need to be logged in (having an auth token) when you make a DELETE request to /api/advisor/logout, the user automatically will remove his auth token losing access for his user data and his patient's. in order to access again to his information the user should login again.

REQUIRE AUTH TOKEN

DELETE REQUEST: /api/advisor/logout

Modifying User Data

When the user is logged in the user can change his data whenever he wants. for all case the user have to provide his current password in order to apply this changes. if the user changed his password. the auth token will be removed.

REQUIRE AUTH TOKEN (provide the current password is mandatory)

CAVEAT: YOU CAN CHANGE YOUR EMAIL ADDRESS USING THIS REQUEST. THIS WAS MADE THIS WAY SO THE APP FRONT END CAN DECIDE IF THE USER CAN OR CANNOT CHANGE IT

PATCH REQUEST: /api/advisor/login

Sending to body whatever information you'd like to modify:

{
  "currentPassword": "123abc!"
  "displayName": "Jimmy Doe",
}

you can also change the pasword with this request but this is not the prefferred way. Changing Password and Forgotten Password are better for this task since they send email notification and verification in order to change the password specifically

Changing Password

this is the preferred method to change the user password. once the request is made. the user will receive an email with an URL where authorize the change of password

REQUIRE AUTH TOKEN

GET REQUEST: /api/advisor/change-password

the user receive the following route:

PATCH REQUEST: /api/advisor/auth-change-password:emailToken

the user have to provide its Current Password in order to change it:

{
  "currentPassword": "123abc!",
  "password": "123abc!50"
}

Once the password is changed the user token will be removed forcing to login again.

Forgotten Password

If user want to change its password without an auth token. it can be made using this route passing in its email address.

POST REQUEST: /api/advisor/change-password

with the following data to body:

{
  "email": [email protected]"
}

the user receive the following route:

PATCH REQUEST: /api/advisor/change-password:emailToken

the user have to provide its Current Password in order to change it:

{
  "currentPassword": "123abc!",
  "password": "123abc!50"
}

once the password was change the user can access using the new one.

Patients

User Data Structure

Data structure of each Patient created by an user. note the _creator property. this will created inmmediatly when an user register a new patient. what this have is the user's id who create the patient.

{
  "name": String,
  "lastname": String,
  "avance": Number,
  "avatar": String,
  "age": Number,
  "_creator": "user.ObjectID"
}

Creating New Patient

the user must be loggedin in order to register a new patient. this create a new patient thats will be global to the patients collection but linked to its user creator

REQUIRE AUTH TOKEN

POST REQUEST: /api/patients

Sending to body:

{
  "mame": "Jhon",
  "lastname": "Doe",
  "age": 4,
  "avatar": "anImage.jpeg", (optional)
  "avance": "80", (optional)
}

Getting Single Patient

you can get information of a single patient using the patients' id. this will get all the current data oof this specific patient

REQUIRE AUTH TOKEN

GET REQUEST: /api/patients/:id

Getting All Patient

request data from all patients the user have

REQUIRE AUTH TOKEN

GET REQUEST: /api/patients/

Deleting Patient

delete an especific patient using its id

REQUIRE AUTH TOKEN

DELETE REQUEST: /api/patients/:id

Modifing Patient Information

the user can modify all information it needs of his patients. inclusive, he can transfer the patient to other using knowing the User id of that user (in front end application).

REQUIRE AUTH TOKEN

PATCH REQUEST: /api/patients/:id

Sending to body:

{
  "mame": "Jane",
  "lastname": "Doe",
  "age": 5,
  "avatar": "anImage.jpeg", (optional)
  "avance": "82", (optional)
}

Built With

Versioning

We use SemVer for versioning. For the versions available, see the tags on this repository.

Authors

See also the list of contributors who participated in this project.

License

This project is licensed under the MIT License.

Acknowledgments

  • Osman Ochoa's tesis