Todo List
This project uses Feathers. An open source web framework for building modern real-time applications.
Sequelize -> ORM, migrations, seeders
DOMpurify -> Protection for XSS attacks
Escape-html -> escape HTML, CSS...
Testing -> mocha-shx
Validation -> Sequelize
Emails -> nodemailer
Getting up and running is easy.
cd path/to/todo
npm install
-
Connect database In ./config/config.json and default.json edit your mysql credential
-
Migrate migrations
sequelize db:migrate -
Edit smtp credentials Optional
in ./src/hooks/send-email.ts
-
Run tests
npm test -
Seed database
sequelize db:seed:all -
Run app
npm run start
or
npm run dev
npm run start -> ./lib
Simply run npm test and all your tests in the test/ directory will be run.
Feathers has a powerful command line interface. Here are a few things it can do:
$ npm install -g @feathersjs/cli # Install Feathers CLI
$ feathers generate service # Generate a new Service
$ feathers generate hook # Generate a new Hook
$ feathers help # Show all commands
For more information on all the things you can do with Feathers visit docs.feathersjs.com.
Probably could not be stable!
sequelize model:generate --name users --attributes email:string,password:string
sequelize model:generate --name listUsers --attributes userId:integer,todoId:integer
sequelize model:generate --name todos --attributes title:string
sequelize model:generate --name items --attributes title:string,text:text,deadline:string,userId:integer,type:string,todoId:integer
sequelize db:migrate
sequelize db:migrate:undo
sequelize db:migrate:undo:all
sequelize seed:generate --name users
sequelize seed:generate --name listUsers
sequelize seed:generate --name todos
sequelize seed:generate --name items
sequelize db:seed:all
sequelize db:seed:undo
sequelize db:seed:undo:all
./src/services/models/* at the end of file
-> SQL level validation => ./src/models/*
-> javascript level validation => ./src/models/*
Every create, update, patch has xssProtection hook.
POST -> localhost:3030/users => Register user.
body -> raw(json)
Authorization -> none
body:
{
"email":"[email protected]",
"password":"marek"
}
GET -> localhost:3030/users => Get users.
body -> none
Authorization -> Bearer <your_token>
GET -> localhost:3030/users/:id => Get current register user.
body -> none
Authorization -> Bearer <your_token>
UPDATE -> localhost:3030/users/:id => Updates current user (replace whole model with request data) (You can only delete myself).
body -> raw(json)non
Authorization -> Bearer <your_token>
PATCH -> localhost:3030/users => Updates current user (only part of data for example only email) (You can only delete myself).
body -> raw(json)non
Authorization -> Bearer <your_token>
DELETE -> localhost:3030/users/:id => Remove current user (You can only delete myself).
body -> none
Authorization -> Bearer <your_token>
GET -> localhost:3030/authentication => Get token of registered user.
body -> raw(json)-> none
Authorization -> none
body:
{
"strategy": "local",
"email": "[email protected]",
"password": "marek"
}
POST -> localhost:3030/todos => Create todo.
body -> raw(json)
Authorization -> Bearer <your_token>
body:
{
"title":"This is example title"
}
GET -> localhost:3030/todos => Get todos. -> When Token provided also users data are included.
body -> none
Authorization -> Bearer <your_token> || none
GET -> localhost:3030/todos/:id => Get todo. -> When Token provided also users data are includedGet current register use.
body -> none
Authorization -> Bearer <your_token> || none
Disallowed()
=> authenticate("jwt"), xssProtection(), -> For now the update is disallowed -> Maybe add hook to check if user is admin or so.
Disallowed()
=> authenticate("jwt"), xssProtection(), -> For now the patch is disallowed -> Maybe add hook to check if user is admin or so.
Disallowed()
=> authenticate("jwt"), xssProtection(), -> For now the remove is disallowed -> Maybe add hook to check if user is admin or so.
POST -> localhost:3030/listUsers => Create todo. Also send email to user via provided ID.
-> You can insert more than one value!
body -> raw(json)
Authorization -> Bearer <your_token>
body:
{
"userId": 4,
"todoId": 6
}
Disallowed()
Disallowed()
Disallowed()
Disallowed()
Disallowed()
-> Remove is not allowed because we will remove data in other hooks -> users or todos
POST -> localhost:3030/items => Create item.
body -> raw(json)
Authorization -> Bearer <your_token>
body:
{
"title": "<div><script>console.log('cross')</script>Title Items</div>",
"text": "<div><script>console.log('cross')</script>Text Items</div>",
"deadline": "2022-09-3 12:40:32",
"userId": 4,
"todoId": 2,
"type": "active"
}
GET -> localhost:3030/items => Find items.
body -> none
Authorization -> Bearer <your_token>
GET -> localhost:3030/items/:id => Find item.
body -> none
Authorization -> Bearer <your_token>
UPDATE -> localhost:3030/items/:id => Update item. -> check ./src/services/items/items.hook.ts for more details
body -> raw(json)
Authorization -> Bearer <your_token>
PATCH -> localhost:3030/items/:id => Patch item. Only type can be edited. Only user who belogns to todo can edit -> check ./src/services/items/items.hook.ts for more details
body -> raw(json)
Authorization -> Bearer <your_token>
DELETE -> localhost:3030/items/:id => Delete item. Only user who belogns to todo can remove item -> check ./src/services/items/items.hook.ts for more details
body -> raw(json)
Authorization -> Bearer <your_token>