LAB

Access Control (ACL)

Author: Billy Bunn

Links and Resources

• PR
• travis
• back-end

Setup

.env requirements

• npm i - install all depedencies
• .env - add the following environment variables:
  • PORT - assign a port number
  • MONGODB_URI - URL to the running mongo instance/db
  • SECRET - secret to sign/verify JWT token
• install HTTPie to make HTTP requests in your CLI

Running the app

• nodemon - get the sever up an running on the PORT you specify in your .env
• Endpoint: /signup - (using HTTPie in the CLI)
  • echo '{"username":"<yourusername>", "password":"<yourpassword>", "role":"role"}' | http :<yourPORT>/signup
  • a token should be returned
• Endpoint: /signin
  • http post :<yourPORT>/signin "Authorization: Bearer <yourtoken>
  • a new JWT token generated by the server should be returned

The following endpoints can only be accessed by roles with the capabilities indicated

• router.get('/public-stuff') should be visible by anyone
• router.get('/hidden-stuff') should require only a valid login
• router.get('/something-to-read') should require the read capability
• router.post('/create-a-thing) should require the create capability
• router.put('/update) should require the update capability
• router.patch('/jp) should require the update capability
• router.delete('/bye-bye) should require the delete capability
• router.get('/everything') should require the superuser capability

Tests

• How do you run tests?
  • npm run test
  • npm run lint

UML

Created with Jon Gentry