This repository contains the REST API for the client-side portion of PRISM.
These instruction assume that NodeJS, NPM, and MongoDB are already installed on the computer being set up.
- Clone this repository
- Run
npm installfrom the project root to install dependencies - Make a copy of the
.env_skeletonfile named.envand ensure all parameters that are not commented out in the.env_skeletonfile are configured properly - Run the MongoDB server that is configured in the
.envfile - Run
node bin/db_setup_development.jsornode bin/db_setup_production.jsfor development and production environments respectively. This will remove all items from ALL MongoDB collections used by PRISM. It is important to do this from the root of this repository so that the.envfile can be loaded.
Be sure that the MongoDB server configured in the .env is running before performing any of these steps.
Run npm start
Run npm test
Make a request to the POST /login endpoint with the following format:
{
"username": "<username>",
"password": "<password>"
}The db_setup_development.js script from the initial setup creates the following users:
testUserX- Basic users, not members of any groupstestPrsX- Program Review Subcommittee members, members of theProgram Review SubcommitteegrouptestAdminX- Administrators, members of theAdministratorsgrouptestRootX- Root, not a member of any groups, bypasses all access control
X is a number between 1 and 15 (e.g. testUser2, testRoot12, testAdmin15, etc.).
All users created by the development script have a password of password.
The db_setup_development.js script creates only one account:
root- Root, same astestRootX. The password is a random string included in the output of the setup script.
Example request and response bodies from the POST /login endpoint:
Request Body
{
"username": "testAdmin5",
"password": "password"
}Response Body
{
"user": {
"_id": "5a5654e0a81dbd2b904b8091",
"username": "testAdmin5",
"__v": 0,
"name": {
"first": "first name",
"last": "last name"
}
},
"groups": [
{
"name": "Administrators",
"_id": "5a5654e0a81dbd2b904b8082"
}
],
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJfaWQiOiI1YTU2NTRlMGE4MWRiZDJiOTA0YjgwOTEiLCJ1c2VybmFtZSI6InRlc3RBZG1pbjUiLCJlbWFpbCI6ImVtYWlsQGV4YW1wbGUuY29tIiwiaW50ZXJuYWwiOnRydWUsIl9fdiI6MCwicm9vdCI6ZmFsc2UsIm5hbWUiOnsiZmlyc3QiOiJmaXJzdCBuYW1lIiwibGFzdCI6Imxhc3QgbmFtZSJ9LCJpYXQiOjE1MTU2NTE4NDR9.s-O-5xospY9qGzlmMMMQnyCh1Kp-kIZjacDCffA5PgA"
}The root URL for the API is /api and the default port for the server is 3000.
All endpoints except POST /login and external upload endpoints require authentication via Passport.
To authenticate, include the Authorization header in all HTTP requests to the API. The format except is Authorization: Bearer :token where :token is the token received from the POST /login endpoint. The cookie jwtToken can also be included with the value of the token for authentication.