Code Monkey home page Code Monkey logo

restspa's Introduction

restSpa

SPA & REST template using Prologue, Norm and Karax

The template is not ready yet, but you can follow all changes on changelog

Stack

  • Nim (Programming language)
  • Norm (ORM)
  • Prologue (Backend framework)
  • Karax (Frontend framework)

Features

  • User manipulation in a SQLite DB
  • .env configs
  • REST API
  • SPA
  • 100% in Nim
  • Boilerplate free
  • A lot of abstractions

Routes

API

The API understands the body type as JSON, url-encoded and forms. Just specify the Content-Type

POST /api/signin - Login

Example:

POST /api/signin HTTP/1.1
Content-Type: application/json

{
  "username": "user",
  "password": "pass"
}

POST /api/signup - Create new account

Example:

POST /api/signup HTTP/1.1
Content-Type: application/json

{
  "username": "user",
  "email": "user@localhost",
  "password": "pass",
}

POST /api/logout

Example:

POST /api/logout HTTP/1.1
Cookie: session=<LOGGED SESSION>

POST /api/delUser - Delete current user

Example:

POST /api/delUser HTTP/1.1
Cookie: session=<LOGGED SESSION>

POST /api/activate - Activate the user

Example:

POST /api/activate HTTP/1.1
Content-Type: application/json

{
  "username": "user",
  "password": "pass",
  "code": "verification code",
}

GET /api/resend/{kind} - Resend emails

Example:

GET /api/resend/activation HTTP/1.1

Admin

POST /api/admin/getUser - Get any user data (admin)

Example:

POST /api/admin/getUser HTTP/1.1
Content-Type: application/json
Cookie: session=<ADMIN SESSION>

{
  "_username": "user" // Get using username
  // "_email": "user@localhost" // Get using email
}

POST /api/admin/editUser - Edit any user (admin)

Example: (can edit multiple fields at same time too)

POST /api/admin/getUser HTTP/1.1
Content-Type: application/json
Cookie: session=<ADMIN SESSION>

{
  "_username": "admin", // Edit using username
  // "_email": "admin@localhost", // Edit using email
  "rank": "urUser" // Can edit almost any field, in this case, we are removing admin privileges
}

POST /api/admin/delUser - Delete any user (admin)

Example:

POST /api/admin/getUser HTTP/1.1
Content-Type: application/json
Cookie: session=<ADMIN SESSION>

{
  "_username": "user", // Delete using username
  // "_email": "user@localhost", // Delete using email
}

Any API request can be made with application/json, application/x-www-form-urlencoded and multipart/form-data content types, just specify the Content-Type header

Setup

  1. Uncomment .env in .gitignore
  2. Replace all respSpa to your project name (including files/dirs names and inside files)
  3. Change the secretKey in .env
  4. Change the version, description and author in nimble file - Don't forget the credits ;)

Notes

  • In production disable the debug in .env

Style-guide and good practices

  • All procs starting with r_ is a route
  • All routes calls forceHttpMethod that checks if the route is called using the correct HTTP method (useful in development and helps identify the routes by reading the code)
  • In a if statement, try to put the error/fallback in the last
  • Imports sequence is: std, pkg and local (current project)
  • Each route file can have just one route
  • in routes dir can have just routes because the filename is same as route name

TODO

  • Hash the password
  • Add user permission levels
  • Add a route to delete user (for moderators?)
  • Add route to get the logged user data
  • Add login logging table
    • Add routes to get data (admin)
  • Add last ip in User
  • Add tests
  • Support id for querying (Users)
  • Add an error when no fields to edit was provided at /api/admin/editUser route
  • Do the frontend (break it in smaller tasks)
  • Fix email sending
  • Add user activation
  • Add user password reset
  • Add honeypots or captcha
  • Low priority: Add a temp block to multiple requests at same time to prevent DoS
  • Block use of certain usernames and add filters. Like special chars
  • Add a route to request new email validation Email resending
  • Fix API to be REST (Resources: IBM, RestfulAPI)
    • Statelessness - Remove session verification at API, use some API key
  • User activation as a code like Github
  • Split route function to a function that can be called with custom data
  • Fix file logging

License

MIT

restspa's People

Contributors

lurlo avatar thisago avatar

Stargazers

avatar avatar

Watchers

avatar

restspa's Issues

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.