routes/api/api

Overview

This file handles all requests related to the programmatic API interface for accessing the system. These routes are all intended to be called programmatically by other code, and so should all return json replies.

Source:

routes/api/api.js, line 1

Author:

jesse reichler

Copyright:

10/28/19

Methods

(async, inner) routerAllDos()

Source:

routes/api/api.js, line 101

Test function, and just complains and checks for rate limiting.

NOTES

Currently this function is just used to test rate limiting for DOS type attacks.

(async, inner) routerAllHello()

Source:

routes/api/api.js, line 272

Just reply with a simple success message that a client could test for

(async, inner) routerAllRefreshAccess()

Source:

routes/api/api.js, line 219

Make a short-lived (JWT) Access token, using a Refresh token. Here the user passes us a Refresh token and we give them (after verifying it's validity) an Access token.

NOTES

see using refresh tokens with jwt

(async, inner) routerAllReqRefreshSession(req, res, next)

Source:

routes/api/api.js, line 151

This uses the user's current logged in session to generate a refresh token. It might be preferable to having user manually authenticate their credentials to get one because it would allow them to log in via facebook, twitter, etc.

Parameters:

Name	Type	Description
`req`	*
`res`	*
`next`	*

(async, inner) routerAllTokenTest()

Source:

routes/api/api.js, line 246

To Do:

This should probably not be present in production version.

Evaluate a refresh or access token, and report on its contents and validity; useful for testing.

(async, inner) routerGetIndex()

Source:

routes/api/api.js, line 84

To Do:

Replace the template with some json reply, since api should only be machine callable.

Handle the request for the api index page, which currently just shows a web page index of links to all of the api functions.

(async, inner) routerGetReqRefreshCredentials()

Source:

routes/api/api.js, line 130

Present user with form for their username and password, so they may request a long-lived Refresh token (JWT).

NOTES

This route returns an html page (not json) and is used for user to fill in their credentials interactively; it may be unneeded since we expected api to be submitted programatically

(async, inner) routerPostReqRefreshCredentials()

Source:

routes/api/api.js, line 186

Process request for a long-lived Refresh token (JWT), after checking user's username and password in post data. If username and password match, they will be issued a JWT refresh token that they can use to generate short-lived access tokens.

Notes

The IDEA is that the refresh token is coded with scope "api" and cannot be used to perform arbitrary actions on the site; it can only be used for api-like actions.
The refresh token should only be used to request access tokens, which are short-lived tokens that can be use to perform actual api functions.

(inner) setupRouter(urlPath)

Source:

routes/api/api.js, line 45

Add the API routes

Parameters:

Name	Type	Description
`urlPath`	string	the base path of these relative paths

Returns:

router object