Skip to content

Starter project for a rest api with restify & node-devise

License

Notifications You must be signed in to change notification settings

carvalhoviniciusluiz/restify-devise

Repository files navigation

Restify Devise

Starter project for a rest api with restify & node-devise. Inspired by Advanced Node.js Project Structure Tutorial.

Travis Status Code Coverage

It also allows users to deploy in Heroku without leaving the web browser and with little configuration.

Deploy

Note

  • See the node-devise documentation for how to configure the user schema :).

  • For the tests will be used httpie

Table of Contents

Requirements

  • node >= 8
  • npm >= 5

Installation

You must configure the environment variables to be able to run the application, follow the table below for this:

Development-specific options must be added in the configuration file .env

You can also perform manual deployment on heroku through the installation file.

sh heroku.deploy.sh

Key Description
PROCESS_TYPE Defines a main process between the various application processes.
PORT Server communication port.
CLIENT_URI Define a URL for client redirection.
MONGODB_URI Sets the location of mongodb. You can use the mlab service to receive a remote database.
SECRET_KEY Encryption private key.
MAILER_USER Reply email may be fake.
MAILER_KEY By default, the application consumes the sendgrid service for sending emails. You must enter the access token for the project.

Usage

With the project installed correctly, you can test the endpoints below:

You can use the web project to see the result of the routes below., e.g:

http restify-devise.herokuapp.com/session payload:='{"email": "your@email", "password": "secret"}'

User registration

http :8088/registration payload:='{"email": "your@email", "password": "secret"}'
# HTTP/1.1 200 OK
# {}

You can change the language by changing the header accept-language:

http :8088/registration payload:='{"email": "your@email"}' 'accept-language: pt-BR'
# HTTP/1.1 400 Bad Request
# {
#   "code": "BadRequest",
#   "message": {
#     "context": {
#       "key": "password",
#       "label": "password"
#     },
#     "warn": "'Senha' é obrigatório"
#   }
# }

Signing in

When the account is not verified:

http :8088/session payload:='{"email": "your@email", "password": "secret"}'
# HTTP/1.1 401 Unauthorized
# {
#   "code": "InvalidCredentials",
#   "message": "Account not confirmed"
# }

When the password is incorrect:

http :8088/session payload:='{"email": "your@email", "password": "secret1"}'
# HTTP/1.1 401 Unauthorized
# {
#   "code": "InvalidCredentials",
#   "message": "Incorrect password"
# }

When the data is right:

http :8088/session payload:='{"email": "your@email", "password": "secret"}'
# HTTP/1.1 200 OK
# {
#   "token": "token"
# }

Accessing Protected Routes

Recovery needs a token, so create a token to continue:

this example is available here as well.

const createToken = () => {
  return jwt.sign({}, 'secret')
}

Password recovery

http :8088/password payload:='{"email": "your@email"}'
# HTTP/1.1 401 Unauthorized
# Unauthorized

the correct access returns 204 and forwards an email to the informed account

http :8088/password payload:='{"email": "your@email"}' token=='token'
# HTTP/1.1 204 No Content
# {}

User unlock

the project is set to lock the account after 3 incorrect access attempts, a blocked account will return the following response:

http :8088/session payload:='{"email": "your@email", "password": "secret1"}'
# HTTP/1.1 401 Unauthorized
# {
#   "code": "InvalidCredentials",
#   "message": "Account locked. Check unlock instructions sent to you."
# }

License

MIT

Copyright (c) 2018-present